All the vulnerabilites related to VMware - vCenter
cve-2011-1788
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/47742 | vdb-entry, x_refsource_BID | |
http://lists.vmware.com/pipermail/security-announce/2011/000137.html | mailing-list, x_refsource_MLIST | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/67304 | vdb-entry, x_refsource_XF | |
http://osvdb.org/72179 | vdb-entry, x_refsource_OSVDB | |
http://securitytracker.com/id?1025502 | vdb-entry, x_refsource_SECTRACK | |
http://www.vmware.com/security/advisories/VMSA-2011-0008.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T22:37:25.887Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "47742", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/47742" }, { "name": "[security-announce] 20110505 VMSA-2011-0008 VMware vCenter Server and vSphere Client security vulnerabilities", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.vmware.com/pipermail/security-announce/2011/000137.html" }, { "name": "vcenter-soapid-info-disclosure(67304)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67304" }, { "name": "72179", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/72179" }, { "name": "1025502", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1025502" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0008.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2011-05-05T00:00:00", "descriptions": [ { "lang": "en", "value": "vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1 allows local users to discover the SOAP session ID via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "47742", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/47742" }, { "name": "[security-announce] 20110505 VMSA-2011-0008 VMware vCenter Server and vSphere Client security vulnerabilities", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.vmware.com/pipermail/security-announce/2011/000137.html" }, { "name": "vcenter-soapid-info-disclosure(67304)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67304" }, { "name": "72179", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/72179" }, { "name": "1025502", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1025502" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0008.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-1788", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1 allows local users to discover the SOAP session ID via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "47742", "refsource": "BID", "url": "http://www.securityfocus.com/bid/47742" }, { "name": "[security-announce] 20110505 VMSA-2011-0008 VMware vCenter Server and vSphere Client security vulnerabilities", "refsource": "MLIST", "url": "http://lists.vmware.com/pipermail/security-announce/2011/000137.html" }, { "name": "vcenter-soapid-info-disclosure(67304)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67304" }, { "name": "72179", "refsource": "OSVDB", "url": "http://osvdb.org/72179" }, { "name": "1025502", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1025502" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2011-0008.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2011-0008.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-1788", "datePublished": "2011-05-09T22:00:00", "dateReserved": "2011-04-19T00:00:00", "dateUpdated": "2024-08-06T22:37:25.887Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2011-0426
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://lists.vmware.com/pipermail/security-announce/2011/000137.html | mailing-list, x_refsource_MLIST | |
http://securitytracker.com/id?1025502 | vdb-entry, x_refsource_SECTRACK | |
http://www.vmware.com/security/advisories/VMSA-2011-0008.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T21:51:08.960Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[security-announce] 20110505 VMSA-2011-0008 VMware vCenter Server and vSphere Client security vulnerabilities", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.vmware.com/pipermail/security-announce/2011/000137.html" }, { "name": "1025502", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1025502" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0008.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Directory traversal vulnerability in vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, and VMware VirtualCenter 2.5 before Update 6a, allows remote attackers to read arbitrary files via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2011-05-09T22:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "[security-announce] 20110505 VMSA-2011-0008 VMware vCenter Server and vSphere Client security vulnerabilities", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.vmware.com/pipermail/security-announce/2011/000137.html" }, { "name": "1025502", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1025502" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0008.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-0426", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Directory traversal vulnerability in vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, and VMware VirtualCenter 2.5 before Update 6a, allows remote attackers to read arbitrary files via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[security-announce] 20110505 VMSA-2011-0008 VMware vCenter Server and vSphere Client security vulnerabilities", "refsource": "MLIST", "url": "http://lists.vmware.com/pipermail/security-announce/2011/000137.html" }, { "name": "1025502", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1025502" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2011-0008.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2011-0008.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-0426", "datePublished": "2011-05-09T22:00:00Z", "dateReserved": "2011-01-12T00:00:00Z", "dateUpdated": "2024-09-17T01:05:33.111Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2009-3731
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T06:38:30.217Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20091215 VMSA-2009-0017 VMware vCenter, ESX patch and vCenter Lab Manager releases address cross-site scripting issues", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2009-12/0229.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.webworks.com/Security/2009-0001/" }, { "name": "1023683", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1023683" }, { "name": "62738", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/62738" }, { "name": "37346", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/37346" }, { "name": "38749", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/38749" }, { "name": "62742", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/62742" }, { "name": "oval:org.mitre.oval:def:5944", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5944" }, { "name": "20100304 CA20100304-01: Security Notice for CA SiteMinder", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/509883/100/0/threaded" }, { "name": "62741", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/62741" }, { "name": "38842", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/38842" }, { "name": "62739", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/62739" }, { "name": "[security-announce] 20091215 VMSA-2009-0017 VMware vCenter, ESX patch and vCenter Lab Manager releases address cross-site scripting issues", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.vmware.com/pipermail/security-announce/2009/000073.html" }, { "name": "62740", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/62740" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-12-15T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) wwhelp_entry.html, reachable through index.html and wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, or (5) the window.opener component in wwhelp/wwhimpl/common/html/bookmark.htm, related to (a) unspecified parameters and (b) messages used in topic links for the bookmarking functionality." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20091215 VMSA-2009-0017 VMware vCenter, ESX patch and vCenter Lab Manager releases address cross-site scripting issues", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2009-12/0229.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.webworks.com/Security/2009-0001/" }, { "name": "1023683", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1023683" }, { "name": "62738", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/62738" }, { "name": "37346", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/37346" }, { "name": "38749", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/38749" }, { "name": "62742", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/62742" }, { "name": "oval:org.mitre.oval:def:5944", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5944" }, { "name": "20100304 CA20100304-01: Security Notice for CA SiteMinder", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/509883/100/0/threaded" }, { "name": "62741", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/62741" }, { "name": "38842", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/38842" }, { "name": "62739", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/62739" }, { "name": "[security-announce] 20091215 VMSA-2009-0017 VMware vCenter, ESX patch and vCenter Lab Manager releases address cross-site scripting issues", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.vmware.com/pipermail/security-announce/2009/000073.html" }, { "name": "62740", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/62740" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-3731", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) wwhelp_entry.html, reachable through index.html and wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, or (5) the window.opener component in wwhelp/wwhimpl/common/html/bookmark.htm, related to (a) unspecified parameters and (b) messages used in topic links for the bookmarking functionality." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20091215 VMSA-2009-0017 VMware vCenter, ESX patch and vCenter Lab Manager releases address cross-site scripting issues", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2009-12/0229.html" }, { "name": "http://www.webworks.com/Security/2009-0001/", "refsource": "CONFIRM", "url": "http://www.webworks.com/Security/2009-0001/" }, { "name": "1023683", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1023683" }, { "name": "62738", "refsource": "OSVDB", "url": "http://www.osvdb.org/62738" }, { "name": "37346", "refsource": "BID", "url": "http://www.securityfocus.com/bid/37346" }, { "name": "38749", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38749" }, { "name": "62742", "refsource": "OSVDB", "url": "http://www.osvdb.org/62742" }, { "name": "oval:org.mitre.oval:def:5944", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5944" }, { "name": "20100304 CA20100304-01: Security Notice for CA SiteMinder", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/509883/100/0/threaded" }, { "name": "62741", "refsource": "OSVDB", "url": "http://www.osvdb.org/62741" }, { "name": "38842", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38842" }, { "name": "62739", "refsource": "OSVDB", "url": "http://www.osvdb.org/62739" }, { "name": "[security-announce] 20091215 VMSA-2009-0017 VMware vCenter, ESX patch and vCenter Lab Manager releases address cross-site scripting issues", "refsource": "MLIST", "url": "http://lists.vmware.com/pipermail/security-announce/2009/000073.html" }, { "name": "62740", "refsource": "OSVDB", "url": "http://www.osvdb.org/62740" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-3731", "datePublished": "2009-12-16T18:00:00", "dateReserved": "2009-10-20T00:00:00", "dateUpdated": "2024-08-07T06:38:30.217Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2011-1789
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://lists.vmware.com/pipermail/security-announce/2011/000137.html | mailing-list, x_refsource_MLIST | |
http://securitytracker.com/id?1025502 | vdb-entry, x_refsource_SECTRACK | |
http://www.vmware.com/security/advisories/VMSA-2011-0008.html | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T22:37:25.821Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[security-announce] 20110505 VMSA-2011-0008 VMware vCenter Server and vSphere Client security vulnerabilities", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.vmware.com/pipermail/security-announce/2011/000137.html" }, { "name": "1025502", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1025502" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0008.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The self-extracting installer in the vSphere Client Installer package in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, VMware ESXi 4.x before 4.1 Update 1, and VMware ESX 4.x before 4.1 Update 1 does not have a digital signature, which might make it easier for remote attackers to spoof the software distribution via a Trojan horse installer." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2011-05-09T22:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "[security-announce] 20110505 VMSA-2011-0008 VMware vCenter Server and vSphere Client security vulnerabilities", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.vmware.com/pipermail/security-announce/2011/000137.html" }, { "name": "1025502", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1025502" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0008.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-1789", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The self-extracting installer in the vSphere Client Installer package in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, VMware ESXi 4.x before 4.1 Update 1, and VMware ESX 4.x before 4.1 Update 1 does not have a digital signature, which might make it easier for remote attackers to spoof the software distribution via a Trojan horse installer." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[security-announce] 20110505 VMSA-2011-0008 VMware vCenter Server and vSphere Client security vulnerabilities", "refsource": "MLIST", "url": "http://lists.vmware.com/pipermail/security-announce/2011/000137.html" }, { "name": "1025502", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1025502" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2011-0008.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2011-0008.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-1789", "datePublished": "2011-05-09T22:00:00Z", "dateReserved": "2011-04-19T00:00:00Z", "dateUpdated": "2024-09-16T16:28:59.357Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2025-41241
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-41241", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-07-29T13:23:47.836021Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-07-29T13:24:08.243Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "vCenter", "vendor": "VMware", "versions": [ { "lessThan": "8.0 U3g", "status": "affected", "version": "8.0", "versionType": "custom" }, { "lessThan": "7.0 U3v", "status": "affected", "version": "7.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Cloud Foundation", "vendor": "VMware", "versions": [ { "status": "affected", "version": "5.x, 4.5.x" } ] }, { "defaultStatus": "unaffected", "product": "Telco Cloud Platform", "vendor": "VMware", "versions": [ { "status": "affected", "version": "5.x, 2.x" } ] }, { "defaultStatus": "unaffected", "product": "Telco Cloud Infrastructure", "vendor": "VMware", "versions": [ { "status": "affected", "version": "2.x" } ] } ], "datePublic": "2025-07-29T12:11:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware vCenter contains a denial-of-service vulnerability.\u0026nbsp;\u003c/span\u003eA malicious actor who is authenticated through vCenter and has permission to perform API calls for guest OS customisation may trigger this vulnerability to create a denial-of-service condition.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e" } ], "value": "VMware vCenter contains a denial-of-service vulnerability.\u00a0A malicious actor who is authenticated through vCenter and has permission to perform API calls for guest OS customisation may trigger this vulnerability to create a denial-of-service condition." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-754", "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-07-29T12:25:55.706Z", "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware" }, "references": [ { "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35964" } ], "source": { "discovery": "UNKNOWN" }, "title": "Denial-of-service vulnerability", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "assignerShortName": "vmware", "cveId": "CVE-2025-41241", "datePublished": "2025-07-29T12:25:55.706Z", "dateReserved": "2025-04-16T09:30:17.799Z", "dateUpdated": "2025-07-29T13:24:08.243Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2009-0778
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T04:48:52.114Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2009:0326", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2009-0326.html" }, { "name": "37471", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37471" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7c0ecc4c4f8fd90988aab8a95297b9c0038b6160" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" }, { "name": "33758", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33758" }, { "name": "oval:org.mitre.oval:def:10215", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10215" }, { "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:7867", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7867" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25" }, { "name": "[oss-security] 20090311 CVE-2009-0778 kernel: rt_cache leak", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2009/03/11/2" }, { "name": "1021958", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1021958" }, { "name": "linux-kernel-rtcache-dos(49199)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49199" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=485163" }, { "name": "ADV-2009-3316", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/3316" }, { "name": "34084", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/34084" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-03-11T00:00:00", "descriptions": [ { "lang": "en", "value": "The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage) by sending a large series of packets to many destination IP addresses within this REJECT route, related to an \"rt_cache leak.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-10T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2009:0326", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2009-0326.html" }, { "name": "37471", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37471" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7c0ecc4c4f8fd90988aab8a95297b9c0038b6160" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" }, { "name": "33758", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33758" }, { "name": "oval:org.mitre.oval:def:10215", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10215" }, { "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:7867", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7867" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25" }, { "name": "[oss-security] 20090311 CVE-2009-0778 kernel: rt_cache leak", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://openwall.com/lists/oss-security/2009/03/11/2" }, { "name": "1021958", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1021958" }, { "name": "linux-kernel-rtcache-dos(49199)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49199" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=485163" }, { "name": "ADV-2009-3316", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/3316" }, { "name": "34084", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/34084" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2009-0778", "datePublished": "2009-03-12T15:00:00", "dateReserved": "2009-03-03T00:00:00", "dateUpdated": "2024-08-07T04:48:52.114Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
var-201102-0280
Vulnerability from variot
The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. IBM WebSphere Application Server (WAS) contains a denial-of-service (DoS) vulnerability. IBM WebSphere Application Server contains a denial-of-service (DoS) vulnerability due to an issue in Java Runtime Environment (JRE). According to the developer: " For other IBM software products that contain an affected version of WAS, require an update. Specifically, WebSphere Process Server (WPS), WebSphere Enterprise Service Bus (WESB), WebSphere Virtual Enterprise (WVE), WebSphere Commerce and others are applicable. Also, IBM HTTP Server is not affected by this vulnerability."A remote attacker may cause a denial-of-service (DoS). A wide range of products are affected. Oracle Java is prone to a remote denial-of-service vulnerability. Successful attacks will cause applications written in Java to hang, creating a denial-of-service condition. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201111-02
http://security.gentoo.org/
Severity: Normal Title: Oracle JRE/JDK: Multiple vulnerabilities Date: November 05, 2011 Bugs: #340421, #354213, #370559, #387851 ID: 201111-02
Synopsis
Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/sun-jre-bin < 1.6.0.29 >= 1.6.0.29 * 2 app-emulation/emul-linux-x86-java < 1.6.0.29 >= 1.6.0.29 * 3 dev-java/sun-jdk < 1.6.0.29 >= 1.6.0.29 * ------------------------------------------------------------------- NOTE: Packages marked with asterisks require manual intervention! ------------------------------------------------------------------- 3 affected packages -------------------------------------------------------------------
Description
Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below and the associated Oracle Critical Patch Update Advisory for details.
Workaround
There is no known workaround at this time.
Resolution
All Oracle JDK 1.6 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.6.0.29"
All Oracle JRE 1.6 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.6.0.29"
All users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to the latest version:
# emerge --sync # emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.6.0.29"
NOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically. This limitation is not present on a non-fetch restricted implementation such as dev-java/icedtea-bin.
References
[ 1 ] CVE-2010-3541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541 [ 2 ] CVE-2010-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548 [ 3 ] CVE-2010-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549 [ 4 ] CVE-2010-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550 [ 5 ] CVE-2010-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551 [ 6 ] CVE-2010-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552 [ 7 ] CVE-2010-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553 [ 8 ] CVE-2010-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554 [ 9 ] CVE-2010-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555 [ 10 ] CVE-2010-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556 [ 11 ] CVE-2010-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557 [ 12 ] CVE-2010-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558 [ 13 ] CVE-2010-3559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559 [ 14 ] CVE-2010-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560 [ 15 ] CVE-2010-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561 [ 16 ] CVE-2010-3562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562 [ 17 ] CVE-2010-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563 [ 18 ] CVE-2010-3565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565 [ 19 ] CVE-2010-3566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566 [ 20 ] CVE-2010-3567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567 [ 21 ] CVE-2010-3568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568 [ 22 ] CVE-2010-3569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569 [ 23 ] CVE-2010-3570 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570 [ 24 ] CVE-2010-3571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571 [ 25 ] CVE-2010-3572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572 [ 26 ] CVE-2010-3573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573 [ 27 ] CVE-2010-3574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574 [ 28 ] CVE-2010-4422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422 [ 29 ] CVE-2010-4447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447 [ 30 ] CVE-2010-4448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448 [ 31 ] CVE-2010-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450 [ 32 ] CVE-2010-4451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451 [ 33 ] CVE-2010-4452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452 [ 34 ] CVE-2010-4454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454 [ 35 ] CVE-2010-4462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462 [ 36 ] CVE-2010-4463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463 [ 37 ] CVE-2010-4465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465 [ 38 ] CVE-2010-4466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466 [ 39 ] CVE-2010-4467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467 [ 40 ] CVE-2010-4468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468 [ 41 ] CVE-2010-4469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469 [ 42 ] CVE-2010-4470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470 [ 43 ] CVE-2010-4471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471 [ 44 ] CVE-2010-4472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472 [ 45 ] CVE-2010-4473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473 [ 46 ] CVE-2010-4474 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474 [ 47 ] CVE-2010-4475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475 [ 48 ] CVE-2010-4476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476 [ 49 ] CVE-2011-0802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802 [ 50 ] CVE-2011-0814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814 [ 51 ] CVE-2011-0815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815 [ 52 ] CVE-2011-0862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862 [ 53 ] CVE-2011-0863 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863 [ 54 ] CVE-2011-0864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864 [ 55 ] CVE-2011-0865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865 [ 56 ] CVE-2011-0867 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867 [ 57 ] CVE-2011-0868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868 [ 58 ] CVE-2011-0869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869 [ 59 ] CVE-2011-0871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871 [ 60 ] CVE-2011-0872 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872 [ 61 ] CVE-2011-0873 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873 [ 62 ] CVE-2011-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389 [ 63 ] CVE-2011-3516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516 [ 64 ] CVE-2011-3521 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521 [ 65 ] CVE-2011-3544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544 [ 66 ] CVE-2011-3545 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545 [ 67 ] CVE-2011-3546 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546 [ 68 ] CVE-2011-3547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547 [ 69 ] CVE-2011-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548 [ 70 ] CVE-2011-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549 [ 71 ] CVE-2011-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550 [ 72 ] CVE-2011-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551 [ 73 ] CVE-2011-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552 [ 74 ] CVE-2011-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553 [ 75 ] CVE-2011-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554 [ 76 ] CVE-2011-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555 [ 77 ] CVE-2011-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556 [ 78 ] CVE-2011-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557 [ 79 ] CVE-2011-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558 [ 80 ] CVE-2011-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560 [ 81 ] CVE-2011-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201111-02.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
VMware Security Advisory
Advisory ID: VMSA-2011-0013 Synopsis: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX Issue date: 2011-10-27 Updated on: 2011-10-27 (initial release of advisory) CVE numbers: --- openssl --- CVE-2008-7270 CVE-2010-4180 --- libuser --- CVE-2011-0002 --- nss, nspr --- CVE-2010-3170 CVE-2010-3173 --- Oracle (Sun) JRE 1.6.0 --- CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3550 CVE-2010-3551 CVE-2010-3552 CVE-2010-3553 CVE-2010-3554 CVE-2010-3555 CVE-2010-3556 CVE-2010-3557 CVE-2010-3558 CVE-2010-3559 CVE-2010-3560 CVE-2010-3561 CVE-2010-3562 CVE-2010-3563 CVE-2010-3565 CVE-2010-3566 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3570 CVE-2010-3571 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574 CVE-2010-4422 CVE-2010-4447 CVE-2010-4448 CVE-2010-4450 CVE-2010-4451 CVE-2010-4452 CVE-2010-4454 CVE-2010-4462 CVE-2010-4463 CVE-2010-4465 CVE-2010-4466 CVE-2010-4467 CVE-2010-4468 CVE-2010-4469 CVE-2010-4470 CVE-2010-4471 CVE-2010-4472 CVE-2010-4473 CVE-2010-4474 CVE-2010-4475 CVE-2010-4476 --- Oracle (Sun) JRE 1.5.0 --- CVE-2010-4447 CVE-2010-4448 CVE-2010-4450 CVE-2010-4454 CVE-2010-4462 CVE-2010-4465 CVE-2010-4466 CVE-2010-4468 CVE-2010-4469 CVE-2010-4473 CVE-2010-4475 CVE-2010-4476 CVE-2011-0862 CVE-2011-0873 CVE-2011-0815 CVE-2011-0864 CVE-2011-0802 CVE-2011-0814 CVE-2011-0871 CVE-2011-0867 CVE-2011-0865 --- SFCB --- CVE-2010-2054
- Summary
Update 2 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere Hypervisor (ESXi) 4.1 and ESX 4.1 addresses several security issues.
- Relevant releases
vCenter Server 4.1 without Update 2
vCenter Update Manager 4.1 without Update 2
ESXi 4.1 without patch ESX410-201110201-SG.
ESX 4.1 without patches ESX410-201110201-SG, ESX410-201110204-SG, ESX410-201110206-SG,ESX410-201110214-SG.
- Problem Description
a. ESX third party update for Service Console openssl RPM
The Service Console openssl RPM is updated to
openssl-0.9.8e.12.el5_5.7 resolving two security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2008-7270 and CVE-2010-4180 to these
issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
========= ======== ======= =================
vCenter any Windows not affected
hosted* any any not affected
ESXi any any not affected
ESX 4.1 ESX ESX410-201110204-SG
ESX 4.0 ESX patch pending
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
- hosted products are VMware Workstation, Player, ACE, Fusion.
b. ESX third party update for Service Console libuser RPM
The Service Console libuser RPM is updated to version
0.54.7-2.1.el5_5.2 to resolve a security issue.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2011-0002 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
========= ======== ======= =================
vCenter any Windows not affected
hosted* any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201110206-SG
ESX 4.0 ESX patch pending
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
- hosted products are VMware Workstation, Player, ACE, Fusion.
c. ESX third party update for Service Console nss and nspr RPMs
The Service Console Network Security Services (NSS) and Netscape
Portable Runtime (NSPR) libraries are updated to nspr-4.8.6-1
and nss-3.12.8-4 resolving multiple security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-3170 and CVE-2010-3173 to these
issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
========= ======== ======= =================
vCenter any Windows not affected
hosted* any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201110214-SG
ESX 4.0 ESX patch pending
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
- hosted products are VMware Workstation, Player, ACE, Fusion.
d. vCenter Server and ESX, Oracle (Sun) JRE update 1.6.0_24
Oracle (Sun) JRE is updated to version 1.6.0_24, which addresses
multiple security issues that existed in earlier releases of
Oracle (Sun) JRE.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following names to the security issues fixed in
JRE 1.6.0_24: CVE-2010-4422, CVE-2010-4447, CVE-2010-4448,
CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454,
CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466,
CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470,
CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4474,
CVE-2010-4475 and CVE-2010-4476.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following names to the security issues fixed in
JRE 1.6.0_22: CVE-2010-1321, CVE-2010-3541, CVE-2010-3548,
CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552,
CVE-2010-3553, CVE-2010-3554, CVE-2010-3555, CVE-2010-3556,
CVE-2010-3557, CVE-2010-3558, CVE-2010-3559, CVE-2010-3560,
CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565,
CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569,
CVE-2010-3570, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573 and
CVE-2010-3574.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 5.0 Windows not affected
vCenter 4.1 Windows Update 2
vCenter 4.0 Windows not applicable **
VirtualCenter 2.5 Windows not applicable **
Update Manager 5.0 Windows not affected
Update Manager 4.1 Windows not applicable **
Update Manager 4.0 Windows not applicable **
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201110201-SG
ESX 4.0 ESX not applicable **
ESX 3.5 ESX not applicable **
ESX 3.0.3 ESX not applicable **
- hosted products are VMware Workstation, Player, ACE, Fusion. ** this product uses the Oracle (Sun) JRE 1.5.0 family
e. vCenter Update Manager Oracle (Sun) JRE update 1.5.0_30
Oracle (Sun) JRE is updated to version 1.5.0_30, which addresses
multiple security issues that existed in earlier releases of
Oracle (Sun) JRE.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following names to the security issues fixed in
Oracle (Sun) JRE 1.5.0_30: CVE-2011-0862, CVE-2011-0873,
CVE-2011-0815, CVE-2011-0864, CVE-2011-0802, CVE-2011-0814,
CVE-2011-0871, CVE-2011-0867 and CVE-2011-0865.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following names to the security issues fixed in
Oracle (Sun) JRE 1.5.0_28: CVE-2010-4447, CVE-2010-4448,
CVE-2010-4450, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465,
CVE-2010-4466, CVE-2010-4468, CVE-2010-4469, CVE-2010-4473,
CVE-2010-4475, CVE-2010-4476.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 5.0 Windows not applicable **
vCenter 4.1 Windows not applicable **
vCenter 4.0 Windows patch pending
VirtualCenter 2.5 Windows patch pending
Update Manager 5.0 Windows not applicable **
Update Manager 4.1 Windows Update 2
Update Manager 4.0 Windows patch pending
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX not applicable **
ESX 4.0 ESX patch pending
ESX 3.5 ESX patch pending
ESX 3.0.3 ESX affected, no patch planned
- hosted products are VMware Workstation, Player, ACE, Fusion. ** this product uses the Oracle (Sun) JRE 1.6.0 family
f. Integer overflow in VMware third party component sfcb
This release resolves an integer overflow issue present in the
third party library SFCB when the httpMaxContentLength has been
changed from its default value to 0 in in /etc/sfcb/sfcb.cfg.
The integer overflow could allow remote attackers to cause a
denial of service (heap memory corruption) or possibly execute
arbitrary code via a large integer in the Content-Length HTTP
header.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-2054 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
========= ======== ======= =================
vCenter any Windows not affected
hosted* any any not affected
ESXi 5.0 ESXi not affected
ESXi 4.1 ESXi ESXi410-201110201-SG
ESXi 4.0 ESXi not affected
ESXi 3.5 ESXi not affected
ESX 4.1 ESX ESX410-201110201-SG
ESX 4.0 ESX not affected
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
-
hosted products are VMware Workstation, Player, ACE, Fusion.
-
Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
VMware vCenter Server 4.1
vCenter Server 4.1 Update 2 The download for vCenter Server includes VMware Update Manager.
Download link:
http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1
Release Notes:
http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html https://www.vmware.com/support/pubs/vum_pubs.html
File: VMware-VIMSetup-all-4.1.0-493063.iso md5sum: d132326846a85bfc9ebbc53defeee6e1 sha1sum: 192c3e5d2a10bbe53c025cc7eedb3133a23e0541
File: VMware-VIMSetup-all-4.1.0-493063.zip md5sum: 7fd7b09e501bd8fde52649b395491222 sha1sum: 46dd00e7c594ac672a5d7c3c27d15be2f5a5f1f1
File: VMware-viclient-all-4.1.0-491557.exe md5sum: dafd31619ae66da65115ac3900697e3a sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef
VMware ESXi 4.1
VMware ESXi 4.1 Update 2
Download link:
http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1
Release Notes:
https://www.vmware.com/support/pubs/vs_pages/vsp_pubs_esxi41_i_vc41.html
File: VMware-VMvisor-Installer-4.1.0.update02-502767.x86_64.iso md5sum: 0aa78790a336c5fc6ba3d9807c98bfea sha1sum: 7eebd34ab5bdc81401ae20dcf59a8f8ae22086ce
File: upgrade-from-esxi4.0-to-4.1-update02-502767.zip md5sum: 459d9142a885854ef0fa6edd8d6a5677 sha1sum: 75978b6f0fc3b0ccc63babe6a65cfde6ec420d33
File: upgrade-from-ESXi3.5-to-4.1_update02.502767.zip md5sum: 3047fac78a4aaa05cf9528d62fad9d73 sha1sum: dc99b6ff352ace77d5513b4c6d8a2cb7e766a09f
File: VMware-tools-linux-8.3.12-493255.iso md5sum: 63028f2bf605d26798ac24525a0e6208 sha1sum: 95ca96eec7817da9d6e0c326ac44d8b050328932
File: VMware-viclient-all-4.1.0-491557.exe md5sum: dafd31619ae66da65115ac3900697e3a sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef
VMware ESXi 4.1 Update 2 contains ESXi410-201110201-SG.
VMware ESX 4.1
VMware ESX 4.1 Update 2 Download link:
http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1
Release Notes:
http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html
File: ESX-4.1.0-update02-502767.iso md5sum: 9a2b524446cbd756f0f1c7d8d88077f8 sha1sum: 2824c0628c341357a180b3ab20eb2b7ef1bee61c
File: pre-upgrade-from-esx4.0-to-4.1-502767.zip md5sum: 9060ad94d9d3bad7d4fa3e4af69a41cf sha1sum: 9b96ba630377946c42a8ce96f0b5745c56ca46b4
File: upgrade-from-esx4.0-to-4.1-update02-502767.zip md5sum: 4b60f36ee89db8cb7e1243aa02cdb549 sha1sum: 6b9168a1b01379dce7db9d79fd280509e16d013f
File: VMware-tools-linux-8.3.12-493255.iso md5sum: 63028f2bf605d26798ac24525a0e6208 sha1sum: 95ca96eec7817da9d6e0c326ac44d8b050328932
File: VMware-viclient-all-4.1.0-491557.exe md5sum: dafd31619ae66da65115ac3900697e3a sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef
VMware ESX 4.1 Update 2 contains ESX410-201110204-SG, ESX410-201110206-SG, ESX410-201110201-SG and ESX410-201110214-SG.
- References
CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7270 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2054 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3170 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3173 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3541 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3548 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3549 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3550 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3551 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3552 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3553 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3554 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3556 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3557 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3558 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3559 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3560 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3561 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3562 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3563 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3565 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3568 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3570 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3573 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3574 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4447 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4447 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4448 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4448 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4451 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4452 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4454 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4454 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4462 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4462 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4463 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4465 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4465 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4466 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4466 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4467 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4468 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4468 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4469 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4469 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4470 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4471 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4472 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4473 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4473 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4474 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4475 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4475 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0002 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0802 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0862 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0864 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0865 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0867 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0871 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0873
- Change log
2011-10-27 VMSA-2011-0013 Initial security advisory in conjunction with the release of Update 2 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere Hypervisor (ESXi) 4.1 and ESX 4.1 on 2011-10-27.
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories http://www.vmware.com/security/advisories
VMware security response policy http://www.vmware.com/support/policies/security_response.html
General support life cycle policy http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html
Copyright 2011 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk6qRrIACgkQDEcm8Vbi9kPemwCeM4Q4S8aRp8X/8/LQ8NGVdU8l lJkAmweROyq5t0iWwM0EN2iP9ly6trbc =Dm8O -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . Customers should open a support case to request the following hotfixes.
NNMi Version / Operating System Required Patch Hotfix
9.1x HP-UX Patch 4 Hotfix-NNMi-9.1xP4-HP-UX-JDK-20120710.zip
9.1x Linux Patch 4 Hotfix-NNMi-9.1xP4-Linux-JDK-20120523.zip
9.1x Solaris Patch 4 Hotfix-NNMi-9.1xP4-Solaris-JDK-20120523.zip
9.1x Windows Patch 4 Hotfix-NNMi-9.1xP4-Windows-JDK-20120523.zip
Note: The hotfix must be installed after the required patch. The hotfix must be reinstalled if the required patch is reinstalled.
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. =========================================================== Ubuntu Security Notice USN-1079-2 March 15, 2011 openjdk-6b18 vulnerabilities CVE-2010-4448, CVE-2010-4450, CVE-2010-4465, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4476, CVE-2011-0706 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 9.10 Ubuntu 10.04 LTS
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 9.10: icedtea6-plugin 6b18-1.8.7-0ubuntu1~9.10.1 openjdk-6-jre 6b18-1.8.7-0ubuntu1~9.10.1 openjdk-6-jre-headless 6b18-1.8.7-0ubuntu1~9.10.1
Ubuntu 10.04 LTS: icedtea6-plugin 6b18-1.8.7-0ubuntu1~10.04.2 openjdk-6-jre 6b18-1.8.7-0ubuntu1~10.04.2 openjdk-6-jre-headless 6b18-1.8.7-0ubuntu1~10.04.2
After a standard system update you need to restart any Java services, applications or applets to make all the necessary changes.
Details follow:
USN-1079-1 fixed vulnerabilities in OpenJDK 6 for non-armel (ARM) architectures. This update provides the corresponding updates for OpenJDK 6 for use with the armel (ARM) architectures.
In order to build the armel (ARM) OpenJDK 6 update for Ubuntu 10.04 LTS, it was necessary to rebuild binutils and gcj-4.4 from Ubuntu 10.04 LTS updates.
Original advisory details:
It was discovered that untrusted Java applets could create domain name resolution cache entries, allowing an attacker to manipulate name resolution within the JVM. (CVE-2010-4448)
It was discovered that the Java launcher did not did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. (CVE-2010-4450)
It was discovered that within the Swing library, forged timer events could allow bypass of SecurityManager checks. This could allow an attacker to access restricted resources. (CVE-2010-4465)
It was discovered that certain bytecode combinations confused memory management within the HotSpot JVM. (CVE-2010-4469)
It was discovered that the way JAXP components were handled allowed them to be manipulated by untrusted applets. An attacker could use this to bypass XML processing restrictions and elevate privileges. (CVE-2010-4470)
It was discovered that the Java2D subcomponent, when processing broken CFF fonts could leak system properties. (CVE-2010-4471)
It was discovered that a flaw in the XML Digital Signature component could allow an attacker to cause untrusted code to replace the XML Digital Signature Transform or C14N algorithm implementations. (CVE-2010-4472)
Konstantin Prei\xdfer and others discovered that specific double literals were improperly handled, allowing a remote attacker to cause a denial of service. (CVE-2011-0706)
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7-0ubuntu1~9.10.1.diff.gz
Size/MD5: 146232 31c9fd1c87f901507dec909a87d40589
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7-0ubuntu1~9.10.1.dsc
Size/MD5: 3009 13ad66a10ac1cb3698ec20d1d214a626
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7.orig.tar.gz
Size/MD5: 71430490 b2811b2e53cd9abaad6959d33fe10d19
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/o/openjdk-6b18/icedtea-6-jre-cacao_6b18-1.8.7-0ubuntu1~9.10.1_armel.deb
Size/MD5: 369758 6c4489efb438728ec430f7fe9c560a24
http://ports.ubuntu.com/pool/main/o/openjdk-6b18/icedtea6-plugin_6b18-1.8.7-0ubuntu1~9.10.1_armel.deb
Size/MD5: 75714 7d6bcfe18707892e7aebe836cff565db
http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-dbg_6b18-1.8.7-0ubuntu1~9.10.1_armel.deb
Size/MD5: 84965722 3bd57de4c9b80d33e545cd1e9c9492e9
http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-demo_6b18-1.8.7-0ubuntu1~9.10.1_armel.deb
Size/MD5: 1544602 d3689556c3354209f1ac402f2ebde500
http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jdk_6b18-1.8.7-0ubuntu1~9.10.1_armel.deb
Size/MD5: 9107834 c31913d1c41bc826021784ea9c99cfb5
http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jre-headless_6b18-1.8.7-0ubuntu1~9.10.1_armel.deb
Size/MD5: 29720800 eff015c81953c6d7384706d14d97a896
http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jre_6b18-1.8.7-0ubuntu1~9.10.1_armel.deb
Size/MD5: 255212 d01547c3c8ea7991c8417718e0d9031b
http://ports.ubuntu.com/pool/universe/o/openjdk-6b18/openjdk-6-jre-zero_6b18-1.8.7-0ubuntu1~9.10.1_armel.deb
Size/MD5: 4853678 3da0193b13769aff3f13c3946ac145a5
Updated packages for Ubuntu 10.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7-0ubuntu1~10.04.2.diff.gz
Size/MD5: 146294 ed4b09749d16004b52b0488c8191eb3f
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7-0ubuntu1~10.04.2.dsc
Size/MD5: 3062 5edaf7e9dbd70b79868927f2debafc6c
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7.orig.tar.gz
Size/MD5: 71430490 b2811b2e53cd9abaad6959d33fe10d19
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/o/openjdk-6b18/icedtea-6-jre-cacao_6b18-1.8.7-0ubuntu1~10.04.2_armel.deb
Size/MD5: 346450 a68c38540eabb97715893feecb295fb0
http://ports.ubuntu.com/pool/main/o/openjdk-6b18/icedtea6-plugin_6b18-1.8.7-0ubuntu1~10.04.2_armel.deb
Size/MD5: 73856 8afdfac50e3431dbc7330f8b84ecf37b
http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-dbg_6b18-1.8.7-0ubuntu1~10.04.2_armel.deb
Size/MD5: 41237528 13b2864e53bea1395ec4ee19a724fc98
http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-demo_6b18-1.8.7-0ubuntu1~10.04.2_armel.deb
Size/MD5: 1525192 cf0e7f1013fa1f88134d288246dfa078
http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jdk_6b18-1.8.7-0ubuntu1~10.04.2_armel.deb
Size/MD5: 9101442 a22e6ec0af97c5b2a2dc2dc71650a863
http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jre-headless_6b18-1.8.7-0ubuntu1~10.04.2_armel.deb
Size/MD5: 29512754 7e8283f159bbbad2ea5939c78db8bd6a
http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jre_6b18-1.8.7-0ubuntu1~10.04.2_armel.deb
Size/MD5: 245384 1ea80079241fe9ce65c39f6768ab842b
. Summary:
Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite 5.4.1 for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Relevant releases/architectures:
Red Hat Network Satellite Server 5.4 (RHEL v.5) - i386, s390x, x86_64
- In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Detailed vulnerability descriptions are linked from the IBM "Security alerts" page, listed in the References section. (CVE-2009-3555, CVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3553, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3560, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565, CVE-2010-3566, CVE-2010-3568, CVE-2010-3569, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573, CVE-2010-3574, CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4471, CVE-2010-4473, CVE-2010-4475, CVE-2010-4476)
Users of Red Hat Network Satellite 5.4.1 are advised to upgrade to these updated java-1.6.0-ibm packages, which contain the IBM 1.6.0 SR9-FP1 Java release. For this update to take effect, Red Hat Network Satellite must be restarted. Refer to the Solution section for details. Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
Run the following command to restart the Red Hat Network Satellite server:
rhn-satellite restart
- Bugs fixed (http://bugzilla.redhat.com/):
533125 - CVE-2009-3555 TLS: MITM attacks via session renegotiation 582466 - CVE-2010-1321 krb5: null pointer dereference in GSS-API library leads to DoS (MITKRB5-SA-2010-005) 639876 - CVE-2010-3568 OpenJDK Deserialization Race condition (6559775) 639897 - CVE-2010-3562 OpenJDK IndexColorModel double-free (6925710) 639904 - CVE-2010-3557 OpenJDK Swing mutable static (6938813) 639909 - CVE-2010-3548 OpenJDK DNS server IP address information leak (6957564) 639920 - CVE-2010-3565 OpenJDK JPEG writeImage remote code execution (6963023) 639922 - CVE-2010-3566 OpenJDK ICC Profile remote code execution (6963489) 639925 - CVE-2010-3569 OpenJDK Serialization inconsistencies (6966692) 642167 - CVE-2010-3553 OpenJDK Swing unsafe reflection usage (6622002) 642180 - CVE-2010-3549 OpenJDK HttpURLConnection request splitting (6952017) 642187 - CVE-2010-3551 OpenJDK local network address disclosure (6952603) 642202 - CVE-2010-3541 CVE-2010-3573 OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004) 642215 - CVE-2010-3574 OpenJDK HttpURLConnection incomplete TRACE permission check (6981426) 642558 - CVE-2010-3555 JDK unspecified vulnerability in Deployment component 642559 - CVE-2010-3550 JDK unspecified vulnerability in Java Web Start component 642573 - CVE-2010-3560 JDK unspecified vulnerability in Networking component 642576 - CVE-2010-3556 JDK unspecified vulnerability in 2D component 642585 - CVE-2010-3571 JDK unspecified vulnerability in 2D component 642589 - CVE-2010-3563 JDK unspecified vulnerability in Deployment component 642593 - CVE-2010-3558 JDK unspecified vulnerability in Java Web Start component 642611 - CVE-2010-3572 JDK unspecified vulnerability in Sound component 674336 - CVE-2010-4476 JDK Double.parseDouble Denial-Of-Service 675984 - CVE-2010-4465 OpenJDK Swing timer-based security manager bypass (6907662) 676019 - CVE-2010-4471 OpenJDK Java2D font-related system property leak (6985453) 676023 - CVE-2010-4448 OpenJDK DNS cache poisoning by untrusted applets (6981922) 677957 - CVE-2010-4475 JDK unspecified vulnerability in Deployment component 677958 - CVE-2010-4473 JDK unspecified vulnerability in Sound component 677959 - CVE-2010-4468 JDK unspecified vulnerability in JDBC component 677960 - CVE-2010-4467 JDK unspecified vulnerability in Deployment component 677961 - CVE-2010-4466 JDK unspecified vulnerability in Deployment component 677963 - CVE-2010-4463 JDK unspecified vulnerability in Deployment component 677966 - CVE-2010-4462 JDK unspecified vulnerability in Sound component 677967 - CVE-2010-4454 JDK unspecified vulnerability in Sound component 677968 - CVE-2010-4452 JDK unspecified vulnerability in Deployment component 677970 - CVE-2010-4447 JDK unspecified vulnerability in Deployment component 677971 - CVE-2010-4422 JDK unspecified vulnerability in Deployment component
- Package List:
Red Hat Network Satellite Server 5.4 (RHEL v.5):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHNSAT/SRPMS/java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el5.src.rpm
i386: java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el5.i386.rpm
s390x: java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el5.s390x.rpm java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el5.s390x.rpm
x86_64: java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2011 Red Hat, Inc. Such input strings represent valid numbers and can be contained in data supplied by an attacker over the network, leading to a denial-of-service attack.
For the old stable distribution (lenny), this problem has been fixed in version 6b18-1.8.3-2~lenny1.
Note that this update introduces an OpenJDK package based on the IcedTea release 1.8.3 into the old stable distribution. This addresses several dozen security vulnerabilities, most of which are only exploitable by malicious mobile code. A notable exception is CVE-2009-3555, the TLS renegotiation vulnerability. This update implements the protocol extension described in RFC 5746, addressing this issue.
This update also includes a new version of Hotspot, the Java virtual machine, which increases the default heap size on machines with several GB of RAM. If you run several JVMs on the same machine, you might have to reduce the heap size by specifying a suitable -Xmx argument in the invocation of the "java" command. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02822093 Version: 1
HPSBOV02634 SSRT100390 rev.1 - HP OpenVMS running Java, Remote Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-05-05 Last Updated: 2011-05-05
Potential Security Impact: Remote Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY A potential vulnerability has been identified with HP OpenVMS running Java. The vulnerability could be remotely exploited to create a Denial of Service (DoS).
References: CVE-2010-4476
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP OpenVMS running J2SE 1.42 on Alpha platforms: v 1.42-9 and earlier. HP OpenVMS running J2SE 1.42 on I64 platforms: v 1.42-6 and earlier. HP OpenVMS running J2SE 5.0 on Alpha platforms: v 1.50-7 and earlier. HP OpenVMS running J2SE 5.0 on I64 platforms: v 1.50-6 and earlier. HP OpenVMS running Java SE 6 on Alpha and I64 platforms: v 6.0-2 and earlier.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2010-4476 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following software tool available to resolve the vulnerability.
The FPUpdater tool (Floating Point Updater) must be run to update the Java Development Kit (JDK) and/or the Java Runtime Environment (JRE) for Java v 1.4-x, v 5.0-x, and v 6.0-x.
To download the FPUpdater tool, go to http://h18012.www1.hp.com/java/alpha/fpupdater_index.html
HISTORY Version:1 (rev.1) - 5 May 2011 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2011 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial: http://secunia.com/products/corporate/vim/
TITLE: Apache Tomcat Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA43198
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43198/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43198
RELEASE DATE: 2011-02-07
DISCUSS ADVISORY: http://secunia.com/advisories/43198/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/43198/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43198
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Apache Tomcat, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).
1) An error due to the "ServletContect" attribute improperly being restricted to read-only when running under a SecurityManager can be exploited by a malicious web application to use an arbitrary working directory with read-write privileges.
2) Certain input (e.g. display names) is not properly sanitised in the HTML Manager interface before being returned to the user.
3) An error within the JVM when accessing a page that calls "javax.servlet.ServletRequest.getLocale()" or "javax.servlet.ServletRequest.getLocales()" functions can be exploited to cause the process to hang via a web request containing specially crafted headers (e.g. "Accept-Language").
This vulnerability is reported in versions prior to 5.5.33.
PROVIDED AND/OR DISCOVERED BY: 1, 2) Reported by the vendor. 3) Konstantin Preiber
ORIGINAL ADVISORY: Apache Tomcat: http://tomcat.apache.org/security-5.html http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0075.html
Konstantin Preiber: http://www.exploringbinary.com/why-volatile-fixes-the-2-2250738585072011e-308-bug/comment-page-1/#comment-4645
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mandriva Linux Security Advisory MDVSA-2011:054 http://www.mandriva.com/security/
Package : java-1.6.0-openjdk Date : March 27, 2011 Affected: 2009.0, 2010.0, 2010.1, Enterprise Server 5.0
Problem Description:
Multiple vulnerabilities has been identified and fixed in java-1.6.0-openjdk:
The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader (CVE-2010-4351). NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves DNS cache poisoning by untrusted applets. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable (CVE-2010-4450). NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the lack of framework support by AWT event dispatch, and/or clipboard access in Applets. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is heap corruption related to the Verifier and backward jsrs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to Features set on SchemaFactory not inherited by Validator. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the exposure of system properties via vectors related to Font.createFont and exception text (CVE-2010-4471). NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the XML DSig Transform or C14N algorithm implementations.
IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are partially signed or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source (CVE-2011-0025).
The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of an inappropriate security descriptor. (CVE-2011-0706)
Additionally the java-1.5.0-gcj packages were not rebuilt with the shipped version on GCC for 2009.0 and Enterprise Server 5 which caused problems while building the java-1.6.0-openjdk updates, therefore rebuilt java-1.5.0-gcj packages are being provided with this advisory as well.
Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4351 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4448 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4465 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4469 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4470 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4471 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4472 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0025 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0706
Updated Packages:
Mandriva Linux 2009.0: cfea90f1f20d28bf5a2f628e0a910eaa 2009.0/i586/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdv2009.0.i586.rpm d3188bf2f1da126b4d04e920e331d831 2009.0/i586/java-1.5.0-gcj-devel-1.5.0.0-17.1.7.1mdv2009.0.i586.rpm 1b4994018478f335d49531d9d5e60642 2009.0/i586/java-1.5.0-gcj-javadoc-1.5.0.0-17.1.7.1mdv2009.0.i586.rpm 078af1b826c27ea3c7befc88ace7ebd5 2009.0/i586/java-1.5.0-gcj-src-1.5.0.0-17.1.7.1mdv2009.0.i586.rpm d1c6cba2035f8eada4e351310ebf7be2 2009.0/i586/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2009.0.i586.rpm 8b53c26f88092819346654a339b44622 2009.0/i586/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdv2009.0.i586.rpm fc8af257ef8db0d37f3bfff954740c0b 2009.0/i586/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdv2009.0.i586.rpm 6cd5f5cdb27e4c8936292aef0aa5010c 2009.0/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdv2009.0.i586.rpm 03fdab84535710ac263c08b3870cb062 2009.0/i586/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdv2009.0.i586.rpm 0232ce60d1d6e1072e50a13f2b416fcc 2009.0/i586/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdv2009.0.i586.rpm fc94465e0b7e5fe50095c15726d38699 2009.0/SRPMS/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdv2009.0.src.rpm 79aa73d85fe13e803173a9c520ac1bd8 2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64: 5728fe31661213beab52fe97f9af91ad 2009.0/x86_64/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdv2009.0.x86_64.rpm bd5a2a20d168ddcebe29bb109fea38c2 2009.0/x86_64/java-1.5.0-gcj-devel-1.5.0.0-17.1.7.1mdv2009.0.x86_64.rpm a37818a53a8dbfa85d82bcf3bf83e08f 2009.0/x86_64/java-1.5.0-gcj-javadoc-1.5.0.0-17.1.7.1mdv2009.0.x86_64.rpm ed9d1baa365606c512783863da3e0bd8 2009.0/x86_64/java-1.5.0-gcj-src-1.5.0.0-17.1.7.1mdv2009.0.x86_64.rpm b5e70c75ecc67f8f1f7f22ca55059a8b 2009.0/x86_64/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2009.0.x86_64.rpm 071df613e884a9faf3525661280b19d6 2009.0/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdv2009.0.x86_64.rpm 81b79e0a8ae29c5bcff3fa6872ad52e9 2009.0/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdv2009.0.x86_64.rpm b5818cbad798514f02ee26c346d1e077 2009.0/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdv2009.0.x86_64.rpm d80e3970d9279df1f9dddd46bcb01380 2009.0/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdv2009.0.x86_64.rpm d72298b296819ab6791e28449d3cf475 2009.0/x86_64/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdv2009.0.x86_64.rpm fc94465e0b7e5fe50095c15726d38699 2009.0/SRPMS/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdv2009.0.src.rpm 79aa73d85fe13e803173a9c520ac1bd8 2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2009.0.src.rpm
Mandriva Linux 2010.0: bbe3a5e4538edd269e8e8c846d02ec50 2010.0/i586/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.0.i586.rpm 825fa39b02a627993df166acad99e002 2010.0/i586/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdv2010.0.i586.rpm b30390e1d4457964f60630c95b36e768 2010.0/i586/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdv2010.0.i586.rpm f6123d9a0852fabdf596850979b58e4d 2010.0/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdv2010.0.i586.rpm f2ec2f80944f1f401154d2fb2c2ad64d 2010.0/i586/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdv2010.0.i586.rpm 68ed360de6ee490d80906fd561459faa 2010.0/i586/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdv2010.0.i586.rpm f7cb05087b53d464084c1d9975f914b1 2010.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64: 11e65a4c18288572327dd4c4f8841f94 2010.0/x86_64/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.0.x86_64.rpm 58bdac45685c3146adb44cb2c006811f 2010.0/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdv2010.0.x86_64.rpm e9dfc0bd42192c92b2a788809226ff27 2010.0/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdv2010.0.x86_64.rpm afcef69bfa7804c70df2684b2ed19634 2010.0/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdv2010.0.x86_64.rpm 64ea6c5ab1b71b8a0f163aa1f7581c69 2010.0/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdv2010.0.x86_64.rpm beb768b3e0714331050baf31a8e88bc9 2010.0/x86_64/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdv2010.0.x86_64.rpm f7cb05087b53d464084c1d9975f914b1 2010.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.0.src.rpm
Mandriva Linux 2010.1: c2736e4b08921bb5de8dbad3e13bb988 2010.1/i586/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.2.i586.rpm 884207fa52ea3e168710dfb3988229d5 2010.1/i586/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdv2010.2.i586.rpm a0d0a86bbc5dcc9d2eff2dc2e14ae083 2010.1/i586/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdv2010.2.i586.rpm dc1dd774b5eb1efb1a785b0ff4bc8f94 2010.1/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdv2010.2.i586.rpm 41cffbd28ed3d467e465328d8369116a 2010.1/i586/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdv2010.2.i586.rpm ae4064b170d4e2fcd0b4949cd53af79e 2010.1/i586/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdv2010.2.i586.rpm f44cc336bcd85dbfd7c589b1b34e1907 2010.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64: 556d72a8cf60df24274bb49938a2791c 2010.1/x86_64/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.2.x86_64.rpm e7e183d456383ad562cdb9da84e0f899 2010.1/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdv2010.2.x86_64.rpm 035fccb2950b8a87cd4b597c866d5831 2010.1/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdv2010.2.x86_64.rpm a76c326c10b87a62be32100d0eddd75f 2010.1/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdv2010.2.x86_64.rpm 09ad2b77e3c48b3e16010c8c93fa8f9b 2010.1/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdv2010.2.x86_64.rpm 042beb49ddd872902a8faea3e425b792 2010.1/x86_64/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdv2010.2.x86_64.rpm f44cc336bcd85dbfd7c589b1b34e1907 2010.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.2.src.rpm
Mandriva Enterprise Server 5: 2bf537286d1406c491061e07a73c96ec mes5/i586/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdvmes5.2.i586.rpm fb125806cc547d2c69cf13ae67c835d5 mes5/i586/java-1.5.0-gcj-devel-1.5.0.0-17.1.7.1mdvmes5.2.i586.rpm 657a9fb9b644be8f8a49442a8210d56a mes5/i586/java-1.5.0-gcj-javadoc-1.5.0.0-17.1.7.1mdvmes5.2.i586.rpm fff64cbf465a2a701c248ad5cc4c89c6 mes5/i586/java-1.5.0-gcj-src-1.5.0.0-17.1.7.1mdvmes5.2.i586.rpm 8ba9fe5adad781d341ba764b661c8c92 mes5/i586/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdvmes5.2.i586.rpm 75de95d6064fe9d552795deb0768dfca mes5/i586/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdvmes5.2.i586.rpm 9f5ccbfff9afb405baadfc67f8173617 mes5/i586/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdvmes5.2.i586.rpm 70de70d7adaccff5397814d31bd51a96 mes5/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdvmes5.2.i586.rpm 94b138e8a423f2f8c2ad137577bb4d42 mes5/i586/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdvmes5.2.i586.rpm fd7dc4b050b6e07ea7686a72c2704ccd mes5/i586/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdvmes5.2.i586.rpm 2899dfa5a7491a13e85736bf588913d9 mes5/SRPMS/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdv2009.0.src.rpm 4fc6e8041b5a93a3a71082fb1cbead26 mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64: 11c7cdc078dcd9cf30e818f4fb4c4e1f mes5/x86_64/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdvmes5.2.x86_64.rpm 6c6185f429a1672255e30cf00c2af065 mes5/x86_64/java-1.5.0-gcj-devel-1.5.0.0-17.1.7.1mdvmes5.2.x86_64.rpm f194361aa7a5cfeec17745f0ee158962 mes5/x86_64/java-1.5.0-gcj-javadoc-1.5.0.0-17.1.7.1mdvmes5.2.x86_64.rpm 7d2679d156a618d7ba847ba2ebcede4b mes5/x86_64/java-1.5.0-gcj-src-1.5.0.0-17.1.7.1mdvmes5.2.x86_64.rpm 8ae3d0065764f69d1546a61b895a4244 mes5/x86_64/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdvmes5.2.x86_64.rpm 8ef4ab6f5f8f421c1b36dfae807350a5 mes5/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdvmes5.2.x86_64.rpm d504a7493fc86d5750c849f738bb6167 mes5/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdvmes5.2.x86_64.rpm 3c044a087cc5225fd9ad138dcea5fa7d mes5/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdvmes5.2.x86_64.rpm b89fa5785567340525aa5b57c8b9440c mes5/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdvmes5.2.x86_64.rpm 3dc504dbf7161b1026bf41298118a819 mes5/x86_64/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdvmes5.2.x86_64.rpm 2899dfa5a7491a13e85736bf588913d9 mes5/SRPMS/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdv2009.0.src.rpm 4fc6e8041b5a93a3a71082fb1cbead26 mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdvmes5.2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFNj4A1mqjQ0CJFipgRAqd9AKDH+zN9xFfcPlQmGWMRSOqb+xjI4QCfbvvt DHgr6vgcxh6XXAElZkDBIws= =7L47 -----END PGP SIGNATURE----- . The updates are available from: http://www.hp.com/go/java
These issues are addressed in the following versions of the HP Java:
HP-UX B.11.11 / SDK and JRE v1.4.2.28 or subsequent
HP-UX B.11.23 / SDK and JRE v1.4.2.28 or subsequent
HP-UX B.11.31 / SDK and JRE v1.4.2.28 or subsequent
MANUAL ACTIONS: Yes - Update
For Java v1.4.2.27 and earlier, update to Java v1.4.2.28 or subsequent
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201102-0280", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "cosminexus application server enterprise 06-50-/a", "scope": null, "trust": 2.1, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise 06-00-/a", "scope": null, "trust": 2.1, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-50-/b", "scope": null, "trust": 2.1, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise 06-70-/b", "scope": null, "trust": 2.1, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-50-/a", "scope": null, "trust": 2.1, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise 06-70-/c", "scope": null, "trust": 2.1, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-70-/b", "scope": null, "trust": 2.1, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-70-/c", "scope": null, "trust": 2.1, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise 06-50-/b", "scope": null, "trust": 2.1, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-00-/a", "scope": null, "trust": 2.1, "vendor": "hitachi", "version": null }, { "model": "jre", "scope": "eq", "trust": 1.9, "vendor": "sun", "version": "1.4.2" }, { "model": "sdk", "scope": "eq", "trust": 1.9, "vendor": "sun", "version": "1.4.2" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 1.8, "vendor": "hitachi", "version": "08-00-01" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 1.8, "vendor": "hitachi", "version": "08-00-01" }, { "model": "cosminexus application server standard 06-50-/c", "scope": null, "trust": 1.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 1.8, "vendor": "hitachi", "version": "08-00-01" }, { "model": "ucosminexus application server standard 06-70-/a", "scope": null, "trust": 1.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise 06-70-/f", "scope": null, "trust": 1.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise 06-00-/b", "scope": null, "trust": 1.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 1.8, "vendor": "hitachi", "version": "07-10" }, { "model": "cosminexus application server standard 06-00-/b", "scope": null, "trust": 1.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus client", "scope": "eq", "trust": 1.8, "vendor": "hitachi", "version": "08-00-01" }, { "model": "cosminexus application server enterprise 06-50-/c", "scope": null, "trust": 1.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise 06-70-/a", "scope": null, "trust": 1.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-70-/f", "scope": null, "trust": 1.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 1.8, "vendor": "hitachi", "version": "08-00-01" }, { "model": "hp systems insight manager", "scope": "eq", "trust": 1.6, "vendor": "hewlett packard l p", "version": "prior to v7.0" }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-50" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus application server standard 06-70-/d", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-70-/g", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-70" }, { "model": "cosminexus application server enterprise 06-00-/c", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "jre 011", "scope": "eq", "trust": 1.5, "vendor": "sun", "version": "1.2.2" }, { "model": "cosminexus application server standard 06-00-/e", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-00" }, { "model": "ucosminexus application server standard 06-70-/e", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-00-/d", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-50-/e", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise 06-00-/e", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise 06-50-/e", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-00" }, { "model": "ucosminexus application server enterprise 06-70-/e", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-00-/c", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "jre 010", "scope": "eq", "trust": 1.5, "vendor": "sun", "version": "1.2.2" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-70" }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-50" }, { "model": "ucosminexus application server enterprise 06-70-/d", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise 06-00-/d", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "07-00" }, { "model": "cosminexus application server 05-05-/i", "scope": null, "trust": 1.2, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "05-05" }, { "model": "ucosminexus client", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "07-00-06" }, { "model": "cosminexus application server 05-05-/d", "scope": null, "trust": 1.2, "vendor": "hitachi", "version": null }, { "model": "jre 013", "scope": "eq", "trust": 1.2, "vendor": "sun", "version": "1.2.2" }, { "model": "cosminexus application server 05-05-/h", "scope": null, "trust": 1.2, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "07-00-06" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "07-60" }, { "model": "jp1/cm2/network node manager starter edition", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "25008-10-01" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "07-00-06" }, { "model": "ucosminexus application server enterprise 06-70-/g", "scope": null, "trust": 1.2, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "07-00-06" }, { "model": "cosminexus application server 05-05-/f", "scope": null, "trust": 1.2, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-50-/d", "scope": null, "trust": 1.2, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "08-00" }, { "model": "cosminexus application server 05-05-/a", "scope": null, "trust": 1.2, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-05-/e", "scope": null, "trust": 1.2, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "07-00-06" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "07-00-06" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "07-60" }, { "model": "cosminexus application server 05-05-/g", "scope": null, "trust": 1.2, "vendor": "hitachi", "version": null }, { "model": "ucosminexus operator", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "07-00-06" }, { "model": "jre 014", "scope": "eq", "trust": 1.2, "vendor": "sun", "version": "1.2.2" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "07-00-06" }, { "model": "jre", "scope": "eq", "trust": 1.2, "vendor": "sun", "version": "1.2.2" }, { "model": "cosminexus application server 05-05-/b", "scope": null, "trust": 1.2, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-05-/c", "scope": null, "trust": 1.2, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise 06-50-/d", "scope": null, "trust": 1.2, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "07-00" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_20" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_28" }, { "model": "jre", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "jdk", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_24" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_5" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_22" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_11" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_10" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_23" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_17" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_6" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_26" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_8" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_14" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_16" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_27" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_19" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_15" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_1" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_12" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_18" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_13" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_7" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_25" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_3" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_20" }, { "model": "jre", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.4.2_29" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_21" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_5" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_24" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_4" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_9" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_22" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "jre", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jdk", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_26" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_17" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_6" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_28" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_27" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_8" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_15" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_11" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_18" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_23" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_2" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_1" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_25" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_10" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_16" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_7" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_19" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_14" }, { "model": "sdk", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.4.2_29" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_3" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_21" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_12" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_02" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_4" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_9" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_13" }, { "model": "jre 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 08", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.3.1 22", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jp1/cm2/network node manager starter ed enterprise", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "08-00-02" }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "cosminexus application server enterprise )", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "06-00" }, { "model": "jdk 1.5.0 16", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.1.8" }, { "model": "sdk 1.4.2 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "ucosminexus application server enterprise 06-71-/b", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jre 015", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.2.2" }, { "model": "jre 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.1" }, { "model": "cosminexus application server standard 06-02-/a", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jre 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "cosminexus application server standard 06-51-/a", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jre 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "sdk 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.1" }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.2.1" }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 09", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 27", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00-03" }, { "model": "jre 1.5.0 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "cosminexus application server enterprise 06-02-/d", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jdk 007", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.1.6" }, { "model": "jre 1.4.2 12", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 09", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.2" }, { "model": "sdk 24", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 01a", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "jre 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.4.2 22", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "sdk 1.4.2 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "sdk 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-60" }, { "model": "jre .0 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4" }, { "model": "processing kit for xml", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "01-05" }, { "model": "jdk 1.5.0 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "cosminexus application server enterprise 06-02-/c", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4" }, { "model": "jre 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "jre 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 11", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "jre 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.1" }, { "model": "jre 1.6.0 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.1" }, { "model": "jre 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre .0 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-50-01" }, { "model": "jre 1.5.0 17", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 17", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.1" }, { "model": "jre 24", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.5.0 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.3.1 23", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk b 005", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.1.7" }, { "model": "jre 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "processing kit for xml 02-05-/a", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jdk 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "cosminexus application server standard )", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "06-00" }, { "model": "cosminexus application server enterprise 06-50-/f", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "sdk 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 08", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "cosminexus application server enterprise 06-51-/a", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise 06-71-/c", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jre 1.4.2 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0 23", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.1.8" }, { "model": "jre 1.3.1 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "jdk 1.5.0 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jp1/cm2/network node manager starter ed enterprise", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "08-10-01" }, { "model": "sdk 1.4.2 16", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "processing kit for xml 02-05-/b", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-50" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-10" }, { "model": "jre 16", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.3.1 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 18", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "jdk 11", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre .0 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4" }, { "model": "sdk .0 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4" }, { "model": "jre 1.4.2 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.1" }, { "model": "cosminexus application server standard 06-02-/d", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jdk 0 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0 10", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "cosminexus application server enterprise 06-02-/a", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jdk 1.5.0 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "sdk 1.4.2 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.1" }, { "model": "sdk 1.4.2 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "ucosminexus application server standard )", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "06-70" }, { "model": "jdk 1.5.0 24", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 18", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "jre 1.5.0 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk .0 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00-03" }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "cosminexus application server standard 06-02-/c", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jdk 1.5.0 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jp1/cm2/network node manager", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-10" }, { "model": "jre 1.4.2 16", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 17", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "05-00" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.1" }, { "model": "jre 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "jre 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.1" }, { "model": "jre 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jp1/cm2/network node manager starter edition", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "25008-00-02" }, { "model": "jdk 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.1" }, { "model": "sdk .0 4", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4" }, { "model": "sdk 1.4.2 28", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "cosminexus application server standard 06-02-/b", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jdk 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "sdk .0 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4" }, { "model": "sdk 1.4.2 12", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "processing kit for xml", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "02-00" }, { "model": "jre 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "cosminexus application server standard 06-50-/f", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.2.1" }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.4.2 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "cosminexus application server enterprise 06-02-/b", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jre 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "sdk 1.4.2 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jp1/cm2/network node manager starter ed enterprise", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "08-00-01" }, { "model": "jre 1.4.2 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.1" }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00-03" }, { "model": "jre .0 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4" }, { "model": "jre 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "sdk 09", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "cosminexus application server 05-05-/m", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jre 1.5.0 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "cosminexus server web edition", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "-04-01" }, { "model": "jdk 008", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.1.8" }, { "model": "jdk 08", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.3.1 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 18", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "sdk 1.4.2 22", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.7" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00-01" }, { "model": "jre 08", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.2" }, { "model": "jdk 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 12", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "jre 1.6.0 01", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 12", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00-03" }, { "model": "jdk 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-50" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "06-70" }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "sdk 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.3.1 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 12", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4" }, { "model": "jdk 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.5.0 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 22", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.4.2 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre .0 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3" }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "jdk 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "sdk 1.4.2 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-50" }, { "model": "jdk 1.5.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.1" }, { "model": "jre 1.5.0 23", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 09", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "cosminexus application server standard 06-51-/b", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-50-01" }, { "model": "jdk 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "sdk 1.4.2 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 09", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.1.6" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00-01" }, { "model": "jdk 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "cosminexus application server enterprise 06-51-/b", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jre 007", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.2.2" }, { "model": "jre 1.6.0 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 22", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 009", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.1.8" }, { "model": "websphere application server", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "to v6.0 to v6.0.2.43" }, { "model": "websphere application server", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "to v6.1 to v6.1.0.35" }, { "model": "websphere application server", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "to v7.0 to v7.0.0.13" }, { "model": "jdk", "scope": null, "trust": 0.8, "vendor": "sun microsystems", "version": null }, { "model": "jre", "scope": null, "trust": 0.8, "vendor": "sun microsystems", "version": null }, { "model": "sdk", "scope": null, "trust": 0.8, "vendor": "sun microsystems", "version": null }, { "model": "jre 005", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.2.2" }, { "model": "ucosminexus application server enterprise 06-71-/d", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-71-/b", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "device manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1.1-03" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-03-02" }, { "model": "tiered storage manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1.1-00" }, { "model": "device manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.2-01" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-60" }, { "model": "ucosminexus application server standard )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-10" }, { "model": "device manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1.1-00" }, { "model": "cosminexus application server enterprise )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-51" }, { "model": "jre .0 01", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.4" }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "-08-50-04" }, { "model": "cosminexus application server 05-00-/i", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jdk 01-b06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.6" }, { "model": "tiered storage manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.2-00" }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "-08-11" }, { "model": "jdk 003", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.2.1" }, { "model": "ucosminexus application server standard 06-72-/b", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00-02" }, { "model": "device manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1.1-04" }, { "model": "ucosminexus application server enterprise 06-70-/n", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "-08-10-05" }, { "model": "tiered storage manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1.1-01" }, { "model": "jre 12", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.4.2" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00" }, { "model": "cosminexus application server enterprise 06-00-/f", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jp1/cm2/network node manager starter ed enterprise", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-10" }, { "model": "jdk", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.1.8" }, { "model": "device manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.0-06" }, { "model": "cosminexus application server 05-00-/a", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jre 1.5.0.0 09", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "device manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.0-00" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus application server standard 06-71-/g", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "-08-11-03" }, { "model": "jp1/cm2/network node manager starter edition", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "25008-00" }, { "model": "ucosminexus application server enterprise 06-71-/h", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "-08-50-03" }, { "model": "ucosminexus application server standard 06-71-/c", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-71-/a", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "tiered storage manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.2-01" }, { "model": "jdk 06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.2.2" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-10" }, { "model": "device manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1-02" }, { "model": "device manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1.1-04" }, { "model": "cosminexus application server 05-05-/l", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-51" }, { "model": "jre 1.4.2 28", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "device manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.2-01" }, { "model": "cosminexus application server 05-00-/b", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-71-/h", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "processing kit for xml 01-05-/c", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jre 007", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.1.8" }, { "model": "jre 1.3.1 16", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-09" }, { "model": "jdk .0 04", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-09" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-10" }, { "model": "ucosminexus application server standard )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00" }, { "model": "jre 1.3.1 28", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-10" }, { "model": "cosminexus application server 05-05-/j", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jdk 005", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.1.8" }, { "model": "cosminexus application server enterprise 06-51-/e", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-03-02" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-03-02" }, { "model": "jre", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.3" }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-51" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00-02" }, { "model": "replication manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.2-00" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-10-01" }, { "model": "cosminexus application server 05-00-/c", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-09" }, { "model": "jre 1.3.1 15", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "replication manager software )", "scope": "ne", "trust": 0.6, "vendor": "hitachi", "version": "7.3-00" }, { "model": "ucosminexus application server standard 06-70-/n", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "device manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1.1-00" }, { "model": "ucosminexus application server standard 06-72-/d", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "device manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.2-02" }, { "model": "cosminexus application server standard 06-51-/d", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jdk 1.5.0.0 08", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre .0 04", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.3" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-10" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-71" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-10" }, { "model": "device manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1-00" }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-02" }, { "model": "jdk 006", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.2.2" }, { "model": "processing kit for xml 02-00-/d", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "device manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.2-00" }, { "model": "ucosminexus service platform )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00" }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "-08-51" }, { "model": "processing kit for xml )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "02-05" }, { "model": "jp1/cm2/snmp system observer", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00" }, { "model": "jdk 05", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.2.2" }, { "model": "cosminexus application server enterprise 06-51-/c", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jdk 007", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.1.8" }, { "model": "device manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1-02" }, { "model": "ucosminexus application server standard 06-70-/h", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-02" }, { "model": "jre b 07", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.1.7" }, { "model": "jdk .0 03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0 12", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "replication manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1-01" }, { "model": "ucosminexus application server enterprise 06-71-/g", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-00-/i", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "replication manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1-00" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00-02" }, { "model": "jdk 10", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.3.1 17", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 12", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.2.2" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-09" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-03-02" }, { "model": "jre 1.6.0 2", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "tiered storage manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1-01" }, { "model": "cosminexus application server standard 06-51-/c", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-00-/h", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise 06-00-/g", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-09" }, { "model": "cosminexus application server enterprise 06-51-/d", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jre 1.4.2 27", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 11", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 07-b03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "tiered storage manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1.1-00" }, { "model": "jdk 06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-71" }, { "model": "jre b 007", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.1.7" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-10" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-03-02" }, { "model": "jre 01", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.3" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00-02" }, { "model": "cosminexus application server standard 06-02-/f", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-05-/o", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "device manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1-03" }, { "model": "device manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1-00" }, { "model": "jp1/cm2/network node manager starter edition", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "25008-10" }, { "model": "jre 1.5.0.0 08", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "cosminexus application server enterprise 06-02-/e", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jdk 002", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.1.8" }, { "model": "jre 1.3.1 19", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 008", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.1.8" }, { "model": "processing kit for xml", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "02-05" }, { "model": "tiered storage manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.2-00" }, { "model": "jp1/cm2/network node manager starter ed enterprise", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00" }, { "model": "jdk 1.5.0.0 12", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-10" }, { "model": "jre 1.3.1 18", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "ucosminexus application server standard 06-71-/d", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jdk 004", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.2.2" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-10-01" }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-51" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-03-02" }, { "model": "tiered storage manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1-00" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-03-02" }, { "model": "jdk 009", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.1.6" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00" }, { "model": "cosminexus application server enterprise 06-02-/f", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise 06-70-/b )", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jdk 004", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.2.1" }, { "model": "ucosminexus application server standard )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-60" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-10-06" }, { "model": "ucosminexus application server enterprise 06-71-/a", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise 06-00-/h", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jdk b 007", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.1.7" }, { "model": "jdk 1.5.0.0 09", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "cosminexus application server standard 06-00-/g", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-00-/f", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "tiered storage manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1-00" }, { "model": "tiered storage manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1.1-01" }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "-08-50" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-03-02" }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "-08-10-06" }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "-08-10" }, { "model": "device manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.2-02" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-09" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-09" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00-02" }, { "model": "cosminexus application server enterprise 06-00-/i", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "device manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.2-00" }, { "model": "jdk 1.5.0.0 11", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 11-b03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-09" }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "-08-11-04" }, { "model": "tiered storage manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1-01" }, { "model": "jre 012", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.2.2" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-10" }, { "model": "jre 005", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.1.8" }, { "model": "cosminexus application server enterprise )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-50" }, { "model": "cosminexus application server standard )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-50" }, { "model": "cosminexus application server standard 06-02-/e", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-05-/k", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "tiered storage manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.2-01" }, { "model": "cosminexus application server standard 06-51-/e", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jre 1.5.0.0 07", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 01", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 009", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.1.8" }, { "model": "jre 1.6.0 20", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "tivoli dynamic workload broker", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "virtual i/o server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "cosminexus developer professional 06-02-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jboss enterprise web server for rhel es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "41.0" }, { "model": "tiered storage manager software", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-08" }, { "model": "cosminexus application server 05-00-/m", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6" }, { "model": "ucosminexus application server standard )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "processing kit for xml 01-07-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "jp1/hicommand tiered storage manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-50" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "cognos business intelligence fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "88.4.1" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.4" }, { "model": "cosminexus developer light 06-50-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "device manager software (linux(sles", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "7.1.0-00" }, { "model": "processing kit for xml 01-07-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli netcool omnibus web gui", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0" }, { "model": "device manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.1-02" }, { "model": "cosminexus application server 05-02-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise 06-72-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "enterprise linux as extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "replication manager software (linux(rhel", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.1-01" }, { "model": "cognos workforce performance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "ucosminexus developer professional 06-70-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-08-50-02" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-02" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.17" }, { "model": "cosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-02" }, { "model": "network node manager i", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.1" }, { "model": "cosminexus developer 05-05-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "db2 fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.55" }, { "model": "ucosminexus developer standard 06-70-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer light 06-00-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cognos customer performance analytics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "cosminexus developer 05-05-/j", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.19" }, { "model": "ucosminexus application server enterprise 06-70-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-08-50-01" }, { "model": "cosminexus server web edition 04-00-/a", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer light 06-00-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-50-/c (solari", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/cm2/network node manager starter ed enterprise (hp-ux(pa-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00-02" }, { "model": "cosminexus developer light 06-02-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-03-03" }, { "model": "tivoli workload scheduler", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "provisioning manager software (solaris(sp", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0.0-00" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "systemwalker availability view enterprise edition 13.3.0a", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "os/400 v5r4m0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "device manager software (linux(sles", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-08" }, { "model": "cosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-50" }, { "model": "cosminexus developer standard 06-51-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.1" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.107" }, { "model": "cosminexus application server enterprise 06-02-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-00-/r", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-02" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "7.0.5" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-01" }, { "model": "tivoli netcool performance manager for wireless", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.2" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-72" }, { "model": "tiered storage manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0.0-00" }, { "model": "tiered storage manager software (solaris(sp", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0.0-00" }, { "model": "cosminexus developer professional 06-51-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand replication monitor", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-50-01" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.1" }, { "model": "cognos mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "tivoli foundations for application manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "cosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-50" }, { "model": "cosminexus application server standard 06-51-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "hp-ux web server suite", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "3.14" }, { "model": "linux enterprise sdk sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "cosminexus developer 05-05-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.18" }, { "model": "openvms secure web server", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.2" }, { "model": "cosminexus application server 05-01-/k", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer light 06-50-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jboss enterprise soa platform", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5.0.2" }, { "model": "jboss enterprise portal platform", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5.1.0" }, { "model": "cosminexus developer standard 06-51-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.35" }, { "model": "tivoli composite application manager for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "jre b", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.7" }, { "model": "ucosminexus developer standard 06-71-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.14" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "7.0.3" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.0" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-03" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-03" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20" }, { "model": "jp1/hicommand tiered storage manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-30" }, { "model": "cosminexus developer light 06-51-/k", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2009.0" }, { "model": "tivoli workload scheduler", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3" }, { "model": "websphere application server community edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1.4" }, { "model": "jre .0 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-01" }, { "model": "linux armel", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "jp1/hicommand provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-30" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.22" }, { "model": "ucosminexus developer light 06-71-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli enterprise console", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "jdk 1.5.0 11", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "cosminexus developer professional 06-00-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.128" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-10" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-01" }, { "model": "jdk 09", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.8" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.6" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5" }, { "model": "it operations director", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-50-06" }, { "model": "cosminexus application server enterprise 06-50-c (solaris", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "jrockit r28.0.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "ucosminexus client 06-70-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jre 12", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.8" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "cosminexus application server standard 06-51-/k", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli netcool performance manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.1" }, { "model": "cognos impromptu web reports", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-02" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-10" }, { "model": "jdk 1.5.0.0 06", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.3" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.1" }, { "model": "cosminexus developer standard 06-00-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer standard 06-02-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/cm2/network node manager starter edition enterprise hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-10-02" }, { "model": "reflection for secure it unix server sp1", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "7.0" }, { "model": "cosminexus developer professional 06-00-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand tiered storage manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-00" }, { "model": "interstage application server standard-j edition 9.1.0b", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50" }, { "model": "device manager software (solaris", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.1-00(x64))" }, { "model": "cosminexus developer light 06-02-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "conferencing standard edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "openvms secure web server", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3-2" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.18" }, { "model": "tru64 unix 5.1b-4", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.2" }, { "model": "vcenter update manager update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.11" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.2" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.10" }, { "model": "ucosminexus developer standard 06-70-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.11" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.5" }, { "model": "cosminexus developer professional 06-51-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "7.0.1" }, { "model": "vcenter update manager", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "cognos express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "tuning manager software", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "7.1.0-00" }, { "model": "jrockit r28.1.1", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "tivoli dynamic workload console", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "identity manager remote loader", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "3.6.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "cosminexus application server standard 06-51-/j", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-30" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-03-03" }, { "model": "jp1/hicommand tuning manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "processing kit for xml )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-00" }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-02" }, { "model": "tivoli workload scehdule z/os connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "cosminexus studio web edition 04-01-/a", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tuning manager software )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.401" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.126" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "cosminexus developer 05-05-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer professional 06-70-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "esx", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10-01" }, { "model": "ucosminexus client 06-70-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.5" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.018" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.019" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "enterprise linux hpc node optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "cosminexus developer professional 06-00-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.6" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.22" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-02" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-01" }, { "model": "identity manager roles based provisioning module", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "3.6.1" }, { "model": "systems insight manager sp2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.2" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.23" }, { "model": "cosminexus developer professional 06-00-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk 1.5.0 11-b03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "tivoli network manager ip edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.8" }, { "model": "cosminexus developer light 06-00-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-02-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "nonstop server", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6" }, { "model": "provisioning manager software (solaris(sp", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-07" }, { "model": "cosminexus developer 05-05-/o", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "reflection for secure it windows server sp1", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "7.0" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10-06" }, { "model": "jre 007", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.6" }, { "model": "replication manager software -00 )", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "7.3" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "cosminexus developer professional 06-02-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise 06-50-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer professional 06-70-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.25" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.0" }, { "model": "systems insight manager sp3", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-60" }, { "model": "ucosminexus client 06-70-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "ucosminexus developer standard 06-71-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-03" }, { "model": "jre 15", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.1" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2009.0" }, { "model": "tiered storage manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-07" }, { "model": "cosminexus developer light 06-51-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "openvms secure web server", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3-1" }, { "model": "jp1/hicommand replication monitor", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "jboss enterprise web platform for rhel server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "55" }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-40" }, { "model": "tiered storage manager software (solaris(sp", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-07" }, { "model": "cosminexus developer light 06-00-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer light 06-50-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jboss enterprise web platform for rhel 4as", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "cosminexus developer professional 06-51-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-10" }, { "model": "jdk 04", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3" }, { "model": "ucosminexus service platform )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "tiered storage manager software (linux(rhel", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "7.1.0-00" }, { "model": "ucosminexus developer light 06-70-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus client 06-51-/k", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "device manager software (solaris", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0-00(x64))" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.10" }, { "model": "global link manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.1-01" }, { "model": "ewas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.138" }, { "model": "cosminexus developer 05-01-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "db2 fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.18" }, { "model": "cosminexus developer 05-01-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli management framework", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.1" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.3.1" }, { "model": "cosminexus application server enterprise 06-51-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-60" }, { "model": "cosminexus developer light 06-51-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "hp-ux web server suite", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "2.33" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.4" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-05" }, { "model": "cosminexus application server enterprise 06-51-/k", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli federated identity manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.1" }, { "model": "jp1/cm2/network node manager starter ed enterprise hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00-03" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.14" }, { "model": "jre 07", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.1" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-09" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.30" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.3" }, { "model": "tuning manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.2-00" }, { "model": "cosminexus developer 05-01-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-01" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-80" }, { "model": "reflection for secure it unix client", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "7.2" }, { "model": "cosminexus developer light 06-51-/j", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tiered storage manager software (linux(rhel", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-08" }, { "model": "jp1/cm2/network node manager starter edition (hp-ux(pa-risc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "25008-10" }, { "model": "cosminexus developer 05-01-/k", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10-01" }, { "model": "cosminexus developer professional 06-00-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "linux enterprise java sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "jre 009", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.6" }, { "model": "jre 1.5.0 08", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "cosminexus developer light 06-51-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-02" }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-03" }, { "model": "jp1/hicommand provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-90" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.2" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.13" }, { "model": "cognos planning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.15" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "5" }, { "model": "desktop extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "ucosminexus application server enterprise 06-70-/a (windows(ip", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-02" }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-05" }, { "model": "jre b 005", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.7" }, { "model": "tiered storage manager software (linux(sles", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "7.1.0-00" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.29" }, { "model": "jboss enterprise application platform for rhel 4as", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "websphere application server community edition", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.1.1.5" }, { "model": "tuning manager software )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.2-00" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "tivoli configuration manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.3" }, { "model": "cognos business intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "cosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-50" }, { "model": "jdk update21", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-01" }, { "model": "systems insight manager sp1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "jre 11", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.2.2" }, { "model": "device manager software (linux(rhel", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.1-02" }, { "model": "replication manager software (linux(rhel", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.0-00" }, { "model": "network node manager i", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.1" }, { "model": "esx patch esx400-201", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "tiered storage manager software (linux(rhel", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.2.0-00" }, { "model": "netcool/omnibus fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.020" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.8" }, { "model": "cosminexus application server 05-01-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional 06-51-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.20" }, { "model": "cosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-51" }, { "model": "conferencing standard edition", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "identity manager designer", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "4.0" }, { "model": "cosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-00" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50" }, { "model": "cosminexus developer 05-05-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jre 21", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.7" }, { "model": "linux enterprise java sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-05" }, { "model": "tivoli directory server 6.1.0.5-tiv-itds-if0", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.56" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-09" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.115" }, { "model": "ewas", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.139" }, { "model": "tomcat beta", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "7.0" }, { "model": "tivoli workload scheduler", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "cosminexus developer professional 06-50-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.102" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "systemwalker availability view enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "13.3" }, { "model": "websphere mq file transfer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.2" }, { "model": "cosminexus studio 05-00-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-00-/l", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer professional 06-71-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-09" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.15" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "device manager software (linux(sles", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.3.0-00" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "systemwalker it process master standard edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "13.3.1" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.103" }, { "model": "device manager software )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.1-03" }, { "model": "ucosminexus developer professional 06-71-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-02" }, { "model": "linux m68k", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "tiered storage manager software (linux(rhel", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-07" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10-01" }, { "model": "db2 fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.56" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "cosminexus developer standard 06-50-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-05" }, { "model": "jrockit r27.6.0-50", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.5.015" }, { "model": "jp1/hicommand tuning manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-50" }, { "model": "cosminexus application server 05-02-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-50" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.55" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.3" }, { "model": "jdk 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6" }, { "model": "reflection suite for", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "x2011" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.7" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "cosminexus studio 05-01-/l", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "hp-ux web server suite", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.32" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.6" }, { "model": "ucosminexus application server enterprise 06-70-/a linux )", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jrockit r27.6.5", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "sdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.222" }, { "model": "jdk 03", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3" }, { "model": "device manager software", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-08" }, { "model": "cics transaction gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-02" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.5" }, { "model": "ucosminexus developer professional 06-70-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "systems insight manager sp1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "jboss enterprise application platform el4", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4.3" }, { "model": "processing kit for xml 02-00-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.4" }, { "model": "ucosminexus application server enterprise 06-71-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer light 06-71-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer professional 06-71-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.21" }, { "model": "linux enterprise server sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.3.1" }, { "model": "cosminexus application server standard 06-50-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise 06-51-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.6" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "vcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.03" }, { "model": "global link manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.5-00" }, { "model": "rational clearcase", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.2" }, { "model": "cosminexus application server enterprise 06-50-/c (hp-ux(", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-70-/l", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional 06-00-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk 14", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.4" }, { "model": "cosminexus application server 05-02-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.2" }, { "model": "device manager software (linux(rhel", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-07" }, { "model": "cosminexus developer standard 06-50-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cognos supply chain performance analytics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.27" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.105" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-09" }, { "model": "global link manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "tomcat", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "7.0.8" }, { "model": "ucosminexus application server enterprise 06-70-/m", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cognos mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "network satellite server (for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5)5.4" }, { "model": "tivoli federated identity manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "systems insight manager sp5", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "jre 10", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.8" }, { "model": "tuning manager software )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.001" }, { "model": "tivoli composite application manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.3" }, { "model": "jdk update24", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "cosminexus application server 05-02-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk 02", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3" }, { "model": "tru64 unix pk6", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.1.0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.5" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.9" }, { "model": "jp1/hicommand provisioning manager )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-10" }, { "model": "tiered storage manager software", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "7.1.0-00" }, { "model": "device manager software (linux(sles", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-07" }, { "model": "enterprise linux desktop supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "jp1/cm2/network node manager starter edition enterprise hp-ux pa-ri", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-10-02" }, { "model": "cosminexus application server 05-01-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand replication monitor", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-50-02" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.3" }, { "model": "replication manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0.0-00" }, { "model": "jre 21", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.1" }, { "model": "db2 fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.19" }, { "model": "cosminexus developer standard 06-51-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "os/400 v6r1m0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "cosminexus developer standard 06-02-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional 06-50-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "replication manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.2-00" }, { "model": "jdk 1.5.0.0 04", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "interstage business application server standard edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-71" }, { "model": "tivoli foundations for application manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2" }, { "model": "db2 fix pack 3a", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "db2 fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.110" }, { "model": "jp1/hicommand tiered storage manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-20" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.6" }, { "model": "cognos business viewpoint", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "jboss enterprise application platform for rhel server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "55" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-02" }, { "model": "cosminexus developer 05-01-/j", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-05" }, { "model": "cosminexus developer light 06-51-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli federated identity manager", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.2.0.9" }, { "model": "cognos business intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "88.4.1" }, { "model": "hp-ux web server suite", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.13" }, { "model": "tuning manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.1-00" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.04" }, { "model": "processing kit for xml", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "01-07" }, { "model": "cosminexus developer 05-01-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand tuning manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-00" }, { "model": "ucosminexus client 06-71-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-10" }, { "model": "tuning manager software (solaris(sp", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-03" }, { "model": "enterprise linux for sap server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "jp1/hicommand tiered storage manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-50-02" }, { "model": "jp1/hicommand replication monitor", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-30" }, { "model": "tru64 unix b-3", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.1.0" }, { "model": "processing kit for xml 02-00-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer standard 06-00-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "runtimes for java technology", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.2" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.5" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.013" }, { "model": "jdk 1.3.1 20", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "tiered storage manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.0-00" }, { "model": "cosminexus developer 05-05-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer light 06-00-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tiered storage manager software (solaris(sp", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.0-00" }, { "model": "cosminexus developer light 06-51-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "enterprise server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "jdk 07", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "vcenter update manager", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "cosminexus studio 05-05-/q", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "access manager", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "3.1" }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-08-10-04" }, { "model": "cosminexus developer professional 06-00-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-00-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "replication manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.1-01" }, { "model": "cosminexus developer light 06-00-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10-01" }, { "model": "jre 07", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.2.2" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.1" }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.52" }, { "model": "tuning manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "jp1/cm2/network node manager starter edition hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "25008-00-03" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1" }, { "model": "cosminexus application server 05-00-/p", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer 05-05-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-20" }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.2" }, { "model": "provisioning manager software (linux(sles", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.3.0-00" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-01" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.4" }, { "model": "jdk update13", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.5" }, { "model": "tivoli netcool portal", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1" }, { "model": "jp1/hicommand replication monitor", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-00" }, { "model": "ucosminexus application server standard 06-70-/a (windows(ip", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.12" }, { "model": "jp1/cm2/network node manager starter ed enterprise (hp-ux(pa-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00-01" }, { "model": "tivoli directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3" }, { "model": "esx", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "tivoli workload scheduler", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "cognos metrics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "jrockit r28.0.1", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "tivoli netview for z/os", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.4.0" }, { "model": "jdk update19", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "processing kit for xml 01-05-/b (windows(en", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.21" }, { "model": "cosminexus developer light 06-02-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli federated identity manager business gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.1" }, { "model": "linux enterprise desktop sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-02" }, { "model": "jp1/hicommand replication monitor", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-40" }, { "model": "cosminexus developer 05-05-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-51" }, { "model": "jp1/hicommand replication monitor", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-10" }, { "model": "cosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-00" }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-60-01" }, { "model": "jp1/hicommand provisioning manager (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-30" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.30" }, { "model": "reflection", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "x2011" }, { "model": "ucosminexus developer light 06-71-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli netcool portal", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.2" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.16" }, { "model": "totalstorage ds8300", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.1" }, { "model": "cosminexus developer standard 06-50-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-00" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.31" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.3" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.31" }, { "model": "virtualcenter 2.5.update build", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "31" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-02" }, { "model": "cosminexus developer light 06-50-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jboss enterprise web server for rhel as", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "41.0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.30" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.14" }, { "model": "cosminexus developer professional 06-02-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-71" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.19" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.117" }, { "model": "cics transaction gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.10" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "virtualcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5" }, { "model": "jrockit r27.6.7", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "device manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-07" }, { "model": "jdk b", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.7" }, { "model": "jp1/cm2/network node manager starter ed enterprise (hp-ux(pa-risc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-10" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-10" }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "ucosminexus developer standard 06-71-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jre 10-b03", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "jrockit r27.6.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-08-10-02" }, { "model": "cosminexus developer professional 06-51-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tru64 unix b-4", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.1.0" }, { "model": "jre 07", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "jp1/hicommand tiered storage manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-40" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.8" }, { "model": "cosminexus developer professional 06-02-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.23" }, { "model": "jp1/hicommand tiered storage manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-10" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.1" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.4" }, { "model": "cosminexus developer light 06-00-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.10" }, { "model": "replication manager software", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "7.3.0-00" }, { "model": "cosminexus application server 05-01-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.11" }, { "model": "jp1/cm2/network node manager starter ed enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-10" }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-08-10-03" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.13" }, { "model": "cosminexus application server 05-01-/j", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tuning manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0" }, { "model": "tivoli storage manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "cosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-51" }, { "model": "cognos planning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "jp1/cm2/network node manager starter edition (hp-ux(pa-risc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "25008-00" }, { "model": "aura conferencing sp1 standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.17" }, { "model": "provisioning manager software (linux(sles", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-07" }, { "model": "jp1/cm2/network node manager starter edition hp-ux(pa-ri", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "25008-10-12" }, { "model": "ucosminexus client 06-71-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-00" }, { "model": "tivoli netcool reporter", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-02" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20" }, { "model": "cics transaction gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-12" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10-08" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.2" }, { "model": "processing kit for xml", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "01-00" }, { "model": "linux enterprise desktop sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "tiered storage manager software (linux(rhel", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.0-00" }, { "model": "jp1/performance management web console", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "tuning manager software", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-03" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-03" }, { "model": "jre 04", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3" }, { "model": "ucosminexus developer professional 06-71-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus client 06-71-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "provisioning manager software (linux(rhel", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-07" }, { "model": "jdk 02", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "reflection for secure it unix client", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "6.0" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50" }, { "model": "rational clearquest", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.2" }, { "model": "provisioning manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-07" }, { "model": "ucosminexus developer professional 06-71-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "enterprise linux desktop optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux hpc node supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "ucosminexus developer standard 06-70-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "it operations analyzer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-51" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "tuning manager software )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0" }, { "model": "jdk update17", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "ucosminexus developer professional 06-70-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/cm2/network node manager i", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.26" }, { "model": "cosminexus developer 05-05-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-10" }, { "model": "runtimes for java technology sr12 fp", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.04" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.119" }, { "model": "sdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.221" }, { "model": "sdk 02", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.8" }, { "model": "cosminexus application server standard 06-51-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-72(*1)" }, { "model": "tivoli composite application manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.1" }, { "model": "hp-ux web server suite", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.12" }, { "model": "cosminexus developer standard 06-50-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk 0 03", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "cognos query", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4" }, { "model": "cosminexus developer professional 06-50-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "jdk update20", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "jp1/cm2/snmp system observer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "jp1/serverconductor/control manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "7.0.2" }, { "model": "openvms secure web server", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.1-1" }, { "model": "cosminexus developer professional 06-51-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "aura conferencing standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "tiered storage manager software (solaris(sp", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-08" }, { "model": "cognos finance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "jp1/cm2/network node manager starter edition windows", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "25008-00-03" }, { "model": "ucosminexus application server standard 06-70-/m", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus client 06-00-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-00-/s", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "ucosminexus application server enterprise 06-72-/b )", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "linux enterprise for sap applications sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "device manager software (solaris(sp", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-07" }, { "model": "linux hppa", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-02" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.3" }, { "model": "replication manager software (solaris(sp", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0.0-00" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-60" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0.4" }, { "model": "global link manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.2-00" }, { "model": "processing kit for xml", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "jdk 20", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.1" }, { "model": "jp1/hicommand replication monitor", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-50-03" }, { "model": "cosminexus developer light 06-50-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "device manager software (linux(rhel", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.0-00" }, { "model": "vcenter update", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "4.12" }, { "model": "cosminexus developer 05-05-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise 06-70-/o", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer 05-01-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional 06-02-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer standard 06-00-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jboss enterprise soa platform cp04", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4.3" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.04" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.06" }, { "model": "tivoli workload scheduler for applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "cosminexus developer 05-05-/l", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cognos powerplay", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "sdk 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "processing kit for xml (windows(engli", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "01-05" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-01" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "tivoli netcool performance manager technology pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "jp1/hicommand provisioning manager (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-90" }, { "model": "jre 1.5.0 09-b03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "systems insight manager sp2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "job management partner 1/performance management web console", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.1" }, { "model": "device manager software (linux(sles", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.0-00" }, { "model": "device manager software )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0-06" }, { "model": "tivoli federated identity manager business gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "cosminexus developer standard 06-51-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "cosminexus developer light 06-02-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3" }, { "model": "cosminexus developer light 06-02-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli configuration manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.1" }, { "model": "device manager software (solaris", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.1.1-04(x64))" }, { "model": "linux enterprise sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "rational clearcase", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.5" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-03-03" }, { "model": "device manager software (linux(rhel", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-08" }, { "model": "jboss enterprise web server for rhel server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "51.0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-01" }, { "model": "jdk 13", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.8" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.12" }, { "model": "cosminexus application server 05-01-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "provisioning manager software (linux(rhel", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-08" }, { "model": "tuning manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.2-01" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.10" }, { "model": "jdk 08", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.1" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-02" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20" }, { "model": "identity manager analyzer", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "1.2" }, { "model": "esx", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.5" }, { "model": "openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-05" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.27" }, { "model": "reflection for secure it unix server sp1", "scope": "ne", "trust": 0.3, "vendor": "attachmate", "version": "7.2" }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.54" }, { "model": "systems insight manager sp1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-70" }, { "model": "tivoli federated identity manager business gateway", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.2.0.9" }, { "model": "identity manager designer", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "3.5.1" }, { "model": "openvms secure web server", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "jrockit r27.1.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "application manager for smart business", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.1" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-03-03" }, { "model": "ucosminexus application server standard 06-70-/k", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer standard 06-71-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.18" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.4" }, { "model": "device manager software )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0-00" }, { "model": "cosminexus application server standard 06-51-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand tiered storage manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-90" }, { "model": "device manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "jboss enterprise application platform el5", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4.3" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-60" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.127" }, { "model": "jre 18", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.1" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.111" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.31" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.118" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "cosminexus studio 05-05-/p", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "provisioning manager software (linux(rhel", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0.0-00" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.124" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "interstage software quality analyzer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "10.0" }, { "model": "device manager software", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "7.1.0-00" }, { "model": "jrockit r27.6.6", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.96" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.012" }, { "model": "jp1/hicommand tuning manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-20" }, { "model": "jre 05a", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.2.2" }, { "model": "it operations analyzer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-51-01" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.16" }, { "model": "tuning manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.402" }, { "model": "jrockit r27.6.8", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "cosminexus developer light 06-51-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "netcool/omnibus fix pack", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.3.120" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.19" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.33" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.5" }, { "model": "tiered storage manager software (linux(sles", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.1-02" }, { "model": "tomcat", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "6.0.32" }, { "model": "jre 003", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.2.2" }, { "model": "jdk 15", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.8" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-02" }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "ucosminexus application server enterprise hp-ux )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "cosminexus developer professional 06-51-/j", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-01-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jboss enterprise application platform for rhel 4es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "ucosminexus developer light 06-70-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "linux alpha", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "ucosminexus developer light 06-70-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "linux enterprise server sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "reflection for secure it windows server sp1", "scope": "ne", "trust": 0.3, "vendor": "attachmate", "version": "7.2" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.17" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-71" }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-08-11-02" }, { "model": "ucosminexus application server enterprise hp-ux )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "jre 099", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.8" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.12" }, { "model": "jp1/cm2/network node manager starter edition enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-10-02" }, { "model": "tiered storage manager software (linux(sles", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.3.0-00" }, { "model": "jre beta", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-01" }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-08-51-01" }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-70" }, { "model": "cognos visualizer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.11" }, { "model": "cosminexus developer light 06-02-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer light 06-02-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "it operations director", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-50-01" }, { "model": "jrockit r27.6.4", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "cognos financial performance analytics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "tivoli storage productivity center fix pack", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.2.14" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.2" }, { "model": "cosminexus developer 05-01-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.015" }, { "model": "jp1/hicommand replication monitor", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-20" }, { "model": "cosminexus developer standard 06-00-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer light 06-51-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer 05-01-/l", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.106" }, { "model": "cosminexus studio web edition 04-00-/a", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cognos powerplay", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "cosminexus developer 05-05-/q", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/cm2/network node manager starter edition )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "25008-10" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "sdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.219" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "cosminexus application server 05-01-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cognos noticecast", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.125" }, { "model": "sentinel support pack", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "6.12" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-01" }, { "model": "cosminexus developer standard 06-51-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli storage manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "cosminexus application server standard 06-50-/c (hp-ux(", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "7.0.4" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "db2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-01" }, { "model": "systems insight manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "cosminexus application server 05-00-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jre", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.6" }, { "model": "device manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.0-00" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "jdk 1.4.2 11", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "jp1/hicommand tuning manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-30" }, { "model": "jp1/hicommand replication monitor", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-60-01" }, { "model": "jre 14", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.8" }, { "model": "ucosminexus developer light 06-70-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/cm2/network node manager starter edition solaris", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "25008-00-03" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.2" }, { "model": "jre 13", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.8" }, { "model": "ucosminexus application server enterprise 06-70-/g )", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/automatic job management system web operation assistant", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "3-0" }, { "model": "jdk 12", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.8" }, { "model": "tivoli directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "enterprise linux workstation optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "cognos metrics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-03-03" }, { "model": "jp1/it resource management-manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "ucosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-70" }, { "model": "cosminexus developer professional 06-51-/k", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand replication monitor", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-00" }, { "model": "reflection for secure it windows server", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "7.2" }, { "model": "jdk 11", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.8" }, { "model": "jp1/cm2/network node manager starter ed enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "jp1/cm2/network node manager starter edition (hp-ux(pa-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "25008-00-02" }, { "model": "provisioning manager software", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-08" }, { "model": "jdk update23", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "linux enterprise server sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.12" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.03" }, { "model": "cognos web services", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.16" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.6" }, { "model": "jre 28", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "device manager software (solaris(sp", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "7.1.0-00" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-72" }, { "model": "cosminexus studio standard edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "4" }, { "model": "db2 fixpak", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.55" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.4" }, { "model": "db2 fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.51" }, { "model": "cosminexus developer standard 06-50-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-01" }, { "model": "tiered storage manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.9" }, { "model": "cosminexus application server 05-00-/q", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/cm2/network node manager starter ed enterprise (hp-ux(pa-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-10-01" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "reflection for secure it unix server", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "6.0" }, { "model": "global link manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.1-00" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.24" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "cosminexus developer professional 06-00-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "sentinel support pack h", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "6.12" }, { "model": "replication manager software (linux(sles", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.0-00" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus application server standard 06-70-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli netcool performance manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3" }, { "model": "cosminexus client 06-50-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tiered storage manager software (linux(sles", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-07" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-01" }, { "model": "ucosminexus developer light 06-70-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer light 06-71-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer light 06-70-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "device manager software (solaris", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.1-02(x64))" }, { "model": "cosminexus developer 05-05-/p", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "jdk 01a", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.1" }, { "model": "linux mipsel", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux enterprise teradata sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "jp1/hicommand tuning manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-40" }, { "model": "jndi", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.2.1" }, { "model": "jdk 0 09", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "device manager software (solaris(sp", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-08" }, { "model": "jp1/cm2/network node manager starter ed enterprise pa-risc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00-03" }, { "model": "jp1/hicommand tuning manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-10" }, { "model": "jp1/hicommand tiered storage manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-00" }, { "model": "ucosminexus developer standard 06-70-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-05" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.19" }, { "model": "cosminexus developer standard 06-00-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "interstage job workload server", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.1" }, { "model": "provisioning manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0.0-00" }, { "model": "cosminexus developer standard 06-51-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "cognos business intelligence fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "88.4.1" }, { "model": "jre 04", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.1" }, { "model": "ucosminexus developer standard 06-70-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk 099", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.8" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.021" }, { "model": "jre 006", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.2.2" }, { "model": "enterprise linux server optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.29" }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-60" }, { "model": "tuning manager software )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.1-00" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "tivoli enterprise console", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.9" }, { "model": "linux enterprise java sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-05" }, { "model": "cognos now!", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "processing kit for xml 01-05-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer 05-05-/n", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "db2 fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.73" }, { "model": "cosminexus application server 05-00-/n", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer professional 06-71-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli netview for z/os", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.0" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.6" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-01" }, { "model": "db2 fixpak", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.52" }, { "model": "hp-ux web server suite", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.31" }, { "model": "cosminexus developer 05-01-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli storage productivity center", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.2.1.185" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.07" }, { "model": "reflection for secure it unix server", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "7.2" }, { "model": "jdk update25", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "cosminexus developer standard 06-00-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.51" }, { "model": "jdk 04", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.1" }, { "model": "replication manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "replication manager software (linux(sles", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.1-01" }, { "model": "job management partner 1/automatic job management system web", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "2-0" }, { "model": "jdk 1.6.0 01-b06", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "cosminexus application server 05-00-/j", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "rational clearquest", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.5" }, { "model": "linux lpia", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.10" }, { "model": "device manager software (solaris(sp", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.0-00" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-08-10-01" }, { "model": "ucosminexus client 06-71-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer light 06-51-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-01" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.017" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "7.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.32" }, { "model": "provisioning manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "jdk 1.5.0.0 03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-10" }, { "model": "cosminexus developer standard 06-50-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "sdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.227" }, { "model": "cosminexus application server standard 06-50-/g (aix", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "vcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.11" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.1" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.13" }, { "model": "cosminexus developer standard 06-51-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.11" }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-50" }, { "model": "sdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.224" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "cosminexus developer standard 06-02-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "novell linux pos", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.27" }, { "model": "tivoli integrated portal", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.1.115" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.8" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-71" }, { "model": "cosminexus studio web edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-04-01" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.15" }, { "model": "jdk 10", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.8" }, { "model": "ucosminexus developer light 06-71-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk update18", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "tiered storage manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.1-02" }, { "model": "ucosminexus application server standard 06-72-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "device manager software (solaris", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.1.1-00(x64))" }, { "model": "interstage application server enterprise edition 9.1.0b", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10-1" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.28" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.20" }, { "model": "identity manager roles based provisioning module", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "3.7" }, { "model": "cosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0" }, { "model": "tivoli federated identity manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.1.2" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-10" }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "interstage application server enterprise edition b", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0.1" }, { "model": "tivoli composite application manager for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "tivoli federated identity manager", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "ucosminexus developer professional 06-71-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jre", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.20" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "job management partner 1/automatic job management system web", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "3-0" }, { "model": "ucosminexus developer standard 06-70-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "identity manager", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "3.6.1" }, { "model": "jp1/hicommand tiered storage manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-50-01" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "5.0" }, { "model": "it operations director", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "02-50-07" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.112" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0" }, { "model": "vcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.01" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.6" }, { "model": "tuning manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.401" }, { "model": "cosminexus developer standard 06-00-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer standard 06-02-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "linux enterprise sdk sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "ucosminexus developer professional 06-70-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli netview for z/os", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.0" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.122" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "hp-ux web server suite", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.10" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.4" }, { "model": "device manager software (solaris", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0-06(x64))" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.32" }, { "model": "ucosminexus developer standard 06-71-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-02" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.6" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.24" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "jndi/ldap", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.2.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.2" }, { "model": "db2 fix pack 6a", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "jrockit r27.6.2", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-60" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2" }, { "model": "cosminexus developer professional 06-02-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus studio web edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "4" }, { "model": "db2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "tru64 unix 5.1b-5", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.7" }, { "model": "cognos powerplay", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "jp1/hicommand provisioning manager )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-90" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4" }, { "model": "cosminexus developer standard 06-51-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.25" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-72(*1)" }, { "model": "ucosminexus application server enterprise 06-70-/l", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jre 003", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.2.1" }, { "model": "cosminexus application server enterprise 06-51-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-01-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-02" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.10" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.9" }, { "model": "cognos executive viewer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.13" }, { "model": "cognos real-time monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "cosminexus server web edition 04-01-/a", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "reflection for secure it windows server sp2", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "7.0" }, { "model": "ucosminexus developer light 06-71-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-08-11-01" }, { "model": "interstage service integrator enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "tivoli access manager for e-business", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.1" }, { "model": "jre 27", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "cosminexus developer light 06-00-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.1" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20" }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-08" }, { "model": "tivoli directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.014" }, { "model": "openvms secure web server", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1-1" }, { "model": "cosminexus developer professional 06-02-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6" }, { "model": "open-enterprise-server", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "0" }, { "model": "tiered storage manager software (solaris(sp", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "7.1.0-00" }, { "model": "cosminexus application server enterprise 06-50-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.011" }, { "model": "global link manager software", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "6.6-00" }, { "model": "jrockit r27.6.3", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "cosminexus developer light 06-51-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk update14", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "cosminexus application server 05-02-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.5" }, { "model": "tivoli directory server 6.2.0.3-tiv-itds-if0", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "reflection for secure it unix client sp1", "scope": "ne", "trust": 0.3, "vendor": "attachmate", "version": "7.2" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.121" }, { "model": "processing kit for xml 02-05-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "processing kit for xml 02-00-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "cosminexus developer professional 06-51-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-70-/o", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-72-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50" }, { "model": "device manager software )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.1.1-03" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.28" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-01" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "replication manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.1-00" }, { "model": "device manager software (solaris", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.1.1-03(x64))" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-02" }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-06" }, { "model": "cosminexus developer standard 06-51-/j", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "it operations analyzer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-53" }, { "model": "jp1/hicommand tuning manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-90" }, { "model": "cognos banking risk performance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10-01" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-12" }, { "model": "reflection for secure it unix client sp1", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "7.0" }, { "model": "ucosminexus developer standard 06-71-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cics transaction gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "openvms secure web server", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "jre 004", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.2.2" }, { "model": "cosminexus developer standard 06-51-/k", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "virtualcenter update 6a", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5" }, { "model": "websphere datapower xc10 appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.0.0" }, { "model": "cosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-02" }, { "model": "cosminexus developer 05-00-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional 06-00-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-10" }, { "model": "tivoli storage productivity center for replication", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.2.1.4" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-70" }, { "model": "tiered storage manager software (linux(rhel", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.1-02" }, { "model": "device manager software (linux(rhel", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "7.1.0-00" }, { "model": "cics transaction gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "reflection for the web r3 build", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "2008527" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10-01" }, { "model": "processing kit for xml 02-05-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jre 17", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.3" }, { "model": "cosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6" }, { "model": "tivoli federated identity manager", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.2.14" }, { "model": "jre 1.5.0 09", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "jp1/hicommand tuning manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-50" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.10" }, { "model": "enterprise linux ws extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "jp1/cm2/snmp system observer )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "business availability center", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.55" }, { "model": "jp1/hicommand tiered storage manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux enterprise server", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "9" }, { "model": "esx server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.0.3" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20" }, { "model": "enterprise linux es extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "tivoli netcool performance manager for wireless", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.010" }, { "model": "jp1/hicommand replication monitor", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-90" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-05" }, { "model": "jp1/cm2/network node manager i advanced", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.7" }, { "model": "systems insight manager update", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.31" }, { "model": "cosminexus application server 05-00-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer standard 06-71-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.26" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus application server standard 06-70-/b )", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer 05-05-/m", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "global link manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.2-01" }, { "model": "sdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.223" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.123" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-09" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "ucosminexus application server enterprise 06-72-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-05" }, { "model": "cosminexus application server standard 06-50-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jre 003", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.8" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-01" }, { "model": "db2 fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.72" }, { "model": "provisioning manager software (linux(sles", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-08" }, { "model": "vcenter update manager update", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "4.12" }, { "model": "jdk 05", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3" }, { "model": "enterprise server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "ucosminexus application server standard 06-71-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "processing kit for xml 01-05-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-09" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-03-03" }, { "model": "cosminexus developer standard 06-00-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional 06-51-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.116" }, { "model": "jp1/cm2/network node manager starter ed enterprise solaris", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00-03" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-01" }, { "model": "ucosminexus application server enterprise hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10-01" }, { "model": "cosminexus client 06-02-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk update16", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "jp1/cm2/network node manager starter edition )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "25008-00" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-09" }, { "model": "tiered storage manager software (linux(sles", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.0-00" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-09" }, { "model": "tiered storage manager software (linux(sles", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-08" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.3" }, { "model": "sdk .0 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4" }, { "model": "cosminexus developer professional 06-50-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-00" }, { "model": "device manager software (linux(sles", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.1-02" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.4" }, { "model": "tuning manager software )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.2-01" }, { "model": "cosminexus developer light 06-00-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli netcool performance manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.020" }, { "model": "enterprise linux as for sap", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "5" }, { "model": "db2 fixpak", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.54" }, { "model": "cosminexus developer standard 06-02-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "device manager software (solaris", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.1-03(x64))" }, { "model": "cosminexus developer standard 06-51-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-51" }, { "model": "tivoli composite application manager for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "system storage ds8700", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-10" }, { "model": "cosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-00" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.33" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-02" }, { "model": "cosminexus studio web edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-04-00" }, { "model": "interstage service integrator enterprise edition 9.0.0a", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "cosminexus application server standard 06-51-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli directory server 6.3.0.0-tiv-itds-if0", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.05" }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-00" }, { "model": "jre .0 03", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3" }, { "model": "tuning manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0" }, { "model": "cosminexus developer standard 06-00-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cognos business viewpoint", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.113" }, { "model": "websphere datapower xc10 appliance", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.0.0.5" }, { "model": "cosminexus application server enterprise 06-51-/b (linux(", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-03-03" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.14" }, { "model": "tivoli integrated portal", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.114" }, { "model": "systems insight manager sp2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "jdk 19", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.1" }, { "model": "cosminexus developer professional 06-50-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-01-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "interstage software quality analyzer 10.0.0a", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "cosminexus application server standard )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-02" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-02" }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-05" }, { "model": "cosminexus application server 05-00-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "it operations analyzer", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "02-53-01" }, { "model": "cosminexus developer professional 06-50-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.15" }, { "model": "jdk 003", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.8" }, { "model": "cosminexus application server 05-01-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cognos decisionstream", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10-01" }, { "model": "jp1/hicommand replication monitor", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-60" }, { "model": "jp1/hicommand tuning manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-00" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.34" }, { "model": "jp1/automatic job management system web operation assistant", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "2-0" }, { "model": "cosminexus application server 05-01-/l", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.25" }, { "model": "jre 19", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.1" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.1" }, { "model": "ucosminexus application server standard 06-70-/j", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "reflection for secure it windows server", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "6.0" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-02" }, { "model": "tuning manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.001" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.13" }, { "model": "cics transaction gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "cosminexus application server 05-00-/o", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-00-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tuning manager software )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.402" }, { "model": "tuning manager software )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0" }, { "model": "systems insight manager sp6", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-01" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.016" }, { "model": "cognos business intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "network node manager i", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.00" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-03-03" }, { "model": "ucosminexus developer light 06-71-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise 06-51-/j", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/cm2/network node manager starter edition pa-risc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "25008-00-03" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.1" }, { "model": "jdk 1.5.0 07-b03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "cosminexus application server standard 06-51-/b (linux(", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-50-/b )", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "jre 16", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.1" }, { "model": "jp1/cm2/network node manager starter ed enterprise (hp-ux(pa-risc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "cosminexus application server 05-05-/n", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.8" }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-07" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "7.0.6" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "jboss enterprise portal platform 4.3.cp06", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-70" }, { "model": "enterprise linux sap", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3" }, { "model": "jp1/hicommand provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "cosminexus developer standard 06-02-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-05-/p", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand replication monitor", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-50" }, { "model": "jre 03", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3" }, { "model": "tivoli netview", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.5" }, { "model": "cosminexus developer professional 06-51-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "openvms secure web server", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2-2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "cosminexus application server enterprise 06-51-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-00-/k", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "replication manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.1-01" }, { "model": "cosminexus developer 05-05-/k", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus server web edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-04-00" }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-04" }, { "model": "cosminexus developer light 06-50-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.29" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.2.1" }, { "model": "jdk update22", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.4" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-09" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.109" }, { "model": "jdk update15", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "cosminexus developer 05-01-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.11" }, { "model": "jboss enterprise web platform for rhel 4es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "cosminexus developer 05-01-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.110" }, { "model": "enterprise linux desktop workstation client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "provisioning manager software (solaris(sp", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-08" }, { "model": "jdk 1.4.2 10", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "cosminexus developer standard 06-02-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "esx update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.11" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.28" }, { "model": "device manager software (solaris", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.2-00(x64))" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.10" }, { "model": "db2 fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.57" }, { "model": "it operations analyzer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-01" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.10" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-01" } ], "sources": [ { "db": "BID", "id": "46091" }, { "db": "JVNDB", "id": "JVNDB-2011-000017" }, { "db": "JVNDB", "id": "JVNDB-2011-000020" }, { "db": "NVD", "id": "CVE-2010-4476" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:hp:systems_insight_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:websphere_application_server", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-000017" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "HP", "sources": [ { "db": "PACKETSTORM", "id": "114812" }, { "db": "PACKETSTORM", "id": "101245" }, { "db": "PACKETSTORM", "id": "112826" }, { "db": "PACKETSTORM", "id": "111920" } ], "trust": 0.4 }, "cve": "CVE-2010-4476", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2010-4476", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.1, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "IPA", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2011-000017", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "IPA", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2011-000020", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2010-4476", "trust": 1.0, "value": "MEDIUM" }, { "author": "IPA", "id": "JVNDB-2011-000017", "trust": 0.8, "value": "Medium" }, { "author": "IPA", "id": "JVNDB-2011-000020", "trust": 0.8, "value": "Medium" }, { "author": "VULMON", "id": "CVE-2010-4476", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2010-4476" }, { "db": "JVNDB", "id": "JVNDB-2011-000017" }, { "db": "JVNDB", "id": "JVNDB-2011-000020" }, { "db": "NVD", "id": "CVE-2010-4476" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. IBM WebSphere Application Server (WAS) contains a denial-of-service (DoS) vulnerability. IBM WebSphere Application Server contains a denial-of-service (DoS) vulnerability due to an issue in Java Runtime Environment (JRE). According to the developer: \" For other IBM software products that contain an affected version of WAS, require an update. Specifically, WebSphere Process Server (WPS), WebSphere Enterprise Service Bus (WESB), WebSphere Virtual Enterprise (WVE), WebSphere Commerce and others are applicable. Also, IBM HTTP Server is not affected by this vulnerability.\"A remote attacker may cause a denial-of-service (DoS). A wide range of products are affected. Oracle Java is prone to a remote denial-of-service vulnerability. \nSuccessful attacks will cause applications written in Java to hang, creating a denial-of-service condition. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201111-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Oracle JRE/JDK: Multiple vulnerabilities\n Date: November 05, 2011\n Bugs: #340421, #354213, #370559, #387851\n ID: 201111-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in the Oracle JRE/JDK,\nallowing attackers to cause unspecified impact. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-java/sun-jre-bin \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n 2 app-emulation/emul-linux-x86-java\n \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n 3 dev-java/sun-jdk \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n -------------------------------------------------------------------\n NOTE: Packages marked with asterisks require manual intervention!\n -------------------------------------------------------------------\n 3 affected packages\n -------------------------------------------------------------------\n\nDescription\n===========\n\nMultiple vulnerabilities have been reported in the Oracle Java\nimplementation. Please review the CVE identifiers referenced below and\nthe associated Oracle Critical Patch Update Advisory for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Oracle JDK 1.6 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-java/sun-jdk-1.6.0.29\"\n\nAll Oracle JRE 1.6 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-java/sun-jre-bin-1.6.0.29\"\n\nAll users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to\nthe latest version:\n\n # emerge --sync\n # emerge -a -1 -v \"\u003e=app-emulation/emul-linux-x86-java-1.6.0.29\"\n\nNOTE: As Oracle has revoked the DLJ license for its Java\nimplementation, the packages can no longer be updated automatically. \nThis limitation is not present on a non-fetch restricted implementation\nsuch as dev-java/icedtea-bin. \n\nReferences\n==========\n\n[ 1 ] CVE-2010-3541\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541\n[ 2 ] CVE-2010-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548\n[ 3 ] CVE-2010-3549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549\n[ 4 ] CVE-2010-3550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550\n[ 5 ] CVE-2010-3551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551\n[ 6 ] CVE-2010-3552\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552\n[ 7 ] CVE-2010-3553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553\n[ 8 ] CVE-2010-3554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554\n[ 9 ] CVE-2010-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555\n[ 10 ] CVE-2010-3556\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556\n[ 11 ] CVE-2010-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557\n[ 12 ] CVE-2010-3558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558\n[ 13 ] CVE-2010-3559\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559\n[ 14 ] CVE-2010-3560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560\n[ 15 ] CVE-2010-3561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561\n[ 16 ] CVE-2010-3562\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562\n[ 17 ] CVE-2010-3563\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563\n[ 18 ] CVE-2010-3565\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565\n[ 19 ] CVE-2010-3566\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566\n[ 20 ] CVE-2010-3567\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567\n[ 21 ] CVE-2010-3568\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568\n[ 22 ] CVE-2010-3569\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569\n[ 23 ] CVE-2010-3570\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570\n[ 24 ] CVE-2010-3571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571\n[ 25 ] CVE-2010-3572\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572\n[ 26 ] CVE-2010-3573\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573\n[ 27 ] CVE-2010-3574\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574\n[ 28 ] CVE-2010-4422\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422\n[ 29 ] CVE-2010-4447\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447\n[ 30 ] CVE-2010-4448\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448\n[ 31 ] CVE-2010-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450\n[ 32 ] CVE-2010-4451\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451\n[ 33 ] CVE-2010-4452\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452\n[ 34 ] CVE-2010-4454\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454\n[ 35 ] CVE-2010-4462\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462\n[ 36 ] CVE-2010-4463\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463\n[ 37 ] CVE-2010-4465\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465\n[ 38 ] CVE-2010-4466\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466\n[ 39 ] CVE-2010-4467\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467\n[ 40 ] CVE-2010-4468\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468\n[ 41 ] CVE-2010-4469\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469\n[ 42 ] CVE-2010-4470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470\n[ 43 ] CVE-2010-4471\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471\n[ 44 ] CVE-2010-4472\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472\n[ 45 ] CVE-2010-4473\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473\n[ 46 ] CVE-2010-4474\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474\n[ 47 ] CVE-2010-4475\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475\n[ 48 ] CVE-2010-4476\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476\n[ 49 ] CVE-2011-0802\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802\n[ 50 ] CVE-2011-0814\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814\n[ 51 ] CVE-2011-0815\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815\n[ 52 ] CVE-2011-0862\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862\n[ 53 ] CVE-2011-0863\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863\n[ 54 ] CVE-2011-0864\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864\n[ 55 ] CVE-2011-0865\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865\n[ 56 ] CVE-2011-0867\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867\n[ 57 ] CVE-2011-0868\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868\n[ 58 ] CVE-2011-0869\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869\n[ 59 ] CVE-2011-0871\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871\n[ 60 ] CVE-2011-0872\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872\n[ 61 ] CVE-2011-0873\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873\n[ 62 ] CVE-2011-3389\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389\n[ 63 ] CVE-2011-3516\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516\n[ 64 ] CVE-2011-3521\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521\n[ 65 ] CVE-2011-3544\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544\n[ 66 ] CVE-2011-3545\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545\n[ 67 ] CVE-2011-3546\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546\n[ 68 ] CVE-2011-3547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547\n[ 69 ] CVE-2011-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548\n[ 70 ] CVE-2011-3549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549\n[ 71 ] CVE-2011-3550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550\n[ 72 ] CVE-2011-3551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551\n[ 73 ] CVE-2011-3552\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552\n[ 74 ] CVE-2011-3553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553\n[ 75 ] CVE-2011-3554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554\n[ 76 ] CVE-2011-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555\n[ 77 ] CVE-2011-3556\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556\n[ 78 ] CVE-2011-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557\n[ 79 ] CVE-2011-3558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558\n[ 80 ] CVE-2011-3560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560\n[ 81 ] CVE-2011-3561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201111-02.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\n VMware Security Advisory\n\nAdvisory ID: VMSA-2011-0013\nSynopsis: VMware third party component updates for VMware vCenter\n Server, vCenter Update Manager, ESXi and ESX\nIssue date: 2011-10-27\nUpdated on: 2011-10-27 (initial release of advisory)\nCVE numbers: --- openssl ---\n CVE-2008-7270 CVE-2010-4180\n --- libuser ---\n CVE-2011-0002\n --- nss, nspr ---\n CVE-2010-3170 CVE-2010-3173\n --- Oracle (Sun) JRE 1.6.0 ---\n CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549\n CVE-2010-3550 CVE-2010-3551 CVE-2010-3552 CVE-2010-3553\n CVE-2010-3554 CVE-2010-3555 CVE-2010-3556 CVE-2010-3557\n CVE-2010-3558 CVE-2010-3559 CVE-2010-3560 CVE-2010-3561\n CVE-2010-3562 CVE-2010-3563 CVE-2010-3565 CVE-2010-3566\n CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3570\n CVE-2010-3571 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574\n CVE-2010-4422 CVE-2010-4447 CVE-2010-4448 CVE-2010-4450\n CVE-2010-4451 CVE-2010-4452 CVE-2010-4454 CVE-2010-4462\n CVE-2010-4463 CVE-2010-4465 CVE-2010-4466 CVE-2010-4467\n CVE-2010-4468 CVE-2010-4469 CVE-2010-4470 CVE-2010-4471\n CVE-2010-4472 CVE-2010-4473 CVE-2010-4474 CVE-2010-4475\n CVE-2010-4476\n --- Oracle (Sun) JRE 1.5.0 ---\n CVE-2010-4447 CVE-2010-4448 CVE-2010-4450 CVE-2010-4454\n CVE-2010-4462 CVE-2010-4465 CVE-2010-4466 CVE-2010-4468\n CVE-2010-4469 CVE-2010-4473 CVE-2010-4475 CVE-2010-4476\n CVE-2011-0862 CVE-2011-0873 CVE-2011-0815 CVE-2011-0864\n CVE-2011-0802 CVE-2011-0814 CVE-2011-0871 CVE-2011-0867\n CVE-2011-0865\n --- SFCB ---\n CVE-2010-2054\n- ------------------------------------------------------------------------\n\n1. Summary\n\n Update 2 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere\n Hypervisor (ESXi) 4.1 and ESX 4.1 addresses several security issues. \n\n2. Relevant releases\n\n vCenter Server 4.1 without Update 2\n\n vCenter Update Manager 4.1 without Update 2\n\n ESXi 4.1 without patch ESX410-201110201-SG. \n\n ESX 4.1 without patches ESX410-201110201-SG,\n ESX410-201110204-SG, ESX410-201110206-SG,ESX410-201110214-SG. \n\n3. Problem Description\n\n a. ESX third party update for Service Console openssl RPM\n\n The Service Console openssl RPM is updated to\n openssl-0.9.8e.12.el5_5.7 resolving two security issues. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2008-7270 and CVE-2010-4180 to these\n issues. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ========= ======== ======= =================\n vCenter any Windows not affected\n\n hosted* any any not affected\n\n ESXi any any not affected\n\n ESX 4.1 ESX ESX410-201110204-SG\n ESX 4.0 ESX patch pending\n ESX 3.5 ESX not applicable\n ESX 3.0.3 ESX not applicable\n\n * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n b. ESX third party update for Service Console libuser RPM\n\n The Service Console libuser RPM is updated to version\n 0.54.7-2.1.el5_5.2 to resolve a security issue. \n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2011-0002 to this issue. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ========= ======== ======= =================\n vCenter any Windows not affected\n\n hosted* any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.1 ESX ESX410-201110206-SG\n ESX 4.0 ESX patch pending\n ESX 3.5 ESX not applicable\n ESX 3.0.3 ESX not applicable\n\n * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n c. ESX third party update for Service Console nss and nspr RPMs\n\n The Service Console Network Security Services (NSS) and Netscape\n Portable Runtime (NSPR) libraries are updated to nspr-4.8.6-1\n and nss-3.12.8-4 resolving multiple security issues. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2010-3170 and CVE-2010-3173 to these\n issues. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ========= ======== ======= =================\n vCenter any Windows not affected\n\n hosted* any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.1 ESX ESX410-201110214-SG\n ESX 4.0 ESX patch pending\n ESX 3.5 ESX not applicable\n ESX 3.0.3 ESX not applicable\n\n * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n d. vCenter Server and ESX, Oracle (Sun) JRE update 1.6.0_24\n\n Oracle (Sun) JRE is updated to version 1.6.0_24, which addresses\n multiple security issues that existed in earlier releases of\n Oracle (Sun) JRE. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the following names to the security issues fixed in\n JRE 1.6.0_24: CVE-2010-4422, CVE-2010-4447, CVE-2010-4448,\n CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454,\n CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466,\n CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470,\n CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4474,\n CVE-2010-4475 and CVE-2010-4476. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the following names to the security issues fixed in\n JRE 1.6.0_22: CVE-2010-1321, CVE-2010-3541, CVE-2010-3548,\n CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552,\n CVE-2010-3553, CVE-2010-3554, CVE-2010-3555, CVE-2010-3556,\n CVE-2010-3557, CVE-2010-3558, CVE-2010-3559, CVE-2010-3560,\n CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565,\n CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569,\n CVE-2010-3570, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573 and\n CVE-2010-3574. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter 5.0 Windows not affected\n vCenter 4.1 Windows Update 2\n vCenter 4.0 Windows not applicable **\n VirtualCenter 2.5 Windows not applicable **\n\n Update Manager 5.0 Windows not affected\n Update Manager 4.1 Windows not applicable **\n Update Manager 4.0 Windows not applicable **\n\n hosted * any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.1 ESX ESX410-201110201-SG\n ESX 4.0 ESX not applicable **\n ESX 3.5 ESX not applicable **\n ESX 3.0.3 ESX not applicable **\n\n * hosted products are VMware Workstation, Player, ACE, Fusion. \n ** this product uses the Oracle (Sun) JRE 1.5.0 family\n\n e. vCenter Update Manager Oracle (Sun) JRE update 1.5.0_30\n\n Oracle (Sun) JRE is updated to version 1.5.0_30, which addresses\n multiple security issues that existed in earlier releases of\n Oracle (Sun) JRE. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the following names to the security issues fixed in\n Oracle (Sun) JRE 1.5.0_30: CVE-2011-0862, CVE-2011-0873,\n CVE-2011-0815, CVE-2011-0864, CVE-2011-0802, CVE-2011-0814,\n CVE-2011-0871, CVE-2011-0867 and CVE-2011-0865. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the following names to the security issues fixed in\n Oracle (Sun) JRE 1.5.0_28: CVE-2010-4447, CVE-2010-4448,\n CVE-2010-4450, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465,\n CVE-2010-4466, CVE-2010-4468, CVE-2010-4469, CVE-2010-4473,\n CVE-2010-4475, CVE-2010-4476. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter 5.0 Windows not applicable **\n vCenter 4.1 Windows not applicable **\n vCenter 4.0 Windows patch pending\n VirtualCenter 2.5 Windows patch pending\n\n Update Manager 5.0 Windows not applicable **\n Update Manager 4.1 Windows Update 2\n Update Manager 4.0 Windows patch pending\n\n hosted * any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.1 ESX not applicable **\n ESX 4.0 ESX patch pending\n ESX 3.5 ESX patch pending\n ESX 3.0.3 ESX affected, no patch planned\n\n * hosted products are VMware Workstation, Player, ACE, Fusion. \n ** this product uses the Oracle (Sun) JRE 1.6.0 family\n\n f. Integer overflow in VMware third party component sfcb\n\n This release resolves an integer overflow issue present in the\n third party library SFCB when the httpMaxContentLength has been\n changed from its default value to 0 in in /etc/sfcb/sfcb.cfg. \n The integer overflow could allow remote attackers to cause a\n denial of service (heap memory corruption) or possibly execute\n arbitrary code via a large integer in the Content-Length HTTP\n header. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2010-2054 to this issue. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ========= ======== ======= =================\n vCenter any Windows not affected\n\n hosted* any any not affected\n\n ESXi 5.0 ESXi not affected\n ESXi 4.1 ESXi ESXi410-201110201-SG\n ESXi 4.0 ESXi not affected\n ESXi 3.5 ESXi not affected\n\n ESX 4.1 ESX ESX410-201110201-SG\n ESX 4.0 ESX not affected\n ESX 3.5 ESX not affected\n ESX 3.0.3 ESX not affected\n\n * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n4. Solution\n Please review the patch/release notes for your product and version\n and verify the checksum of your downloaded file. \n\n VMware vCenter Server 4.1\n ----------------------------------------------\n vCenter Server 4.1 Update 2\n The download for vCenter Server includes VMware Update Manager. \n\n Download link:\n\nhttp://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1\n\n Release Notes:\n\nhttp://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html\n https://www.vmware.com/support/pubs/vum_pubs.html\n\n File: VMware-VIMSetup-all-4.1.0-493063.iso\n md5sum: d132326846a85bfc9ebbc53defeee6e1\n sha1sum: 192c3e5d2a10bbe53c025cc7eedb3133a23e0541\n\n File: VMware-VIMSetup-all-4.1.0-493063.zip\n md5sum: 7fd7b09e501bd8fde52649b395491222\n sha1sum: 46dd00e7c594ac672a5d7c3c27d15be2f5a5f1f1\n\n File: VMware-viclient-all-4.1.0-491557.exe\n md5sum: dafd31619ae66da65115ac3900697e3a\n sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef\n\n VMware ESXi 4.1\n ---------------\n VMware ESXi 4.1 Update 2\n\n Download link:\n\nhttp://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1\n\n Release Notes:\n\nhttps://www.vmware.com/support/pubs/vs_pages/vsp_pubs_esxi41_i_vc41.html\n\n File: VMware-VMvisor-Installer-4.1.0.update02-502767.x86_64.iso\n md5sum: 0aa78790a336c5fc6ba3d9807c98bfea\n sha1sum: 7eebd34ab5bdc81401ae20dcf59a8f8ae22086ce\n\n File: upgrade-from-esxi4.0-to-4.1-update02-502767.zip\n md5sum: 459d9142a885854ef0fa6edd8d6a5677\n sha1sum: 75978b6f0fc3b0ccc63babe6a65cfde6ec420d33\n\n File: upgrade-from-ESXi3.5-to-4.1_update02.502767.zip\n md5sum: 3047fac78a4aaa05cf9528d62fad9d73\n sha1sum: dc99b6ff352ace77d5513b4c6d8a2cb7e766a09f\n\n File: VMware-tools-linux-8.3.12-493255.iso\n md5sum: 63028f2bf605d26798ac24525a0e6208\n sha1sum: 95ca96eec7817da9d6e0c326ac44d8b050328932\n\n File: VMware-viclient-all-4.1.0-491557.exe\n md5sum: dafd31619ae66da65115ac3900697e3a\n sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef\n\n VMware ESXi 4.1 Update 2 contains ESXi410-201110201-SG. \n\n VMware ESX 4.1\n --------------\n VMware ESX 4.1 Update 2\n Download link:\n\nhttp://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1\n\n Release Notes:\n\nhttp://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html\n\n File: ESX-4.1.0-update02-502767.iso\n md5sum: 9a2b524446cbd756f0f1c7d8d88077f8\n sha1sum: 2824c0628c341357a180b3ab20eb2b7ef1bee61c\n\n File: pre-upgrade-from-esx4.0-to-4.1-502767.zip\n md5sum: 9060ad94d9d3bad7d4fa3e4af69a41cf\n sha1sum: 9b96ba630377946c42a8ce96f0b5745c56ca46b4\n\n File: upgrade-from-esx4.0-to-4.1-update02-502767.zip\n md5sum: 4b60f36ee89db8cb7e1243aa02cdb549\n sha1sum: 6b9168a1b01379dce7db9d79fd280509e16d013f\n\n File: VMware-tools-linux-8.3.12-493255.iso\n md5sum: 63028f2bf605d26798ac24525a0e6208\n sha1sum: 95ca96eec7817da9d6e0c326ac44d8b050328932\n\n File: VMware-viclient-all-4.1.0-491557.exe\n md5sum: dafd31619ae66da65115ac3900697e3a\n sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef\n\n VMware ESX 4.1 Update 2 contains ESX410-201110204-SG,\n ESX410-201110206-SG, ESX410-201110201-SG and\n ESX410-201110214-SG. \n\n5. References\n\n CVE numbers\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7270\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2054\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3170\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3173\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3541\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3548\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3549\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3550\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3551\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3552\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3553\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3554\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3555\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3556\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3557\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3558\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3559\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3560\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3561\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3562\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3563\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3565\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3566\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3567\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3568\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3570\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3573\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3574\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4180\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4422\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4447\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4447\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4448\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4448\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4450\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4450\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4451\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4452\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4454\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4454\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4462\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4462\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4463\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4465\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4465\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4466\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4466\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4467\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4468\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4468\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4469\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4469\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4470\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4471\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4472\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4473\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4473\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4474\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4475\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4475\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0002\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0802\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0814\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0815\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0862\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0864\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0865\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0867\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0871\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0873\n\n- ------------------------------------------------------------------------\n6. Change log\n\n 2011-10-27 VMSA-2011-0013\n Initial security advisory in conjunction with the release of\n Update 2 for vCenter Server 4.1, vCenter Update Manager 4.1,\n vSphere Hypervisor (ESXi) 4.1 and ESX 4.1 on 2011-10-27. \n\n- ------------------------------------------------------------------------\n\n7. Contact\n\n E-mail list for product security notifications and announcements:\n http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\n This Security Advisory is posted to the following lists:\n\n * security-announce at lists.vmware.com\n * bugtraq at securityfocus.com\n * full-disclosure at lists.grok.org.uk\n\n E-mail: security at vmware.com\n PGP key at: http://kb.vmware.com/kb/1055\n\n VMware Security Advisories\n http://www.vmware.com/security/advisories\n\n VMware security response policy\n http://www.vmware.com/support/policies/security_response.html\n\n General support life cycle policy\n http://www.vmware.com/support/policies/eos.html\n\n VMware Infrastructure support life cycle policy\n http://www.vmware.com/support/policies/eos_vi.html\n\n Copyright 2011 VMware Inc. All rights reserved. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.17 (Darwin)\nComment: GPGTools - http://gpgtools.org\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/\n\niEYEARECAAYFAk6qRrIACgkQDEcm8Vbi9kPemwCeM4Q4S8aRp8X/8/LQ8NGVdU8l\nlJkAmweROyq5t0iWwM0EN2iP9ly6trbc\n=Dm8O\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. Customers should open a support case to request the\nfollowing hotfixes. \n\nNNMi Version / Operating System\n Required Patch\n Hotfix\n\n9.1x HP-UX\n Patch 4\n Hotfix-NNMi-9.1xP4-HP-UX-JDK-20120710.zip\n\n9.1x Linux\n Patch 4\n Hotfix-NNMi-9.1xP4-Linux-JDK-20120523.zip\n\n9.1x Solaris\n Patch 4\n Hotfix-NNMi-9.1xP4-Solaris-JDK-20120523.zip\n\n9.1x Windows\n Patch 4\n Hotfix-NNMi-9.1xP4-Windows-JDK-20120523.zip\n\nNote: The hotfix must be installed after the required patch. The hotfix must\nbe reinstalled if the required patch is reinstalled. \n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. ===========================================================\nUbuntu Security Notice USN-1079-2 March 15, 2011\nopenjdk-6b18 vulnerabilities\nCVE-2010-4448, CVE-2010-4450, CVE-2010-4465, CVE-2010-4469,\nCVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4476,\nCVE-2011-0706\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 9.10\nUbuntu 10.04 LTS\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 9.10:\n icedtea6-plugin 6b18-1.8.7-0ubuntu1~9.10.1\n openjdk-6-jre 6b18-1.8.7-0ubuntu1~9.10.1\n openjdk-6-jre-headless 6b18-1.8.7-0ubuntu1~9.10.1\n\nUbuntu 10.04 LTS:\n icedtea6-plugin 6b18-1.8.7-0ubuntu1~10.04.2\n openjdk-6-jre 6b18-1.8.7-0ubuntu1~10.04.2\n openjdk-6-jre-headless 6b18-1.8.7-0ubuntu1~10.04.2\n\nAfter a standard system update you need to restart any Java services,\napplications or applets to make all the necessary changes. \n\nDetails follow:\n\nUSN-1079-1 fixed vulnerabilities in OpenJDK 6 for non-armel (ARM)\narchitectures. This update provides the corresponding updates for\nOpenJDK 6 for use with the armel (ARM) architectures. \n\nIn order to build the armel (ARM) OpenJDK 6 update for Ubuntu 10.04\nLTS, it was necessary to rebuild binutils and gcj-4.4 from Ubuntu\n10.04 LTS updates. \n\nOriginal advisory details:\n\n It was discovered that untrusted Java applets could create domain\n name resolution cache entries, allowing an attacker to manipulate\n name resolution within the JVM. (CVE-2010-4448)\n\n It was discovered that the Java launcher did not did not properly\n setup the LD_LIBRARY_PATH environment variable. A local attacker\n could exploit this to execute arbitrary code as the user invoking\n the program. (CVE-2010-4450)\n\n It was discovered that within the Swing library, forged timer events\n could allow bypass of SecurityManager checks. This could allow an\n attacker to access restricted resources. (CVE-2010-4465)\n\n It was discovered that certain bytecode combinations confused memory\n management within the HotSpot JVM. (CVE-2010-4469)\n\n It was discovered that the way JAXP components were handled\n allowed them to be manipulated by untrusted applets. An attacker\n could use this to bypass XML processing restrictions and elevate\n privileges. (CVE-2010-4470)\n\n It was discovered that the Java2D subcomponent, when processing broken\n CFF fonts could leak system properties. (CVE-2010-4471)\n\n It was discovered that a flaw in the XML Digital Signature\n component could allow an attacker to cause untrusted code to\n replace the XML Digital Signature Transform or C14N algorithm\n implementations. (CVE-2010-4472)\n\n Konstantin Prei\\xdfer and others discovered that specific double literals\n were improperly handled, allowing a remote attacker to cause a denial\n of service. (CVE-2011-0706)\n\n\nUpdated packages for Ubuntu 9.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7-0ubuntu1~9.10.1.diff.gz\n Size/MD5: 146232 31c9fd1c87f901507dec909a87d40589\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7-0ubuntu1~9.10.1.dsc\n Size/MD5: 3009 13ad66a10ac1cb3698ec20d1d214a626\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7.orig.tar.gz\n Size/MD5: 71430490 b2811b2e53cd9abaad6959d33fe10d19\n\n armel architecture (ARM Architecture):\n\n http://ports.ubuntu.com/pool/main/o/openjdk-6b18/icedtea-6-jre-cacao_6b18-1.8.7-0ubuntu1~9.10.1_armel.deb\n Size/MD5: 369758 6c4489efb438728ec430f7fe9c560a24\n http://ports.ubuntu.com/pool/main/o/openjdk-6b18/icedtea6-plugin_6b18-1.8.7-0ubuntu1~9.10.1_armel.deb\n Size/MD5: 75714 7d6bcfe18707892e7aebe836cff565db\n http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-dbg_6b18-1.8.7-0ubuntu1~9.10.1_armel.deb\n Size/MD5: 84965722 3bd57de4c9b80d33e545cd1e9c9492e9\n http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-demo_6b18-1.8.7-0ubuntu1~9.10.1_armel.deb\n Size/MD5: 1544602 d3689556c3354209f1ac402f2ebde500\n http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jdk_6b18-1.8.7-0ubuntu1~9.10.1_armel.deb\n Size/MD5: 9107834 c31913d1c41bc826021784ea9c99cfb5\n http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jre-headless_6b18-1.8.7-0ubuntu1~9.10.1_armel.deb\n Size/MD5: 29720800 eff015c81953c6d7384706d14d97a896\n http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jre_6b18-1.8.7-0ubuntu1~9.10.1_armel.deb\n Size/MD5: 255212 d01547c3c8ea7991c8417718e0d9031b\n http://ports.ubuntu.com/pool/universe/o/openjdk-6b18/openjdk-6-jre-zero_6b18-1.8.7-0ubuntu1~9.10.1_armel.deb\n Size/MD5: 4853678 3da0193b13769aff3f13c3946ac145a5\n\nUpdated packages for Ubuntu 10.04 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7-0ubuntu1~10.04.2.diff.gz\n Size/MD5: 146294 ed4b09749d16004b52b0488c8191eb3f\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7-0ubuntu1~10.04.2.dsc\n Size/MD5: 3062 5edaf7e9dbd70b79868927f2debafc6c\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7.orig.tar.gz\n Size/MD5: 71430490 b2811b2e53cd9abaad6959d33fe10d19\n\n armel architecture (ARM Architecture):\n\n http://ports.ubuntu.com/pool/main/o/openjdk-6b18/icedtea-6-jre-cacao_6b18-1.8.7-0ubuntu1~10.04.2_armel.deb\n Size/MD5: 346450 a68c38540eabb97715893feecb295fb0\n http://ports.ubuntu.com/pool/main/o/openjdk-6b18/icedtea6-plugin_6b18-1.8.7-0ubuntu1~10.04.2_armel.deb\n Size/MD5: 73856 8afdfac50e3431dbc7330f8b84ecf37b\n http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-dbg_6b18-1.8.7-0ubuntu1~10.04.2_armel.deb\n Size/MD5: 41237528 13b2864e53bea1395ec4ee19a724fc98\n http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-demo_6b18-1.8.7-0ubuntu1~10.04.2_armel.deb\n Size/MD5: 1525192 cf0e7f1013fa1f88134d288246dfa078\n http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jdk_6b18-1.8.7-0ubuntu1~10.04.2_armel.deb\n Size/MD5: 9101442 a22e6ec0af97c5b2a2dc2dc71650a863\n http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jre-headless_6b18-1.8.7-0ubuntu1~10.04.2_armel.deb\n Size/MD5: 29512754 7e8283f159bbbad2ea5939c78db8bd6a\n http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jre_6b18-1.8.7-0ubuntu1~10.04.2_armel.deb\n Size/MD5: 245384 1ea80079241fe9ce65c39f6768ab842b\n\n\n. Summary:\n\nUpdated java-1.6.0-ibm packages that fix several security issues are now\navailable for Red Hat Network Satellite 5.4.1 for Red Hat\nEnterprise Linux 5. \n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. Relevant releases/architectures:\n\nRed Hat Network Satellite Server 5.4 (RHEL v.5) - i386, s390x, x86_64\n\n3. In\na typical operating environment, these are of low security risk as the\nruntime is not used on untrusted applets. Detailed vulnerability descriptions are linked from the IBM\n\"Security alerts\" page, listed in the References section. (CVE-2009-3555,\nCVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550,\nCVE-2010-3551, CVE-2010-3553, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557,\nCVE-2010-3558, CVE-2010-3560, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565,\nCVE-2010-3566, CVE-2010-3568, CVE-2010-3569, CVE-2010-3571, CVE-2010-3572,\nCVE-2010-3573, CVE-2010-3574, CVE-2010-4422, CVE-2010-4447, CVE-2010-4448,\nCVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465,\nCVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4471, CVE-2010-4473,\nCVE-2010-4475, CVE-2010-4476)\n\nUsers of Red Hat Network Satellite 5.4.1 are advised to upgrade to these\nupdated java-1.6.0-ibm packages, which contain the IBM 1.6.0 SR9-FP1 Java\nrelease. For this update to take effect, Red Hat Network Satellite must be\nrestarted. Refer to the Solution section for details. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\nRun the following command to restart the Red Hat Network Satellite\nserver:\n\n# rhn-satellite restart\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n533125 - CVE-2009-3555 TLS: MITM attacks via session renegotiation\n582466 - CVE-2010-1321 krb5: null pointer dereference in GSS-API library leads to DoS (MITKRB5-SA-2010-005)\n639876 - CVE-2010-3568 OpenJDK Deserialization Race condition (6559775)\n639897 - CVE-2010-3562 OpenJDK IndexColorModel double-free (6925710)\n639904 - CVE-2010-3557 OpenJDK Swing mutable static (6938813)\n639909 - CVE-2010-3548 OpenJDK DNS server IP address information leak (6957564)\n639920 - CVE-2010-3565 OpenJDK JPEG writeImage remote code execution (6963023)\n639922 - CVE-2010-3566 OpenJDK ICC Profile remote code execution (6963489)\n639925 - CVE-2010-3569 OpenJDK Serialization inconsistencies (6966692)\n642167 - CVE-2010-3553 OpenJDK Swing unsafe reflection usage (6622002)\n642180 - CVE-2010-3549 OpenJDK HttpURLConnection request splitting (6952017)\n642187 - CVE-2010-3551 OpenJDK local network address disclosure (6952603)\n642202 - CVE-2010-3541 CVE-2010-3573 OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004)\n642215 - CVE-2010-3574 OpenJDK HttpURLConnection incomplete TRACE permission check (6981426)\n642558 - CVE-2010-3555 JDK unspecified vulnerability in Deployment component\n642559 - CVE-2010-3550 JDK unspecified vulnerability in Java Web Start component\n642573 - CVE-2010-3560 JDK unspecified vulnerability in Networking component\n642576 - CVE-2010-3556 JDK unspecified vulnerability in 2D component\n642585 - CVE-2010-3571 JDK unspecified vulnerability in 2D component\n642589 - CVE-2010-3563 JDK unspecified vulnerability in Deployment component\n642593 - CVE-2010-3558 JDK unspecified vulnerability in Java Web Start component\n642611 - CVE-2010-3572 JDK unspecified vulnerability in Sound component\n674336 - CVE-2010-4476 JDK Double.parseDouble Denial-Of-Service\n675984 - CVE-2010-4465 OpenJDK Swing timer-based security manager bypass (6907662)\n676019 - CVE-2010-4471 OpenJDK Java2D font-related system property leak (6985453)\n676023 - CVE-2010-4448 OpenJDK DNS cache poisoning by untrusted applets (6981922)\n677957 - CVE-2010-4475 JDK unspecified vulnerability in Deployment component\n677958 - CVE-2010-4473 JDK unspecified vulnerability in Sound component\n677959 - CVE-2010-4468 JDK unspecified vulnerability in JDBC component\n677960 - CVE-2010-4467 JDK unspecified vulnerability in Deployment component\n677961 - CVE-2010-4466 JDK unspecified vulnerability in Deployment component\n677963 - CVE-2010-4463 JDK unspecified vulnerability in Deployment component\n677966 - CVE-2010-4462 JDK unspecified vulnerability in Sound component\n677967 - CVE-2010-4454 JDK unspecified vulnerability in Sound component\n677968 - CVE-2010-4452 JDK unspecified vulnerability in Deployment component\n677970 - CVE-2010-4447 JDK unspecified vulnerability in Deployment component\n677971 - CVE-2010-4422 JDK unspecified vulnerability in Deployment component\n\n6. Package List:\n\nRed Hat Network Satellite Server 5.4 (RHEL v.5):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHNSAT/SRPMS/java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el5.src.rpm\n\ni386:\njava-1.6.0-ibm-1.6.0.9.1-1jpp.1.el5.i386.rpm\njava-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el5.i386.rpm\n\ns390x:\njava-1.6.0-ibm-1.6.0.9.1-1jpp.1.el5.s390x.rpm\njava-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el5.s390x.rpm\n\nx86_64:\njava-1.6.0-ibm-1.6.0.9.1-1jpp.1.el5.x86_64.rpm\njava-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2011 Red Hat, Inc. Such input strings represent valid\nnumbers and can be contained in data supplied by an attacker over the\nnetwork, leading to a denial-of-service attack. \n\nFor the old stable distribution (lenny), this problem has been fixed\nin version 6b18-1.8.3-2~lenny1. \n\nNote that this update introduces an OpenJDK package based on the\nIcedTea release 1.8.3 into the old stable distribution. This\naddresses several dozen security vulnerabilities, most of which are\nonly exploitable by malicious mobile code. A notable exception is\nCVE-2009-3555, the TLS renegotiation vulnerability. This update\nimplements the protocol extension described in RFC 5746, addressing\nthis issue. \n\nThis update also includes a new version of Hotspot, the Java virtual\nmachine, which increases the default heap size on machines with\nseveral GB of RAM. If you run several JVMs on the same machine, you\nmight have to reduce the heap size by specifying a suitable -Xmx\nargument in the invocation of the \"java\" command. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c02822093\nVersion: 1\n\nHPSBOV02634 SSRT100390 rev.1 - HP OpenVMS running Java, Remote Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2011-05-05\nLast Updated: 2011-05-05\n\nPotential Security Impact: Remote Denial of Service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential vulnerability has been identified with HP OpenVMS running Java. The vulnerability could be remotely exploited to create a Denial of Service (DoS). \n\nReferences: CVE-2010-4476\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP OpenVMS running J2SE 1.42 on Alpha platforms: v 1.42-9 and earlier. \nHP OpenVMS running J2SE 1.42 on I64 platforms: v 1.42-6 and earlier. \nHP OpenVMS running J2SE 5.0 on Alpha platforms: v 1.50-7 and earlier. \nHP OpenVMS running J2SE 5.0 on I64 platforms: v 1.50-6 and earlier. \nHP OpenVMS running Java SE 6 on Alpha and I64 platforms: v 6.0-2 and earlier. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2010-4476 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software tool available to resolve the vulnerability. \n\nThe FPUpdater tool (Floating Point Updater) must be run to update the Java Development Kit (JDK) and/or the Java Runtime Environment (JRE) for Java v 1.4-x, v 5.0-x, and v 6.0-x. \n\nTo download the FPUpdater tool, go to http://h18012.www1.hp.com/java/alpha/fpupdater_index.html\n\nHISTORY\nVersion:1 (rev.1) - 5 May 2011 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com\n Subject: get key\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n -verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin\nrelates to is represented by the 5th and 6th characters\nof the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\nCopyright 2011 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. ----------------------------------------------------------------------\n\n\nSecure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). \n\nRequest a free trial: \nhttp://secunia.com/products/corporate/vim/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nApache Tomcat Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA43198\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/43198/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43198\n\nRELEASE DATE:\n2011-02-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/43198/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/43198/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43198\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Apache Tomcat, which\ncan be exploited by malicious, local users to bypass certain security\nrestrictions and by malicious people to conduct cross-site scripting\nattacks and cause a DoS (Denial of Service). \n\n1) An error due to the \"ServletContect\" attribute improperly being\nrestricted to read-only when running under a SecurityManager can be\nexploited by a malicious web application to use an arbitrary working\ndirectory with read-write privileges. \n\n2) Certain input (e.g. display names) is not properly sanitised in\nthe HTML Manager interface before being returned to the user. \n\n3) An error within the JVM when accessing a page that calls\n\"javax.servlet.ServletRequest.getLocale()\" or\n\"javax.servlet.ServletRequest.getLocales()\" functions can be\nexploited to cause the process to hang via a web request containing\nspecially crafted headers (e.g. \"Accept-Language\"). \n\nThis vulnerability is reported in versions prior to 5.5.33. \n\nPROVIDED AND/OR DISCOVERED BY:\n1, 2) Reported by the vendor. \n3) Konstantin Preiber\n\nORIGINAL ADVISORY:\nApache Tomcat:\nhttp://tomcat.apache.org/security-5.html\nhttp://archives.neohapsis.com/archives/fulldisclosure/2011-02/0075.html\n\nKonstantin Preiber:\nhttp://www.exploringbinary.com/why-volatile-fixes-the-2-2250738585072011e-308-bug/comment-page-1/#comment-4645\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory MDVSA-2011:054\n http://www.mandriva.com/security/\n _______________________________________________________________________\n\n Package : java-1.6.0-openjdk\n Date : March 27, 2011\n Affected: 2009.0, 2010.0, 2010.1, Enterprise Server 5.0\n _______________________________________________________________________\n\n Problem Description:\n\n Multiple vulnerabilities has been identified and fixed in\n java-1.6.0-openjdk:\n \n The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7,\n 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from\n the checkPermission method instead of throwing an exception in certain\n circumstances, which might allow context-dependent attackers to bypass\n the intended security policy by creating instances of ClassLoader\n (CVE-2010-4351). NOTE: the\n previous information was obtained from the February 2011 CPU. Oracle\n has not commented on claims from a downstream vendor that this issue\n involves DNS cache poisoning by untrusted applets. NOTE: the previous information was\n obtained from the February 2011 CPU. Oracle has not commented on claims\n from a downstream vendor that this issue is an untrusted search path\n vulnerability involving an empty LD_LIBRARY_PATH environment variable\n (CVE-2010-4450). NOTE: the previous information was obtained from the\n February 2011 CPU. Oracle has not commented on claims from a downstream\n vendor that this issue is related to the lack of framework support by\n AWT event dispatch, and/or clipboard access in Applets. NOTE: the previous information was obtained from\n the February 2011 CPU. Oracle has not commented on claims from a\n downstream vendor that this issue is heap corruption related to the\n Verifier and backward jsrs. NOTE: the previous information\n was obtained from the February 2011 CPU. Oracle has not commented on\n claims from a downstream vendor that this issue is related to Features\n set on SchemaFactory not inherited by Validator. NOTE: the previous information\n was obtained from the February 2011 CPU. Oracle has not commented\n on claims from a downstream vendor that this issue is related to the\n exposure of system properties via vectors related to Font.createFont\n and exception text (CVE-2010-4471). NOTE: the previous\n information was obtained from the February 2011 CPU. Oracle has\n not commented on claims from a downstream vendor that this issue\n involves the replacement of the XML DSig Transform or C14N algorithm\n implementations. \n \n IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5\n does not properly verify signatures for JAR files that (1) are\n partially signed or (2) signed by multiple entities, which allows\n remote attackers to trick users into executing code that appears to\n come from a trusted source (CVE-2011-0025). \n \n The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in\n OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain\n privileges via unknown vectors related to multiple signers and the\n assignment of an inappropriate security descriptor. (CVE-2011-0706)\n \n Additionally the java-1.5.0-gcj packages were not rebuilt with the\n shipped version on GCC for 2009.0 and Enterprise Server 5 which\n caused problems while building the java-1.6.0-openjdk updates,\n therefore rebuilt java-1.5.0-gcj packages are being provided with\n this advisory as well. \n \n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149\u0026amp;products_id=490\n \n The updated packages have been patched to correct this issue. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4351\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4448\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4450\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4465\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4469\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4470\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4471\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4472\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0025\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0706\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2009.0:\n cfea90f1f20d28bf5a2f628e0a910eaa 2009.0/i586/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdv2009.0.i586.rpm\n d3188bf2f1da126b4d04e920e331d831 2009.0/i586/java-1.5.0-gcj-devel-1.5.0.0-17.1.7.1mdv2009.0.i586.rpm\n 1b4994018478f335d49531d9d5e60642 2009.0/i586/java-1.5.0-gcj-javadoc-1.5.0.0-17.1.7.1mdv2009.0.i586.rpm\n 078af1b826c27ea3c7befc88ace7ebd5 2009.0/i586/java-1.5.0-gcj-src-1.5.0.0-17.1.7.1mdv2009.0.i586.rpm\n d1c6cba2035f8eada4e351310ebf7be2 2009.0/i586/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2009.0.i586.rpm\n 8b53c26f88092819346654a339b44622 2009.0/i586/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdv2009.0.i586.rpm\n fc8af257ef8db0d37f3bfff954740c0b 2009.0/i586/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdv2009.0.i586.rpm\n 6cd5f5cdb27e4c8936292aef0aa5010c 2009.0/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdv2009.0.i586.rpm\n 03fdab84535710ac263c08b3870cb062 2009.0/i586/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdv2009.0.i586.rpm\n 0232ce60d1d6e1072e50a13f2b416fcc 2009.0/i586/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdv2009.0.i586.rpm \n fc94465e0b7e5fe50095c15726d38699 2009.0/SRPMS/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdv2009.0.src.rpm\n 79aa73d85fe13e803173a9c520ac1bd8 2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2009.0.src.rpm\n\n Mandriva Linux 2009.0/X86_64:\n 5728fe31661213beab52fe97f9af91ad 2009.0/x86_64/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdv2009.0.x86_64.rpm\n bd5a2a20d168ddcebe29bb109fea38c2 2009.0/x86_64/java-1.5.0-gcj-devel-1.5.0.0-17.1.7.1mdv2009.0.x86_64.rpm\n a37818a53a8dbfa85d82bcf3bf83e08f 2009.0/x86_64/java-1.5.0-gcj-javadoc-1.5.0.0-17.1.7.1mdv2009.0.x86_64.rpm\n ed9d1baa365606c512783863da3e0bd8 2009.0/x86_64/java-1.5.0-gcj-src-1.5.0.0-17.1.7.1mdv2009.0.x86_64.rpm\n b5e70c75ecc67f8f1f7f22ca55059a8b 2009.0/x86_64/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2009.0.x86_64.rpm\n 071df613e884a9faf3525661280b19d6 2009.0/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdv2009.0.x86_64.rpm\n 81b79e0a8ae29c5bcff3fa6872ad52e9 2009.0/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdv2009.0.x86_64.rpm\n b5818cbad798514f02ee26c346d1e077 2009.0/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdv2009.0.x86_64.rpm\n d80e3970d9279df1f9dddd46bcb01380 2009.0/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdv2009.0.x86_64.rpm\n d72298b296819ab6791e28449d3cf475 2009.0/x86_64/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdv2009.0.x86_64.rpm \n fc94465e0b7e5fe50095c15726d38699 2009.0/SRPMS/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdv2009.0.src.rpm\n 79aa73d85fe13e803173a9c520ac1bd8 2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2009.0.src.rpm\n\n Mandriva Linux 2010.0:\n bbe3a5e4538edd269e8e8c846d02ec50 2010.0/i586/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.0.i586.rpm\n 825fa39b02a627993df166acad99e002 2010.0/i586/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdv2010.0.i586.rpm\n b30390e1d4457964f60630c95b36e768 2010.0/i586/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdv2010.0.i586.rpm\n f6123d9a0852fabdf596850979b58e4d 2010.0/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdv2010.0.i586.rpm\n f2ec2f80944f1f401154d2fb2c2ad64d 2010.0/i586/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdv2010.0.i586.rpm\n 68ed360de6ee490d80906fd561459faa 2010.0/i586/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdv2010.0.i586.rpm \n f7cb05087b53d464084c1d9975f914b1 2010.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.0.src.rpm\n\n Mandriva Linux 2010.0/X86_64:\n 11e65a4c18288572327dd4c4f8841f94 2010.0/x86_64/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.0.x86_64.rpm\n 58bdac45685c3146adb44cb2c006811f 2010.0/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdv2010.0.x86_64.rpm\n e9dfc0bd42192c92b2a788809226ff27 2010.0/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdv2010.0.x86_64.rpm\n afcef69bfa7804c70df2684b2ed19634 2010.0/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdv2010.0.x86_64.rpm\n 64ea6c5ab1b71b8a0f163aa1f7581c69 2010.0/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdv2010.0.x86_64.rpm\n beb768b3e0714331050baf31a8e88bc9 2010.0/x86_64/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdv2010.0.x86_64.rpm \n f7cb05087b53d464084c1d9975f914b1 2010.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.0.src.rpm\n\n Mandriva Linux 2010.1:\n c2736e4b08921bb5de8dbad3e13bb988 2010.1/i586/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.2.i586.rpm\n 884207fa52ea3e168710dfb3988229d5 2010.1/i586/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdv2010.2.i586.rpm\n a0d0a86bbc5dcc9d2eff2dc2e14ae083 2010.1/i586/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdv2010.2.i586.rpm\n dc1dd774b5eb1efb1a785b0ff4bc8f94 2010.1/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdv2010.2.i586.rpm\n 41cffbd28ed3d467e465328d8369116a 2010.1/i586/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdv2010.2.i586.rpm\n ae4064b170d4e2fcd0b4949cd53af79e 2010.1/i586/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdv2010.2.i586.rpm \n f44cc336bcd85dbfd7c589b1b34e1907 2010.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.2.src.rpm\n\n Mandriva Linux 2010.1/X86_64:\n 556d72a8cf60df24274bb49938a2791c 2010.1/x86_64/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.2.x86_64.rpm\n e7e183d456383ad562cdb9da84e0f899 2010.1/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdv2010.2.x86_64.rpm\n 035fccb2950b8a87cd4b597c866d5831 2010.1/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdv2010.2.x86_64.rpm\n a76c326c10b87a62be32100d0eddd75f 2010.1/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdv2010.2.x86_64.rpm\n 09ad2b77e3c48b3e16010c8c93fa8f9b 2010.1/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdv2010.2.x86_64.rpm\n 042beb49ddd872902a8faea3e425b792 2010.1/x86_64/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdv2010.2.x86_64.rpm \n f44cc336bcd85dbfd7c589b1b34e1907 2010.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.2.src.rpm\n\n Mandriva Enterprise Server 5:\n 2bf537286d1406c491061e07a73c96ec mes5/i586/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdvmes5.2.i586.rpm\n fb125806cc547d2c69cf13ae67c835d5 mes5/i586/java-1.5.0-gcj-devel-1.5.0.0-17.1.7.1mdvmes5.2.i586.rpm\n 657a9fb9b644be8f8a49442a8210d56a mes5/i586/java-1.5.0-gcj-javadoc-1.5.0.0-17.1.7.1mdvmes5.2.i586.rpm\n fff64cbf465a2a701c248ad5cc4c89c6 mes5/i586/java-1.5.0-gcj-src-1.5.0.0-17.1.7.1mdvmes5.2.i586.rpm\n 8ba9fe5adad781d341ba764b661c8c92 mes5/i586/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdvmes5.2.i586.rpm\n 75de95d6064fe9d552795deb0768dfca mes5/i586/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdvmes5.2.i586.rpm\n 9f5ccbfff9afb405baadfc67f8173617 mes5/i586/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdvmes5.2.i586.rpm\n 70de70d7adaccff5397814d31bd51a96 mes5/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdvmes5.2.i586.rpm\n 94b138e8a423f2f8c2ad137577bb4d42 mes5/i586/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdvmes5.2.i586.rpm\n fd7dc4b050b6e07ea7686a72c2704ccd mes5/i586/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdvmes5.2.i586.rpm \n 2899dfa5a7491a13e85736bf588913d9 mes5/SRPMS/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdv2009.0.src.rpm\n 4fc6e8041b5a93a3a71082fb1cbead26 mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdvmes5.2.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n 11c7cdc078dcd9cf30e818f4fb4c4e1f mes5/x86_64/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdvmes5.2.x86_64.rpm\n 6c6185f429a1672255e30cf00c2af065 mes5/x86_64/java-1.5.0-gcj-devel-1.5.0.0-17.1.7.1mdvmes5.2.x86_64.rpm\n f194361aa7a5cfeec17745f0ee158962 mes5/x86_64/java-1.5.0-gcj-javadoc-1.5.0.0-17.1.7.1mdvmes5.2.x86_64.rpm\n 7d2679d156a618d7ba847ba2ebcede4b mes5/x86_64/java-1.5.0-gcj-src-1.5.0.0-17.1.7.1mdvmes5.2.x86_64.rpm\n 8ae3d0065764f69d1546a61b895a4244 mes5/x86_64/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdvmes5.2.x86_64.rpm\n 8ef4ab6f5f8f421c1b36dfae807350a5 mes5/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdvmes5.2.x86_64.rpm\n d504a7493fc86d5750c849f738bb6167 mes5/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdvmes5.2.x86_64.rpm\n 3c044a087cc5225fd9ad138dcea5fa7d mes5/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdvmes5.2.x86_64.rpm\n b89fa5785567340525aa5b57c8b9440c mes5/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdvmes5.2.x86_64.rpm\n 3dc504dbf7161b1026bf41298118a819 mes5/x86_64/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdvmes5.2.x86_64.rpm \n 2899dfa5a7491a13e85736bf588913d9 mes5/SRPMS/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdv2009.0.src.rpm\n 4fc6e8041b5a93a3a71082fb1cbead26 mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdvmes5.2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFNj4A1mqjQ0CJFipgRAqd9AKDH+zN9xFfcPlQmGWMRSOqb+xjI4QCfbvvt\nDHgr6vgcxh6XXAElZkDBIws=\n=7L47\n-----END PGP SIGNATURE-----\n. \nThe updates are available from: http://www.hp.com/go/java\n\nThese issues are addressed in the following versions of the HP Java:\n\nHP-UX B.11.11 / SDK and JRE v1.4.2.28 or subsequent\n\nHP-UX B.11.23 / SDK and JRE v1.4.2.28 or subsequent\n\nHP-UX B.11.31 / SDK and JRE v1.4.2.28 or subsequent\n\nMANUAL ACTIONS: Yes - Update\n\nFor Java v1.4.2.27 and earlier, update to Java v1.4.2.28 or subsequent", "sources": [ { "db": "NVD", "id": "CVE-2010-4476" }, { "db": "JVNDB", "id": "JVNDB-2011-000017" }, { "db": "JVNDB", "id": "JVNDB-2011-000020" }, { "db": "BID", "id": "46091" }, { "db": "VULMON", "id": "CVE-2010-4476" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "106330" }, { "db": "PACKETSTORM", "id": "114812" }, { "db": "PACKETSTORM", "id": "99338" }, { "db": "PACKETSTORM", "id": "102374" }, { "db": "PACKETSTORM", "id": "98469" }, { "db": "PACKETSTORM", "id": "101245" }, { "db": "PACKETSTORM", "id": "98186" }, { "db": "PACKETSTORM", "id": "99798" }, { "db": "PACKETSTORM", "id": "112826" }, { "db": "PACKETSTORM", "id": "111920" } ], "trust": 3.69 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=35304", "trust": 0.1, "type": "exploit" } ], "sources": [ { "db": "VULMON", "id": "CVE-2010-4476" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2010-4476", "trust": 4.0 }, { "db": "SECUNIA", "id": "43295", "trust": 2.7 }, { "db": "SECTRACK", "id": "1025062", "trust": 2.7 }, { "db": "HITACHI", "id": "HS11-003", "trust": 1.4 }, { "db": "SECUNIA", "id": "43400", "trust": 1.1 }, { "db": "SECUNIA", "id": "43304", "trust": 1.1 }, { "db": "SECUNIA", "id": "45022", "trust": 1.1 }, { "db": "SECUNIA", "id": "43333", "trust": 1.1 }, { "db": "SECUNIA", "id": "43048", "trust": 1.1 }, { "db": "SECUNIA", "id": "44954", "trust": 1.1 }, { "db": "SECUNIA", "id": "45555", "trust": 1.1 }, { "db": "SECUNIA", "id": "43659", "trust": 1.1 }, { "db": "SECUNIA", "id": "43378", "trust": 1.1 }, { "db": "SECUNIA", "id": "43280", "trust": 1.1 }, { "db": "SECUNIA", "id": "49198", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2011-0605", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2011-0422", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2011-0434", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2011-0365", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2011-0377", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2011-0379", "trust": 1.1 }, { "db": "JVN", "id": "JVN26301278", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2011-000017", "trust": 0.8 }, { "db": "JVN", "id": "JVN81294135", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2011-000020", "trust": 0.8 }, { "db": "BID", "id": "46091", "trust": 0.4 }, { "db": "HITACHI", "id": "HS11-009", "trust": 0.3 }, { "db": "HITACHI", "id": "HS11-010", "trust": 0.3 }, { "db": "HITACHI", "id": "HS11-008", "trust": 0.3 }, { "db": "EXPLOIT-DB", "id": "35304", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2010-4476", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106640", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106330", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "114812", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "99338", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "102374", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "98469", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101245", "trust": 0.1 }, { "db": "SECUNIA", "id": "43198", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "98186", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "99798", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "112826", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "111920", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2010-4476" }, { "db": "BID", "id": "46091" }, { "db": "JVNDB", "id": "JVNDB-2011-000017" }, { "db": "JVNDB", "id": "JVNDB-2011-000020" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "106330" }, { "db": "PACKETSTORM", "id": "114812" }, { "db": "PACKETSTORM", "id": "99338" }, { "db": "PACKETSTORM", "id": "102374" }, { "db": "PACKETSTORM", "id": "98469" }, { "db": "PACKETSTORM", "id": "101245" }, { "db": "PACKETSTORM", "id": "98186" }, { "db": "PACKETSTORM", "id": "99798" }, { "db": "PACKETSTORM", "id": "112826" }, { "db": "PACKETSTORM", "id": "111920" }, { "db": "NVD", "id": "CVE-2010-4476" } ] }, "id": "VAR-201102-0280", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.2971645411111111 }, "last_update_date": "2024-09-19T20:11:44.551000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "HPSBMU02769 SSRT100846", "trust": 1.6, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03298151" }, { "title": "NV18-002", "trust": 1.6, "url": "http://jpn.nec.com/security-info/secinfo/nv18-002.html" }, { "title": "PM31983", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM31983" }, { "title": "IZ94423", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ94423" }, { "title": "1462019", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21462019" }, { "title": "Denial of Service Security Exposure", "trust": 0.8, "url": "https://www-304.ibm.com/support/docview.wss?uid=wws11f1aa50037313ea7852578450082883b" }, { "title": "Debian Security Advisories: DSA-2161-1 openjdk-6 -- denial of service", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=8a0fbd8ef02c50b965cd7461fe7f588d" }, { "title": "Ubuntu Security Notice: openjdk-6b18 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1079-3" }, { "title": "Ubuntu Security Notice: openjdk-6 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1079-1" }, { "title": "Ubuntu Security Notice: openjdk-6b18 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1079-2" }, { "title": "VMware Security Advisories: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=31eb28d4d81f5dda33b13bdc58dfe8fb" } ], "sources": [ { "db": "VULMON", "id": "CVE-2010-4476" }, { "db": "JVNDB", "id": "JVNDB-2011-000017" }, { "db": "JVNDB", "id": "JVNDB-2011-000020" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-189", "trust": 1.6 }, { "problemtype": "NVD-CWE-Other", "trust": 1.0 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-000017" }, { "db": "JVNDB", "id": "JVNDB-2011-000020" }, { "db": "NVD", "id": "CVE-2010-4476" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.7, "url": "http://secunia.com/advisories/43295" }, { "trust": 2.7, "url": "http://www.securitytracker.com/id?1025062" }, { "trust": 1.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4476" }, { "trust": 1.6, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4476" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html" }, { "trust": 1.4, "url": "http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" }, { "trust": 1.4, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs11-003/index.html" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2011-0214.html" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm31983" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-february/053926.html" }, { "trust": 1.1, "url": "http://www.debian.org/security/2011/dsa-2161" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2011-0282.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/43400" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2011/0422" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2011-0211.html" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1iz94423" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2011/0434" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2011-0213.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/43280" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21468358" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-february/053934.html" }, { "trust": 1.1, "url": "http://www13.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02720715\u0026admit=109447627+1298159618320+28353475" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2011/0365" }, { "trust": 1.1, "url": "http://secunia.com/advisories/43378" }, { "trust": 1.1, "url": "http://secunia.com/advisories/43304" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2011/0379" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2011-0212.html" }, { "trust": 1.1, "url": "http://blogs.oracle.com/security/2011/02/security_alert_for_cve-2010-44.html" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2011/0377" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2011-0210.html" }, { "trust": 1.1, "url": "http://blog.fortify.com/blog/2011/02/08/double-trouble" }, { "trust": 1.1, "url": "http://secunia.com/advisories/43048" }, { "trust": 1.1, "url": "http://secunia.com/advisories/43333" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2011-0334.html" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2011-0333.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/45555" }, { "trust": 1.1, "url": "http://www.ibm.com/support/docview.wss?uid=swg24029498" }, { "trust": 1.1, "url": "http://www.ibm.com/support/docview.wss?uid=swg24029497" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2011-0880.html" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=130514352726432\u0026w=2" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2011:054" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=131041767210772\u0026w=2" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2011/0605" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=129960314701922\u0026w=2" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/43659" }, { "trust": 1.1, "url": "http://secunia.com/advisories/44954" }, { "trust": 1.1, "url": "http://secunia.com/advisories/45022" }, { "trust": 1.1, "url": "http://support.novell.com/docs/readmes/infodocument/patchbuilder/readme_5098550.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/49198" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=132215163318824\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2" }, { "trust": 1.1, "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=130270785502599\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=130497185606818\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=130497132406206\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=129899347607632\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=130168502603566\u0026w=2" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a19493" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14589" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14328" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a12745" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a12662" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2" }, { "trust": 0.8, "url": "http://jvn.jp/en/jp/jvn26301278/index.html" }, { "trust": 0.8, "url": "http://jvn.jp/en/jp/jvn81294135/index.html" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4476" }, { "trust": 0.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21468884" }, { "trust": 0.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21469222" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4448" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4469" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4465" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg24030795" }, { "trust": 0.3, "url": "http://www.novell.com/support/viewcontent.do?externalid=7008129" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21509635" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21468287" }, { "trust": 0.3, "url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber=hpuxfpupdater" }, { "trust": 0.3, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c02752210" }, { "trust": 0.3, "url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03090723\u0026ac.admitted=1321942068127.876444892.492883150" }, { "trust": 0.3, "url": "http://www.novell.com/support/viewcontent.do?externalid=7009249" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21469285" }, { "trust": 0.3, "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-201101e.html" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1003877" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg1oa35932" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24029090" }, { "trust": 0.3, "url": "http://support.attachmate.com/techdocs/1704.html" }, { "trust": 0.3, "url": "http://java.sun.com" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21468728" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24032592" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21474615" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg24029498" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg24029497" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg24029827" }, { "trust": 0.3, "url": "/archive/1/516213" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21469074" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100127618" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100128342" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100131812" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21469482" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21469001" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21469261" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21468267" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21508061" }, { "trust": 0.3, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c02906075" }, { "trust": 0.3, "url": "http://www11.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02720715" }, { "trust": 0.3, "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02738573" }, { "trust": 0.3, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03358587" }, { "trust": 0.3, "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs11-008/index.html" }, { "trust": 0.3, "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs11-009/index.html" }, { "trust": 0.3, "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs11-010/index.html" }, { "trust": 0.3, "url": "http://www.ibm.com/developerworks/java/jdk/alerts/cve-2010-4476.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas2a5e8722f285b693586257837004234f7" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas239097234bdef0f0086257837004234ff" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas2e3651fd2836659b88625783700423505" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas2bbd9eef75e33a6ec862578370042350b" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas24394745ae41518b88625783700423513" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas274b0e6114eba807a8625783700423519" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas22c04013ef2a6aba98625783700423520" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21468291" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1iz94331" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21469266" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21469046" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21469229" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21468927" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg24029823" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21468987" }, { "trust": 0.3, "url": "https://rhn.redhat.com/errata/rhsa-2011-0334.html" }, { "trust": 0.3, "url": "https://rhn.redhat.com/errata/rhsa-2011-0333.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21468915" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21468912" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21469042" }, { "trust": 0.3, "url": "http://support.attachmate.com/techdocs/2566.html" }, { "trust": 0.3, "url": "http://support.attachmate.com/techdocs/2564.html" }, { "trust": 0.3, "url": "http://support.attachmate.com/techdocs/2560.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21468521" }, { "trust": 0.3, "url": "http://www.novell.com/support/viewcontent.do?externalid=7008485" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21468705" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=isg400000547" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24033364" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24032885" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg24029766" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg24029768" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24029502" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3563" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3560" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3562" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3556" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3550" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3568" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3558" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3541" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3566" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3569" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3548" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3549" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3565" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4422" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3553" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3555" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3551" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3557" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4470" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4450" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4471" }, { "trust": 0.3, "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.3, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4454" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4447" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4472" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3567" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3572" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3559" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3571" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3554" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3573" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3552" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3574" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3570" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3561" }, { "trust": 0.2, "url": "http://secunia.com/" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4472" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1321" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4465" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4469" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4450" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4471" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4448" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4470" }, { "trust": 0.2, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4452" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0815" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0814" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4462" }, { "trust": 0.2, "url": "https://www.hp.com/go/swa" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0862" }, { "trust": 0.2, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4475" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4473" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0802" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0706" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://www.debian.org/security/./dsa-2161" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.exploit-db.com/exploits/35304/" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/1079-3/" }, { "trust": 0.1, "url": "https://www.securityfocus.com/bid/46091" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=22468" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4474" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3565" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0814" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3570" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0864" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3553" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4451" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3516" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3557" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3550" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0865" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4471" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3550" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3557" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4447" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4476" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3549" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3554" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3563" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0862" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4466" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4467" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3567" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4465" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4472" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3556" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0863" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3568" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3549" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3562" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3556" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3573" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3552" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4462" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4469" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4448" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3521" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3546" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3569" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0871" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0815" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4475" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3559" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3541" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0872" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3554" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3552" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4470" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0867" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4468" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3551" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4463" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3544" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3545" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3547" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0869" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3566" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4452" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0802" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3551" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4422" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3553" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4473" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3558" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201111-02.xml" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0873" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0868" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4454" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3389" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4473" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3556" }, { "trust": 0.1, "url": "https://www.vmware.com/support/pubs/vs_pages/vsp_pubs_esxi41_i_vc41.html" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1055" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3571" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4474" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0862" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3554" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3562" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3170" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3557" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3550" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3173" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3567" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4451" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3553" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/eos_vi.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2054" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3555" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0864" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3561" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3541" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3559" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3565" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0802" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/eos.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3574" }, { "trust": 0.1, "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4466" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3563" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4452" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3573" }, { "trust": 0.1, "url": "http://www.vmware.com/security/advisories" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4422" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-7270" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3549" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3548" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4180" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0873" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3568" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/security_response.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1321" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3560" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3572" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4463" }, { "trust": 0.1, "url": "http://gpgtools.org" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0815" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4447" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3566" }, { "trust": 0.1, "url": "http://enigmail.mozdev.org/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4467" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0865" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0867" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3558" }, { "trust": 0.1, "url": "http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html" }, { "trust": 0.1, "url": "http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0871" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3552" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-7270" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3570" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0002" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4475" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4454" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4462" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3173" }, { "trust": 0.1, "url": "https://www.vmware.com/support/pubs/vum_pubs.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3170" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2054" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3569" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0814" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4468" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3551" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4474" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4467" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0817" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4468" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4466" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0786" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4463" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0788" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4451" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/o/openjdk-6b18/icedtea-6-jre-cacao_6b18-1.8.7-0ubuntu1~9.10.1_armel.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jre_6b18-1.8.7-0ubuntu1~9.10.1_armel.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jdk_6b18-1.8.7-0ubuntu1~9.10.1_armel.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/o/openjdk-6b18/icedtea6-plugin_6b18-1.8.7-0ubuntu1~10.04.2_armel.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7-0ubuntu1~10.04.2.dsc" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-dbg_6b18-1.8.7-0ubuntu1~9.10.1_armel.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/o/openjdk-6b18/icedtea-6-jre-cacao_6b18-1.8.7-0ubuntu1~10.04.2_armel.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/o/openjdk-6b18/icedtea6-plugin_6b18-1.8.7-0ubuntu1~9.10.1_armel.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7.orig.tar.gz" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-demo_6b18-1.8.7-0ubuntu1~10.04.2_armel.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/universe/o/openjdk-6b18/openjdk-6-jre-zero_6b18-1.8.7-0ubuntu1~9.10.1_armel.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jre_6b18-1.8.7-0ubuntu1~10.04.2_armel.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7-0ubuntu1~9.10.1.dsc" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jdk_6b18-1.8.7-0ubuntu1~10.04.2_armel.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jre-headless_6b18-1.8.7-0ubuntu1~9.10.1_armel.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-dbg_6b18-1.8.7-0ubuntu1~10.04.2_armel.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7-0ubuntu1~9.10.1.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7-0ubuntu1~10.04.2.diff.gz" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-demo_6b18-1.8.7-0ubuntu1~9.10.1_armel.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jre-headless_6b18-1.8.7-0ubuntu1~10.04.2_armel.deb" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-3550.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-3568.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-3574.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-3556.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-4468.html" }, { "trust": 0.1, "url": "https://access.redhat.com/kb/docs/doc-11259" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-3548.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-3563.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-4476.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-3551.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-3560.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-1321.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-3569.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-4447.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-3558.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#low" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-4452.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-3549.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-4462.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-3566.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-4422.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-3571.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-4475.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-4473.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "http://www.ibm.com/developerworks/java/jdk/alerts/" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-3572.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2009-3555.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-3573.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-3541.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-4463.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-4454.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-3562.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-4448.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-4467.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-4471.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-4465.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-4466.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-3557.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-3565.html" }, { "trust": 0.1, "url": "http://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-3555.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-3553.html" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2011-0880.html" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "http://www.debian.org/security/" }, { "trust": 0.1, "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do" }, { "trust": 0.1, "url": "http://h18012.www1.hp.com/java/alpha/fpupdater_index.html" }, { "trust": 0.1, "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc" }, { "trust": 0.1, "url": "http://h30046.www3.hp.com/subsignin.php" }, { "trust": 0.1, "url": "http://secunia.com/products/corporate/evm/" }, { "trust": 0.1, "url": "http://www.exploringbinary.com/why-volatile-fixes-the-2-2250738585072011e-308-bug/comment-page-1/#comment-4645" }, { "trust": 0.1, "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0075.html" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43198" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43198/#comments" }, { "trust": 0.1, "url": "http://secunia.com/products/corporate/vim/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://tomcat.apache.org/security-5.html" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43198/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0025" }, { "trust": 0.1, "url": "http://store.mandriva.com/product_info.php?cpath=149\u0026amp;products_id=490" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0025" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4351" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/advisories" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0706" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4351" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3549" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0865" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3563" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0864" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3545" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3560" }, { "trust": 0.1, "url": "http://www.hp.com/go/java" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3552" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0499" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3389" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3556" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3557" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3548" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0867" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0871" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3547" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2204" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0033" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3548" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2526" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2902" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3190" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0580" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2693" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0781" }, { "trust": 0.1, "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_java.html" }, { "trust": 0.1, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1184" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1157" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2729" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2901" } ], "sources": [ { "db": "VULMON", "id": "CVE-2010-4476" }, { "db": "BID", "id": "46091" }, { "db": "JVNDB", "id": "JVNDB-2011-000017" }, { "db": "JVNDB", "id": "JVNDB-2011-000020" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "106330" }, { "db": "PACKETSTORM", "id": "114812" }, { "db": "PACKETSTORM", "id": "99338" }, { "db": "PACKETSTORM", "id": "102374" }, { "db": "PACKETSTORM", "id": "98469" }, { "db": "PACKETSTORM", "id": "101245" }, { "db": "PACKETSTORM", "id": "98186" }, { "db": "PACKETSTORM", "id": "99798" }, { "db": "PACKETSTORM", "id": "112826" }, { "db": "PACKETSTORM", "id": "111920" }, { "db": "NVD", "id": "CVE-2010-4476" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2010-4476" }, { "db": "BID", "id": "46091" }, { "db": "JVNDB", "id": "JVNDB-2011-000017" }, { "db": "JVNDB", "id": "JVNDB-2011-000020" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "106330" }, { "db": "PACKETSTORM", "id": "114812" }, { "db": "PACKETSTORM", "id": "99338" }, { "db": "PACKETSTORM", "id": "102374" }, { "db": "PACKETSTORM", "id": "98469" }, { "db": "PACKETSTORM", "id": "101245" }, { "db": "PACKETSTORM", "id": "98186" }, { "db": "PACKETSTORM", "id": "99798" }, { "db": "PACKETSTORM", "id": "112826" }, { "db": "PACKETSTORM", "id": "111920" }, { "db": "NVD", "id": "CVE-2010-4476" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-02-17T00:00:00", "db": "VULMON", "id": "CVE-2010-4476" }, { "date": "2011-02-01T00:00:00", "db": "BID", "id": "46091" }, { "date": "2011-03-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-000017" }, { "date": "2011-03-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-000020" }, { "date": "2011-11-06T01:01:42", "db": "PACKETSTORM", "id": "106640" }, { "date": "2011-10-28T14:46:28", "db": "PACKETSTORM", "id": "106330" }, { "date": "2012-07-17T21:49:22", "db": "PACKETSTORM", "id": "114812" }, { "date": "2011-03-15T20:52:58", "db": "PACKETSTORM", "id": "99338" }, { "date": "2011-06-17T12:57:44", "db": "PACKETSTORM", "id": "102374" }, { "date": "2011-02-14T21:33:52", "db": "PACKETSTORM", "id": "98469" }, { "date": "2011-05-09T22:46:47", "db": "PACKETSTORM", "id": "101245" }, { "date": "2011-02-07T01:36:02", "db": "PACKETSTORM", "id": "98186" }, { "date": "2011-03-28T18:56:27", "db": "PACKETSTORM", "id": "99798" }, { "date": "2012-05-17T21:16:37", "db": "PACKETSTORM", "id": "112826" }, { "date": "2012-04-17T20:41:11", "db": "PACKETSTORM", "id": "111920" }, { "date": "2011-02-17T19:00:01.900000", "db": "NVD", "id": "CVE-2010-4476" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-10-30T00:00:00", "db": "VULMON", "id": "CVE-2010-4476" }, { "date": "2015-04-13T21:31:00", "db": "BID", "id": "46091" }, { "date": "2018-02-07T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-000017" }, { "date": "2018-02-07T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-000020" }, { "date": "2018-10-30T16:26:21.390000", "db": "NVD", "id": "CVE-2010-4476" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "network", "sources": [ { "db": "BID", "id": "46091" } ], "trust": 0.3 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM WebSphere Application Server vulnerable to denial-of-service (DoS)", "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-000017" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Boundary Condition Error", "sources": [ { "db": "BID", "id": "46091" } ], "trust": 0.3 } }
var-201110-0384
Vulnerability from variot
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote authenticated users to affect confidentiality, related to JAXWS. The vulnerability can be exploited over multiple protocols. This issue affects the 'JAXWS' sub-component. This vulnerability affects the following supported versions: JDK and JRE 7, 6 Update 27, JRockit R28.1.4. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201111-02
http://security.gentoo.org/
Severity: Normal Title: Oracle JRE/JDK: Multiple vulnerabilities Date: November 05, 2011 Bugs: #340421, #354213, #370559, #387851 ID: 201111-02
Synopsis
Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact.
Background
The Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE) provide the Oracle Java platform (formerly known as Sun Java Platform).
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/sun-jre-bin < 1.6.0.29 >= 1.6.0.29 * 2 app-emulation/emul-linux-x86-java < 1.6.0.29 >= 1.6.0.29 * 3 dev-java/sun-jdk < 1.6.0.29 >= 1.6.0.29 * ------------------------------------------------------------------- NOTE: Packages marked with asterisks require manual intervention! ------------------------------------------------------------------- 3 affected packages -------------------------------------------------------------------
Description
Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below and the associated Oracle Critical Patch Update Advisory for details.
Workaround
There is no known workaround at this time.
Resolution
All Oracle JDK 1.6 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.6.0.29"
All Oracle JRE 1.6 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.6.0.29"
All users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to the latest version:
# emerge --sync # emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.6.0.29"
NOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically. This limitation is not present on a non-fetch restricted implementation such as dev-java/icedtea-bin.
References
[ 1 ] CVE-2010-3541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541 [ 2 ] CVE-2010-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548 [ 3 ] CVE-2010-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549 [ 4 ] CVE-2010-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550 [ 5 ] CVE-2010-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551 [ 6 ] CVE-2010-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552 [ 7 ] CVE-2010-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553 [ 8 ] CVE-2010-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554 [ 9 ] CVE-2010-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555 [ 10 ] CVE-2010-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556 [ 11 ] CVE-2010-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557 [ 12 ] CVE-2010-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558 [ 13 ] CVE-2010-3559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559 [ 14 ] CVE-2010-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560 [ 15 ] CVE-2010-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561 [ 16 ] CVE-2010-3562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562 [ 17 ] CVE-2010-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563 [ 18 ] CVE-2010-3565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565 [ 19 ] CVE-2010-3566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566 [ 20 ] CVE-2010-3567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567 [ 21 ] CVE-2010-3568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568 [ 22 ] CVE-2010-3569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569 [ 23 ] CVE-2010-3570 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570 [ 24 ] CVE-2010-3571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571 [ 25 ] CVE-2010-3572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572 [ 26 ] CVE-2010-3573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573 [ 27 ] CVE-2010-3574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574 [ 28 ] CVE-2010-4422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422 [ 29 ] CVE-2010-4447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447 [ 30 ] CVE-2010-4448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448 [ 31 ] CVE-2010-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450 [ 32 ] CVE-2010-4451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451 [ 33 ] CVE-2010-4452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452 [ 34 ] CVE-2010-4454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454 [ 35 ] CVE-2010-4462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462 [ 36 ] CVE-2010-4463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463 [ 37 ] CVE-2010-4465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465 [ 38 ] CVE-2010-4466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466 [ 39 ] CVE-2010-4467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467 [ 40 ] CVE-2010-4468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468 [ 41 ] CVE-2010-4469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469 [ 42 ] CVE-2010-4470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470 [ 43 ] CVE-2010-4471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471 [ 44 ] CVE-2010-4472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472 [ 45 ] CVE-2010-4473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473 [ 46 ] CVE-2010-4474 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474 [ 47 ] CVE-2010-4475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475 [ 48 ] CVE-2010-4476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476 [ 49 ] CVE-2011-0802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802 [ 50 ] CVE-2011-0814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814 [ 51 ] CVE-2011-0815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815 [ 52 ] CVE-2011-0862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862 [ 53 ] CVE-2011-0863 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863 [ 54 ] CVE-2011-0864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864 [ 55 ] CVE-2011-0865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865 [ 56 ] CVE-2011-0867 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867 [ 57 ] CVE-2011-0868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868 [ 58 ] CVE-2011-0869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869 [ 59 ] CVE-2011-0871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871 [ 60 ] CVE-2011-0872 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872 [ 61 ] CVE-2011-0873 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873 [ 62 ] CVE-2011-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389 [ 63 ] CVE-2011-3516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516 [ 64 ] CVE-2011-3521 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521 [ 65 ] CVE-2011-3544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544 [ 66 ] CVE-2011-3545 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545 [ 67 ] CVE-2011-3546 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546 [ 68 ] CVE-2011-3547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547 [ 69 ] CVE-2011-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548 [ 70 ] CVE-2011-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549 [ 71 ] CVE-2011-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550 [ 72 ] CVE-2011-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551 [ 73 ] CVE-2011-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552 [ 74 ] CVE-2011-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553 [ 75 ] CVE-2011-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554 [ 76 ] CVE-2011-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555 [ 77 ] CVE-2011-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556 [ 78 ] CVE-2011-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557 [ 79 ] CVE-2011-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558 [ 80 ] CVE-2011-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560 [ 81 ] CVE-2011-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201111-02.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Hitachi Cosminexus Products Java Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA46694
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46694/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46694
RELEASE DATE: 2011-11-08
DISCUSS ADVISORY: http://secunia.com/advisories/46694/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46694/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46694
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Hitachi has acknowledged multiple vulnerabilities in Hitachi Cosminexus products, which can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
The vulnerabilities are caused due to vulnerabilities in the bundled version of Cosminexus Developer's Kit for Java.
For more information: SA46512
Please see the vendor's advisory for a list of affected products. Please see the vendor's advisory for details.
ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-024/index.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: java-1.6.0-ibm security update Advisory ID: RHSA-2012:0034-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0034.html Issue date: 2012-01-18 CVE Names: CVE-2011-3389 CVE-2011-3516 CVE-2011-3521 CVE-2011-3544 CVE-2011-3545 CVE-2011-3546 CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 CVE-2011-3550 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3560 CVE-2011-3561 =====================================================================
- Summary:
Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
- Detailed vulnerability descriptions are linked from the IBM "Security alerts" page, listed in the References section. (CVE-2011-3389, CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3556, CVE-2011-3557, CVE-2011-3560, CVE-2011-3561)
All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java 6 SR10 release. All running instances of IBM Java must be restarted for the update to take effect.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
- Bugs fixed (http://bugzilla.redhat.com/):
737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) 745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936) 745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600) 745391 - CVE-2011-3551 OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640) 745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417) 745399 - CVE-2011-3544 OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823) 745442 - CVE-2011-3521 OpenJDK: IIOP deserialization code execution (Deserialization, 7055902) 745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857) 745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466) 745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012) 745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773) 745476 - CVE-2011-3553 OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794) 747191 - CVE-2011-3545 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Sound) 747198 - CVE-2011-3549 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Swing) 747200 - CVE-2011-3550 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (AWT) 747203 - CVE-2011-3516 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment) 747205 - CVE-2011-3546 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment) 747208 - CVE-2011-3561 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)
- Package List:
Red Hat Enterprise Linux AS version 4 Extras:
i386: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.i386.rpm
ppc: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.ppc.rpm java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.ppc64.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.ppc.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.ppc.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.ppc.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.ppc.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.ppc64.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.ppc.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.ppc.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.ppc64.rpm
s390: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.s390.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.s390.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.s390.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.s390.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.s390.rpm
s390x: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.s390x.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.s390x.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.s390x.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.s390x.rpm
x86_64: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.x86_64.rpm
Red Hat Desktop version 4 Extras:
i386: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.i386.rpm
x86_64: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.x86_64.rpm
Red Hat Enterprise Linux ES version 4 Extras:
i386: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.i386.rpm
x86_64: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.x86_64.rpm
Red Hat Enterprise Linux WS version 4 Extras:
i386: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.i386.rpm
x86_64: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.x86_64.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.i386.rpm
x86_64: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.10.0-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.i386.rpm
ppc: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.ppc64.rpm java-1.6.0-ibm-accessibility-1.6.0.10.0-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el5.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.ppc64.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.ppc64.rpm
s390x: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.s390.rpm java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.s390x.rpm java-1.6.0-ibm-accessibility-1.6.0.10.0-1jpp.2.el5.s390x.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.s390.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.s390x.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.s390.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.s390.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.s390x.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.s390.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.s390x.rpm
x86_64: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.10.0-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.x86_64.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el6.i686.rpm
x86_64: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node Supplementary (v. 6):
x86_64: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el6.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el6.i686.rpm
ppc64: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el6.ppc64.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el6.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.ppc.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el6.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el6.ppc64.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el6.ppc64.rpm
s390x: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el6.s390x.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el6.s390x.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.s390.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el6.s390x.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el6.s390x.rpm
x86_64: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el6.i686.rpm
x86_64: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-3389.html https://www.redhat.com/security/data/cve/CVE-2011-3516.html https://www.redhat.com/security/data/cve/CVE-2011-3521.html https://www.redhat.com/security/data/cve/CVE-2011-3544.html https://www.redhat.com/security/data/cve/CVE-2011-3545.html https://www.redhat.com/security/data/cve/CVE-2011-3546.html https://www.redhat.com/security/data/cve/CVE-2011-3547.html https://www.redhat.com/security/data/cve/CVE-2011-3548.html https://www.redhat.com/security/data/cve/CVE-2011-3549.html https://www.redhat.com/security/data/cve/CVE-2011-3550.html https://www.redhat.com/security/data/cve/CVE-2011-3551.html https://www.redhat.com/security/data/cve/CVE-2011-3552.html https://www.redhat.com/security/data/cve/CVE-2011-3553.html https://www.redhat.com/security/data/cve/CVE-2011-3554.html https://www.redhat.com/security/data/cve/CVE-2011-3556.html https://www.redhat.com/security/data/cve/CVE-2011-3557.html https://www.redhat.com/security/data/cve/CVE-2011-3560.html https://www.redhat.com/security/data/cve/CVE-2011-3561.html https://access.redhat.com/security/updates/classification/#critical http://www.ibm.com/developerworks/java/jdk/alerts/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFPFx2vXlSAg2UNWIIRAhTiAKC/De/npwAlSJPQ/Grh51Bmxq3M5ACgvw8T hoc/VGW50B8EPSdZ48jR034= =nw0v -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. This combines the two previous openjdk-6 advisories, DSA-2311-1 and DSA-2356-1.
CVE-2011-0862 Integer overflow errors in the JPEG and font parser allow untrusted code (including applets) to elevate its privileges.
CVE-2011-0864 Hotspot, the just-in-time compiler in OpenJDK, mishandled certain byte code instructions, allowing untrusted code (including applets) to crash the virtual machine.
CVE-2011-0865 A race condition in signed object deserialization could allow untrusted code to modify signed content, apparently leaving its signature intact.
CVE-2011-0867 Untrusted code (including applets) could access information about network interfaces which was not intended to be public. (Note that the interface MAC address is still available to untrusted code.)
CVE-2011-0868 A float-to-long conversion could overflow, , allowing untrusted code (including applets) to crash the virtual machine.
CVE-2011-0869 Untrusted code (including applets) could intercept HTTP requests by reconfiguring proxy settings through a SOAP connection.
CVE-2011-0871 Untrusted code (including applets) could elevate its privileges through the Swing MediaTracker code.
CVE-2011-3547 The skip() method in java.io.InputStream uses a shared buffer, allowing untrusted Java code (such as applets) to access data that is skipped by other code.
CVE-2011-3551 The Java2D C code contains an integer overflow which results in a heap-based buffer overflow, potentially allowing untrusted Java code (such as applets) to elevate its privileges.
CVE-2011-3553 JAX-WS enables stack traces for certain server responses by default, potentially leaking sensitive information.
CVE-2011-3560 The com.sun.net.ssl.HttpsURLConnection class does not perform proper security manager checks in the setSSLSocketFactory() method, allowing untrusted Java code to bypass security policy restrictions.
For the oldstable distribution (lenny), these problems have been fixed in version 6b18-1.8.10-0~lenny1. ========================================================================== Ubuntu Security Notice USN-1263-1 November 16, 2011
icedtea-web, openjdk-6, openjdk-6b18 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Summary:
Multiple OpenJDK 6 and IcedTea-Web vulnerabilities have been fixed.
Software Description: - icedtea-web: A web browser plugin to execute Java applets - openjdk-6: Open Source Java implementation - openjdk-6b18: Open Source Java implementation
Details:
Deepak Bhole discovered a flaw in the Same Origin Policy (SOP) implementation in the IcedTea web browser plugin. This could allow a remote attacker to open connections to certain hosts that should not be permitted. (CVE-2011-3377)
Juliano Rizzo and Thai Duong discovered that the block-wise AES encryption algorithm block-wise as used in TLS/SSL was vulnerable to a chosen-plaintext attack. This could allow a remote attacker to view confidential data. (CVE-2011-3389)
It was discovered that a type confusion flaw existed in the in the Internet Inter-Orb Protocol (IIOP) deserialization code. A remote attacker could use this to cause an untrusted application or applet to execute arbitrary code by deserializing malicious input. (CVE-2011-3521)
It was discovered that the Java scripting engine did not perform SecurityManager checks. This could allow a remote attacker to cause an untrusted application or applet to execute arbitrary code with the full privileges of the JVM. (CVE-2011-3544)
It was discovered that the InputStream class used a global buffer to store input bytes skipped. An attacker could possibly use this to gain access to sensitive information. (CVE-2011-3547)
It was discovered that a vulnerability existed in the AWTKeyStroke class. A remote attacker could cause an untrusted application or applet to execute arbitrary code. (CVE-2011-3548)
It was discovered that an integer overflow vulnerability existed in the TransformHelper class in the Java2D implementation. A remote attacker could use this cause a denial of service via an application or applet crash or possibly execute arbitrary code. (CVE-2011-3551)
It was discovered that the default number of available UDP sockets for applications running under SecurityManager restrictions was set too high. A remote attacker could use this with a malicious application or applet exhaust the number of available UDP sockets to cause a denial of service for other applets or applications running within the same JVM. (CVE-2011-3552)
It was discovered that Java API for XML Web Services (JAX-WS) could incorrectly expose a stack trace. A remote attacker could potentially use this to gain access to sensitive information. (CVE-2011-3553)
It was discovered that the unpacker for pack200 JAR files did not sufficiently check for errors. An attacker could cause a denial of service or possibly execute arbitrary code through a specially crafted pack200 JAR file. (CVE-2011-3554)
It was discovered that the RMI registration implementation did not properly restrict privileges of remotely executed code. A remote attacker could use this to execute code with elevated privileges. (CVE-2011-3556, CVE-2011-3557)
It was discovered that the HotSpot VM could be made to crash, allowing an attacker to cause a denial of service or possibly leak sensitive information. (CVE-2011-3558)
It was discovered that the HttpsURLConnection class did not properly perform SecurityManager checks in certain situations. This could allow a remote attacker to bypass restrictions on HTTPS connections. (CVE-2011-3560)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.10: icedtea-6-jre-cacao 6b23~pre11-0ubuntu1.11.10 icedtea-6-jre-jamvm 6b23~pre11-0ubuntu1.11.10 icedtea-netx 1.1.3-1ubuntu1.1 icedtea-plugin 1.1.3-1ubuntu1.1 openjdk-6-jre 6b23~pre11-0ubuntu1.11.10 openjdk-6-jre-headless 6b23~pre11-0ubuntu1.11.10 openjdk-6-jre-lib 6b23~pre11-0ubuntu1.11.10 openjdk-6-jre-zero 6b23~pre11-0ubuntu1.11.10
Ubuntu 11.04: icedtea-6-jre-cacao 6b22-1.10.4-0ubuntu1~11.04.1 icedtea-6-jre-jamvm 6b22-1.10.4-0ubuntu1~11.04.1 icedtea-netx 1.1.1-0ubuntu1~11.04.2 icedtea-plugin 1.1.1-0ubuntu1~11.04.2 openjdk-6-jre 6b22-1.10.4-0ubuntu1~11.04.1 openjdk-6-jre-headless 6b22-1.10.4-0ubuntu1~11.04.1 openjdk-6-jre-lib 6b22-1.10.4-0ubuntu1~11.04.1 openjdk-6-jre-zero 6b22-1.10.4-0ubuntu1~11.04.1
Ubuntu 10.10: icedtea-6-jre-cacao 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-demo 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-jdk 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-jre 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-jre-headless 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-jre-lib 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-jre-zero 6b20-1.9.10-0ubuntu1~10.10.2
Ubuntu 10.04 LTS: icedtea-6-jre-cacao 6b20-1.9.10-0ubuntu1~10.04.2 icedtea6-plugin 6b20-1.9.10-0ubuntu1~10.04.2 openjdk-6-demo 6b20-1.9.10-0ubuntu1~10.04.2 openjdk-6-jre 6b20-1.9.10-0ubuntu1~10.04.2 openjdk-6-jre-headless 6b20-1.9.10-0ubuntu1~10.04.2 openjdk-6-jre-lib 6b20-1.9.10-0ubuntu1~10.04.2 openjdk-6-jre-zero 6b20-1.9.10-0ubuntu1~10.04.2
After a standard system update you need to restart any Java applications or applets to make all the necessary changes.
IcedTea6 prior to 1.10.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D (CVE-2011-3551).
IcedTea6 prior to 1.10.4 allows remote attackers to affect integrity via unknown vectors related to Networking (CVE-2011-3552).
A flaw was found in the way the SSL 3 and TLS 1.0 protocols used block ciphers in cipher-block chaining (CBC) mode. An attacker able to perform a chosen plain text attack against a connection mixing trusted and untrusted data could use this flaw to recover portions of the trusted data sent over the connection (CVE-2011-3389).
Note: This update mitigates the CVE-2011-3389 issue by splitting the first application data record byte to a separate SSL/TLS protocol record. This mitigation may cause compatibility issues with some SSL/TLS implementations and can be disabled using the jsse.enableCBCProtection boolean property. This can be done on the command line by appending the flag -Djsse.enableCBCProtection=false to the java command.
IcedTea6 prior to 1.10.4 allows remote attackers to affect confidentiality, integrity, and availability, related to RMI (CVE-2011-3556).
IcedTea6 prior to 1.10.4 allows remote attackers to affect confidentiality, integrity, and availability, related to RMI (CVE-2011-3557). A malicious applet could use this flaw to bypass SOP protection and open connections to any sub-domain of the second-level domain of the applet's origin, as well as any sub-domain of the domain that is the suffix of the origin second-level domain. For example, IcedTea-Web plugin allowed applet from some.host.example.com to connect to other.host.example.com, www.example.com, and example.com, as well as www.ample.com or ample.com. (CVE-2011-3377). The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFOvSWxmqjQ0CJFipgRAnk1AKDUddZYCqwkfhoUpLxEL0BT3mDf0ACfbuTI aaF2JGTyfceBABs92un/yVA= =yPsD -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .
Release Date: 2012-01-23 Last Updated: 2012-01-23
Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.12 or earlier
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-3516 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2011-3521 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3544 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3545 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3546 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8 CVE-2011-3547 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3548 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3549 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3550 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2011-3551 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2011-3552 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2011-3553 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2011-3554 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3556 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-3557 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2011-3558 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3560 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2011-3561 (AV:A/AC:H/Au:N/C:P/I:N/A:N) 1.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following Java version upgrades to resolve these vulnerabilities. This bulletin will be revised as other upgrades for additional supported Java versions become available. The upgrades are available from the following location
http://www.hp.com/go/java
HP-UX B.11.11, B.11.23, B.11.31 JDK and JRE v6.0.13 or subsequent
MANUAL ACTIONS: Yes - Update For Java v6.0.12 and earlier, update to Java v6.0.13 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 =========== Jre60.JRE60-COM Jre60.JRE60-IPF32 Jre60.JRE60-IPF32-HS Jre60.JRE60-IPF64 Jre60.JRE60-IPF64-HS Jre60.JRE60-PA20 Jre60.JRE60-PA20-HS Jre60.JRE60-PA20W Jre60.JRE60-PA20W-HS Jdk60.JDK60-COM Jdk60.JDK60-IPF32 Jdk60.JDK60-IPF64 Jdk60.JDK60-PA20 Jdk60.JDK60-PA20W action: install revision 1.6.0.13.00 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) 23 January 2012 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201110-0384", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jrockit", "scope": "lte", "trust": 1.8, "vendor": "oracle", "version": "r28.1.4" }, { "model": "esx", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "3.5" }, { "model": "esx", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "4.0" }, { "model": "esx", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "4.1" }, { "model": "jrockit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "r28.1.3" }, { "model": "jrockit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "r28.0.1" }, { "model": "jrockit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "r28.1.1" }, { "model": "jrockit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "r28.1.0" }, { "model": "jre", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jdk", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jrockit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "r28.0.2" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.7.0" }, { "model": "jrockit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "r28.0.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.7.0" }, { "model": "jre 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 28", "scope": "ne", "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 27", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 27", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 12", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.7" }, { "model": "jre 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 01", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 28", "scope": "ne", "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 26", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 26", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 24", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 11", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.7" }, { "model": "jdk 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 24", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "vcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "4.0 (windows)" }, { "model": "vcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "4.1 (windows)" }, { "model": "vcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "5.0 (windows)" }, { "model": "virtualcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "2.5 (windows)" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6.8" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.7.2" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6.8" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.7.2" }, { "model": "jdk", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "6 update 27" }, { "model": "jdk", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "7" }, { "model": "jre", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "6 update 27" }, { "model": "jre", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "7" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 extras" }, { "model": "enterprise linux hpc node supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux server supplementary eus", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6.1.z" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "enterprise version 6" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard version 6" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "cosminexus client", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "cosminexus developer\u0027s kit for java", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base" }, { "model": "cosminexus server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard edition version 4" }, { "model": "cosminexus server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "web edition version 4" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard edition version 4" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "web edition version 4" }, { "model": "hirdb for java /xml", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "developer\u0027s kit for java", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "processing kit for xml", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "enterprise" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "express" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "smart edition" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard-r" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "for plug-in" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "01" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional for plug-in" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard" }, { "model": "ucosminexus operator", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus portal framework", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "entry set" }, { "model": "ucosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "architect" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "platform" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "platform - messaging" }, { "model": "jdk 01-b06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 2", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 01", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 20", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "cosminexus server web edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "java se sr8 fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8" }, { "model": "linux enterprise sdk sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "trio tview software", "scope": "eq", "trust": 0.3, "vendor": "schneider electric", "version": "3.27.0" }, { "model": "jrockit r27.6.0-50", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.5.015" }, { "model": "processing kit for xml", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.1" }, { "model": "nonstop server h06.16.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.19.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "enterprise linux as extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.10" }, { "model": "jdk 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6" }, { "model": "cosminexus studio web edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "nonstop server j06.08.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.15.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.06" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "trio tview software", "scope": "ne", "trust": 0.3, "vendor": "schneider electric", "version": "3.29.0" }, { "model": "nonstop server j06.06.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "15.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1" }, { "model": "nonstop server j06.14", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jrockit r27.6.2", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "jrockit r27.6.5", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5" }, { "model": "ucosminexus application server express", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-70" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.8" }, { "model": "nonstop server j06.09.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.26", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.06" }, { "model": "nonstop server j06.04.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system platform sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.2" }, { "model": "nonstop server j06.13", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "linux enterprise server sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "nonstop server j06.09.04", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.2" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0.0.52" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "cosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "nonstop server h06.18.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.15.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.22.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.014" }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server j06.12.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ir", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "jrockit r27.6.9", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server j06.05.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.011" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.02" }, { "model": "nonstop server j06.08.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus server standard edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server j06.09.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jrockit r27.6.3", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.01" }, { "model": "nonstop server j06.16", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "ucosminexus client for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "java se sr6", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "nonstop server j6.0.14.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "freeflow print server 73.c0.41", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.011" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.2" }, { "model": "enterprise linux desktop supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "jrockit r27.1.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "010" }, { "model": "enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "jrockit r28.1.4", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "ucosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "ucosminexus service platform messaging", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0" }, { "model": "nonstop server j06.07.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2011" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "nonstop server j06.09.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jrockit r28.0.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "nonstop server j06.10.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "jrockit r27.6.6", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "nonstop server j06.06.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.012" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "nonstop server h06.24.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.0" }, { "model": "jrockit r27.6.8", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "nonstop server h06.25", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "messaging storage server sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.012" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.04" }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.0.2" }, { "model": "ucosminexus application server light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.15.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "freeflow print server 73.b3.61", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "linux enterprise software development kit sp1 for sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.04" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "virtualcenter update 6b", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "2.5" }, { "model": "openjdk", "scope": "eq", "trust": 0.3, "vendor": "openjdk", "version": "6" }, { "model": "security appscan standard", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "enterprise linux ws extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "java se sr9", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0" }, { "model": "jrockit r28.1.1", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "nonstop server j06.07.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "enterprise linux es extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "message networking sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux enterprise server for vmware sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "openjdk", "scope": "eq", "trust": 0.3, "vendor": "openjdk", "version": "1.6" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.010" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.013" }, { "model": "jrockit r27.6.4", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "nonstop server j06.08.04", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "nonstop server j06.08.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura system manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "messaging storage server sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "enterprise server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.015" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.010" }, { "model": "nonstop server h06.15.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.24", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.013" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.018" }, { "model": "cosminexus primary server base", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.019" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "java se sr10", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "nonstop server h06.16.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus developer professional for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.18.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.20.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "enterprise linux hpc node optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.6" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.015" }, { "model": "nonstop server j06.13.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "nonstop server h06.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.014" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.019" }, { "model": "enterprise server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "nonstop server h06.19.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "java se sr7", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "jrockit r28.0.1", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "openpages grc platform", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.2.1" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "nonstop server h06.22.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "enterprise linux workstation optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "jrockit r28.1.3", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.020" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "cosminexus studio standard edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "nonstop server h06.19.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "linux enterprise server sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.03" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.7" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.05" }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.1" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.020" }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "interactive response", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.1" }, { "model": "nonstop server j06.11.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr9-fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0" }, { "model": "nonstop server j06.15", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.03" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2011" }, { "model": "messaging application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "update manager update", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "5.01" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.21.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "virtualcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5" }, { "model": "jrockit r27.6.7", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "nonstop server h06.20.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "jrockit r27.6.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-80" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "cosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "messaging storage server sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "nonstop server j06.05.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.07.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cms server aux", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "15.0" }, { "model": "nonstop server h06.21.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server h06.19.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux enterprise java sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "hirdb for java", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.2" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.10" }, { "model": "ucosminexus application server smart edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.7" }, { "model": "nonstop server j06.11.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "nonstop server h06.26.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "cosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "linux enterprise server sp1 for sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.021" }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "enterprise linux server optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "desktop extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "nonstop server j06.04.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "nonstop server j06.04.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "nonstop server j06.06.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus primary server base", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.016" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "nonstop server h06.21.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.021" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.07" }, { "model": "nonstop server j06.06.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.17.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.016" }, { "model": "network node manager i", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.1" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.018" }, { "model": "update manager", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura system platform sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "jdk 1.6.0 01-b06", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "cosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.07" }, { "model": "nonstop server h06.20.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "nonstop server j06.10.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "enterprise linux desktop optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server h06.17.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.017" }, { "model": "enterprise linux hpc node supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "ucosminexus application server standard-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "nonstop server h06.16.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.4" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.2" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "nonstop server j06.05.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "linux enterprise java sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.017" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "java se sr1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "nonstop server h06.20.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus developer no version", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "nonstop server j06.09.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0.1" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "nonstop server h06.17.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.08.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura conferencing standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server j06.10.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "nonstop server h06.25.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.18.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus application server no version", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.27", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.05" }, { "model": "nonstop server h06.17.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.14.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.2" } ], "sources": [ { "db": "BID", "id": "50246" }, { "db": "JVNDB", "id": "JVNDB-2011-002587" }, { "db": "NVD", "id": "CVE-2011-3553" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:vmware:esx", "vulnerable": true }, { "cpe22Uri": "cpe:/a:vmware:vcenter", "vulnerable": true }, { "cpe22Uri": "cpe:/a:vmware:virtualcenter", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:jrockit", "vulnerable": true }, { "cpe22Uri": "cpe:/a:sun:jdk", "vulnerable": true }, { "cpe22Uri": "cpe:/a:sun:jre", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:enterprise_linux", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:enterprise_linux_hpc_node_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_server_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_server_supplementary_eus", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_workstation_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_desktop_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_client", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developers_kit_for_java", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_primary_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:hirdb_for_java_xml", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:hitachi_developers_kit_for_java", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:processing_kit_for_xml", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_client", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_operator", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_portal_framework", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_primary_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_service", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-002587" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Oracle", "sources": [ { "db": "BID", "id": "50246" } ], "trust": 0.3 }, "cve": "CVE-2011-3553", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 6.8, "id": "CVE-2011-3553", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 1.9, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2011-3553", "trust": 1.0, "value": "LOW" }, { "author": "NVD", "id": "CVE-2011-3553", "trust": 0.8, "value": "Low" }, { "author": "VULMON", "id": "CVE-2011-3553", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3553" }, { "db": "JVNDB", "id": "JVNDB-2011-002587" }, { "db": "NVD", "id": "CVE-2011-3553" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote authenticated users to affect confidentiality, related to JAXWS. \nThe vulnerability can be exploited over multiple protocols. This issue affects the \u0027JAXWS\u0027 sub-component. \nThis vulnerability affects the following supported versions:\nJDK and JRE 7, 6 Update 27, JRockit R28.1.4. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201111-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Oracle JRE/JDK: Multiple vulnerabilities\n Date: November 05, 2011\n Bugs: #340421, #354213, #370559, #387851\n ID: 201111-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in the Oracle JRE/JDK,\nallowing attackers to cause unspecified impact. \n\nBackground\n==========\n\nThe Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and\nthe Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE)\nprovide the Oracle Java platform (formerly known as Sun Java Platform). \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-java/sun-jre-bin \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n 2 app-emulation/emul-linux-x86-java\n \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n 3 dev-java/sun-jdk \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n -------------------------------------------------------------------\n NOTE: Packages marked with asterisks require manual intervention!\n -------------------------------------------------------------------\n 3 affected packages\n -------------------------------------------------------------------\n\nDescription\n===========\n\nMultiple vulnerabilities have been reported in the Oracle Java\nimplementation. Please review the CVE identifiers referenced below and\nthe associated Oracle Critical Patch Update Advisory for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Oracle JDK 1.6 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-java/sun-jdk-1.6.0.29\"\n\nAll Oracle JRE 1.6 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-java/sun-jre-bin-1.6.0.29\"\n\nAll users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to\nthe latest version:\n\n # emerge --sync\n # emerge -a -1 -v \"\u003e=app-emulation/emul-linux-x86-java-1.6.0.29\"\n\nNOTE: As Oracle has revoked the DLJ license for its Java\nimplementation, the packages can no longer be updated automatically. \nThis limitation is not present on a non-fetch restricted implementation\nsuch as dev-java/icedtea-bin. \n\nReferences\n==========\n\n[ 1 ] CVE-2010-3541\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541\n[ 2 ] CVE-2010-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548\n[ 3 ] CVE-2010-3549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549\n[ 4 ] CVE-2010-3550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550\n[ 5 ] CVE-2010-3551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551\n[ 6 ] CVE-2010-3552\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552\n[ 7 ] CVE-2010-3553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553\n[ 8 ] CVE-2010-3554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554\n[ 9 ] CVE-2010-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555\n[ 10 ] CVE-2010-3556\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556\n[ 11 ] CVE-2010-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557\n[ 12 ] CVE-2010-3558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558\n[ 13 ] CVE-2010-3559\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559\n[ 14 ] CVE-2010-3560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560\n[ 15 ] CVE-2010-3561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561\n[ 16 ] CVE-2010-3562\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562\n[ 17 ] CVE-2010-3563\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563\n[ 18 ] CVE-2010-3565\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565\n[ 19 ] CVE-2010-3566\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566\n[ 20 ] CVE-2010-3567\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567\n[ 21 ] CVE-2010-3568\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568\n[ 22 ] CVE-2010-3569\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569\n[ 23 ] CVE-2010-3570\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570\n[ 24 ] CVE-2010-3571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571\n[ 25 ] CVE-2010-3572\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572\n[ 26 ] CVE-2010-3573\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573\n[ 27 ] CVE-2010-3574\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574\n[ 28 ] CVE-2010-4422\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422\n[ 29 ] CVE-2010-4447\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447\n[ 30 ] CVE-2010-4448\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448\n[ 31 ] CVE-2010-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450\n[ 32 ] CVE-2010-4451\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451\n[ 33 ] CVE-2010-4452\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452\n[ 34 ] CVE-2010-4454\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454\n[ 35 ] CVE-2010-4462\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462\n[ 36 ] CVE-2010-4463\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463\n[ 37 ] CVE-2010-4465\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465\n[ 38 ] CVE-2010-4466\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466\n[ 39 ] CVE-2010-4467\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467\n[ 40 ] CVE-2010-4468\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468\n[ 41 ] CVE-2010-4469\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469\n[ 42 ] CVE-2010-4470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470\n[ 43 ] CVE-2010-4471\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471\n[ 44 ] CVE-2010-4472\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472\n[ 45 ] CVE-2010-4473\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473\n[ 46 ] CVE-2010-4474\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474\n[ 47 ] CVE-2010-4475\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475\n[ 48 ] CVE-2010-4476\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476\n[ 49 ] CVE-2011-0802\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802\n[ 50 ] CVE-2011-0814\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814\n[ 51 ] CVE-2011-0815\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815\n[ 52 ] CVE-2011-0862\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862\n[ 53 ] CVE-2011-0863\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863\n[ 54 ] CVE-2011-0864\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864\n[ 55 ] CVE-2011-0865\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865\n[ 56 ] CVE-2011-0867\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867\n[ 57 ] CVE-2011-0868\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868\n[ 58 ] CVE-2011-0869\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869\n[ 59 ] CVE-2011-0871\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871\n[ 60 ] CVE-2011-0872\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872\n[ 61 ] CVE-2011-0873\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873\n[ 62 ] CVE-2011-3389\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389\n[ 63 ] CVE-2011-3516\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516\n[ 64 ] CVE-2011-3521\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521\n[ 65 ] CVE-2011-3544\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544\n[ 66 ] CVE-2011-3545\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545\n[ 67 ] CVE-2011-3546\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546\n[ 68 ] CVE-2011-3547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547\n[ 69 ] CVE-2011-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548\n[ 70 ] CVE-2011-3549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549\n[ 71 ] CVE-2011-3550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550\n[ 72 ] CVE-2011-3551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551\n[ 73 ] CVE-2011-3552\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552\n[ 74 ] CVE-2011-3553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553\n[ 75 ] CVE-2011-3554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554\n[ 76 ] CVE-2011-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555\n[ 77 ] CVE-2011-3556\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556\n[ 78 ] CVE-2011-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557\n[ 79 ] CVE-2011-3558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558\n[ 80 ] CVE-2011-3560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560\n[ 81 ] CVE-2011-3561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201111-02.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nHitachi Cosminexus Products Java Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA46694\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46694/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46694\n\nRELEASE DATE:\n2011-11-08\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46694/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46694/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46694\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nHitachi has acknowledged multiple vulnerabilities in Hitachi\nCosminexus products, which can be exploited by malicious users to\ndisclose certain information and by malicious people to disclose\npotentially sensitive information, hijack a user\u0027s session, conduct\nDNS cache poisoning attacks, manipulate certain data, cause a DoS\n(Denial of Service), and compromise a vulnerable system. \n\nThe vulnerabilities are caused due to vulnerabilities in the bundled\nversion of Cosminexus Developer\u0027s Kit for Java. \n\nFor more information:\nSA46512\n\nPlease see the vendor\u0027s advisory for a list of affected products. Please see the vendor\u0027s advisory for\ndetails. \n\nORIGINAL ADVISORY:\nhttp://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-024/index.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: java-1.6.0-ibm security update\nAdvisory ID: RHSA-2012:0034-01\nProduct: Red Hat Enterprise Linux Extras\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2012-0034.html\nIssue date: 2012-01-18\nCVE Names: CVE-2011-3389 CVE-2011-3516 CVE-2011-3521 \n CVE-2011-3544 CVE-2011-3545 CVE-2011-3546 \n CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 \n CVE-2011-3550 CVE-2011-3551 CVE-2011-3552 \n CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 \n CVE-2011-3557 CVE-2011-3560 CVE-2011-3561 \n=====================================================================\n\n1. Summary:\n\nUpdated java-1.6.0-ibm packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise\nLinux 5 and 6 Supplementary. \n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Desktop version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux AS version 4 Extras - i386, ppc, s390, s390x, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux ES version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux WS version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. Detailed\nvulnerability descriptions are linked from the IBM \"Security alerts\" page,\nlisted in the References section. (CVE-2011-3389, CVE-2011-3516,\nCVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546, CVE-2011-3547,\nCVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551, CVE-2011-3552,\nCVE-2011-3553, CVE-2011-3554, CVE-2011-3556, CVE-2011-3557, CVE-2011-3560,\nCVE-2011-3561)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM Java 6 SR10 release. All running instances\nof IBM Java must be restarted for the update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)\n745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936)\n745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600)\n745391 - CVE-2011-3551 OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640)\n745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417)\n745399 - CVE-2011-3544 OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823)\n745442 - CVE-2011-3521 OpenJDK: IIOP deserialization code execution (Deserialization, 7055902)\n745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857)\n745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466)\n745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012)\n745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773)\n745476 - CVE-2011-3553 OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794)\n747191 - CVE-2011-3545 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Sound)\n747198 - CVE-2011-3549 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Swing)\n747200 - CVE-2011-3550 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (AWT)\n747203 - CVE-2011-3516 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)\n747205 - CVE-2011-3546 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)\n747208 - CVE-2011-3561 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)\n\n6. Package List:\n\nRed Hat Enterprise Linux AS version 4 Extras:\n\ni386:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.i386.rpm\n\nppc:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.ppc.rpm\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.ppc64.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.ppc.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.ppc64.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.ppc.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.ppc64.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.ppc.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.ppc64.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.ppc.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.ppc64.rpm\njava-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.ppc.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.ppc.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.ppc64.rpm\n\ns390:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.s390.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.s390.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.s390.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.s390.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.s390.rpm\n\ns390x:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.s390x.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.s390x.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.s390x.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.s390x.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.s390x.rpm\n\nx86_64:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\n\nRed Hat Desktop version 4 Extras:\n\ni386:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.i386.rpm\n\nx86_64:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\n\nRed Hat Enterprise Linux ES version 4 Extras:\n\ni386:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.i386.rpm\n\nx86_64:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\n\nRed Hat Enterprise Linux WS version 4 Extras:\n\ni386:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.i386.rpm\n\nx86_64:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5):\n\ni386:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-accessibility-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.i386.rpm\n\nx86_64:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.x86_64.rpm\njava-1.6.0-ibm-accessibility-1.6.0.10.0-1jpp.2.el5.x86_64.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.x86_64.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.x86_64.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el5.x86_64.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.x86_64.rpm\njava-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el5.x86_64.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 5):\n\ni386:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-accessibility-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.i386.rpm\n\nppc:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.ppc.rpm\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.ppc64.rpm\njava-1.6.0-ibm-accessibility-1.6.0.10.0-1jpp.2.el5.ppc.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.ppc.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.ppc64.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.ppc.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.ppc64.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el5.ppc.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el5.ppc64.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.ppc.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.ppc64.rpm\njava-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el5.ppc.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.ppc.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.ppc64.rpm\n\ns390x:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.s390.rpm\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.s390x.rpm\njava-1.6.0-ibm-accessibility-1.6.0.10.0-1jpp.2.el5.s390x.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.s390.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.s390x.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.s390.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.s390x.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.s390.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.s390x.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.s390.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.s390x.rpm\n\nx86_64:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.x86_64.rpm\njava-1.6.0-ibm-accessibility-1.6.0.10.0-1jpp.2.el5.x86_64.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.x86_64.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.x86_64.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el5.x86_64.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.x86_64.rpm\njava-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el5.x86_64.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el6.i686.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el6.i686.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.i686.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el6.i686.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el6.i686.rpm\njava-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el6.i686.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el6.i686.rpm\n\nx86_64:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.i686.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\njava-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6):\n\nx86_64:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.i686.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el6.i686.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el6.i686.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.i686.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el6.i686.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el6.i686.rpm\njava-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el6.i686.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el6.i686.rpm\n\nppc64:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el6.ppc64.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el6.ppc64.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.ppc.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.ppc64.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el6.ppc64.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el6.ppc64.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el6.ppc64.rpm\n\ns390x:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el6.s390x.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el6.s390x.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.s390.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.s390x.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el6.s390x.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el6.s390x.rpm\n\nx86_64:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.i686.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\njava-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el6.i686.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el6.i686.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.i686.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el6.i686.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el6.i686.rpm\njava-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el6.i686.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el6.i686.rpm\n\nx86_64:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.i686.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\njava-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3389.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3516.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3521.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3544.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3545.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3546.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3547.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3548.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3549.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3550.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3551.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3552.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3553.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3554.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3556.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3557.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3560.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3561.html\nhttps://access.redhat.com/security/updates/classification/#critical\nhttp://www.ibm.com/developerworks/java/jdk/alerts/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFPFx2vXlSAg2UNWIIRAhTiAKC/De/npwAlSJPQ/Grh51Bmxq3M5ACgvw8T\nhoc/VGW50B8EPSdZ48jR034=\n=nw0v\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. In a typical operating environment, these are of low security risk as\nthe runtime is not used on untrusted applets. This combines the two previous\nopenjdk-6 advisories, DSA-2311-1 and DSA-2356-1. \n\nCVE-2011-0862\n\tInteger overflow errors in the JPEG and font parser allow\n\tuntrusted code (including applets) to elevate its privileges. \n\nCVE-2011-0864\n\tHotspot, the just-in-time compiler in OpenJDK, mishandled\n\tcertain byte code instructions, allowing untrusted code\n\t(including applets) to crash the virtual machine. \n\nCVE-2011-0865\n\tA race condition in signed object deserialization could\n\tallow untrusted code to modify signed content, apparently\n\tleaving its signature intact. \n\nCVE-2011-0867\n\tUntrusted code (including applets) could access information\n\tabout network interfaces which was not intended to be public. \n\t(Note that the interface MAC address is still available to\n\tuntrusted code.)\n\nCVE-2011-0868\n\tA float-to-long conversion could overflow, , allowing\n\tuntrusted code (including applets) to crash the virtual\n\tmachine. \n\nCVE-2011-0869\n\tUntrusted code (including applets) could intercept HTTP\n\trequests by reconfiguring proxy settings through a SOAP\n\tconnection. \n\nCVE-2011-0871\n\tUntrusted code (including applets) could elevate its\n\tprivileges through the Swing MediaTracker code. \n\nCVE-2011-3547\n\tThe skip() method in java.io.InputStream uses a shared buffer,\n\tallowing untrusted Java code (such as applets) to access data\n\tthat is skipped by other code. \n\nCVE-2011-3551\n\tThe Java2D C code contains an integer overflow which results\n\tin a heap-based buffer overflow, potentially allowing\n\tuntrusted Java code (such as applets) to elevate its\n\tprivileges. \n\nCVE-2011-3553\n\tJAX-WS enables stack traces for certain server responses by\n\tdefault, potentially leaking sensitive information. \n\nCVE-2011-3560\n\tThe com.sun.net.ssl.HttpsURLConnection class does not perform\n\tproper security manager checks in the setSSLSocketFactory()\n\tmethod, allowing untrusted Java code to bypass security policy\n\trestrictions. \n\nFor the oldstable distribution (lenny), these problems have been fixed\nin version 6b18-1.8.10-0~lenny1. ==========================================================================\nUbuntu Security Notice USN-1263-1\nNovember 16, 2011\n\nicedtea-web, openjdk-6, openjdk-6b18 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 11.10\n- Ubuntu 11.04\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n\nSummary:\n\nMultiple OpenJDK 6 and IcedTea-Web vulnerabilities have been fixed. \n\nSoftware Description:\n- icedtea-web: A web browser plugin to execute Java applets\n- openjdk-6: Open Source Java implementation\n- openjdk-6b18: Open Source Java implementation\n\nDetails:\n\nDeepak Bhole discovered a flaw in the Same Origin Policy (SOP)\nimplementation in the IcedTea web browser plugin. This could allow a\nremote attacker to open connections to certain hosts that should\nnot be permitted. (CVE-2011-3377)\n\nJuliano Rizzo and Thai Duong discovered that the block-wise AES\nencryption algorithm block-wise as used in TLS/SSL was vulnerable to\na chosen-plaintext attack. This could allow a remote attacker to view\nconfidential data. (CVE-2011-3389)\n\nIt was discovered that a type confusion flaw existed in the in\nthe Internet Inter-Orb Protocol (IIOP) deserialization code. A\nremote attacker could use this to cause an untrusted application\nor applet to execute arbitrary code by deserializing malicious\ninput. (CVE-2011-3521)\n\nIt was discovered that the Java scripting engine did not perform\nSecurityManager checks. This could allow a remote attacker to cause\nan untrusted application or applet to execute arbitrary code with\nthe full privileges of the JVM. (CVE-2011-3544)\n\nIt was discovered that the InputStream class used a global buffer to\nstore input bytes skipped. An attacker could possibly use this to gain\naccess to sensitive information. (CVE-2011-3547)\n\nIt was discovered that a vulnerability existed in the AWTKeyStroke\nclass. A remote attacker could cause an untrusted application or applet\nto execute arbitrary code. (CVE-2011-3548)\n\nIt was discovered that an integer overflow vulnerability existed\nin the TransformHelper class in the Java2D implementation. A remote\nattacker could use this cause a denial of service via an application\nor applet crash or possibly execute arbitrary code. (CVE-2011-3551)\n\nIt was discovered that the default number of available UDP sockets for\napplications running under SecurityManager restrictions was set too\nhigh. A remote attacker could use this with a malicious application or\napplet exhaust the number of available UDP sockets to cause a denial\nof service for other applets or applications running within the same\nJVM. (CVE-2011-3552)\n\nIt was discovered that Java API for XML Web Services (JAX-WS) could\nincorrectly expose a stack trace. A remote attacker could potentially\nuse this to gain access to sensitive information. (CVE-2011-3553)\n\nIt was discovered that the unpacker for pack200 JAR files did not\nsufficiently check for errors. An attacker could cause a denial of\nservice or possibly execute arbitrary code through a specially crafted\npack200 JAR file. (CVE-2011-3554)\n\nIt was discovered that the RMI registration implementation did not\nproperly restrict privileges of remotely executed code. A remote\nattacker could use this to execute code with elevated privileges. \n(CVE-2011-3556, CVE-2011-3557)\n\nIt was discovered that the HotSpot VM could be made to crash, allowing\nan attacker to cause a denial of service or possibly leak sensitive\ninformation. (CVE-2011-3558)\n\nIt was discovered that the HttpsURLConnection class did not\nproperly perform SecurityManager checks in certain situations. This\ncould allow a remote attacker to bypass restrictions on HTTPS\nconnections. (CVE-2011-3560)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 11.10:\n icedtea-6-jre-cacao 6b23~pre11-0ubuntu1.11.10\n icedtea-6-jre-jamvm 6b23~pre11-0ubuntu1.11.10\n icedtea-netx 1.1.3-1ubuntu1.1\n icedtea-plugin 1.1.3-1ubuntu1.1\n openjdk-6-jre 6b23~pre11-0ubuntu1.11.10\n openjdk-6-jre-headless 6b23~pre11-0ubuntu1.11.10\n openjdk-6-jre-lib 6b23~pre11-0ubuntu1.11.10\n openjdk-6-jre-zero 6b23~pre11-0ubuntu1.11.10\n\nUbuntu 11.04:\n icedtea-6-jre-cacao 6b22-1.10.4-0ubuntu1~11.04.1\n icedtea-6-jre-jamvm 6b22-1.10.4-0ubuntu1~11.04.1\n icedtea-netx 1.1.1-0ubuntu1~11.04.2\n icedtea-plugin 1.1.1-0ubuntu1~11.04.2\n openjdk-6-jre 6b22-1.10.4-0ubuntu1~11.04.1\n openjdk-6-jre-headless 6b22-1.10.4-0ubuntu1~11.04.1\n openjdk-6-jre-lib 6b22-1.10.4-0ubuntu1~11.04.1\n openjdk-6-jre-zero 6b22-1.10.4-0ubuntu1~11.04.1\n\nUbuntu 10.10:\n icedtea-6-jre-cacao 6b20-1.9.10-0ubuntu1~10.10.2\n openjdk-6-demo 6b20-1.9.10-0ubuntu1~10.10.2\n openjdk-6-jdk 6b20-1.9.10-0ubuntu1~10.10.2\n openjdk-6-jre 6b20-1.9.10-0ubuntu1~10.10.2\n openjdk-6-jre-headless 6b20-1.9.10-0ubuntu1~10.10.2\n openjdk-6-jre-lib 6b20-1.9.10-0ubuntu1~10.10.2\n openjdk-6-jre-zero 6b20-1.9.10-0ubuntu1~10.10.2\n\nUbuntu 10.04 LTS:\n icedtea-6-jre-cacao 6b20-1.9.10-0ubuntu1~10.04.2\n icedtea6-plugin 6b20-1.9.10-0ubuntu1~10.04.2\n openjdk-6-demo 6b20-1.9.10-0ubuntu1~10.04.2\n openjdk-6-jre 6b20-1.9.10-0ubuntu1~10.04.2\n openjdk-6-jre-headless 6b20-1.9.10-0ubuntu1~10.04.2\n openjdk-6-jre-lib 6b20-1.9.10-0ubuntu1~10.04.2\n openjdk-6-jre-zero 6b20-1.9.10-0ubuntu1~10.04.2\n\nAfter a standard system update you need to restart any Java applications\nor applets to make all the necessary changes. \n \n IcedTea6 prior to 1.10.4 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown vectors\n related to 2D (CVE-2011-3551). \n \n IcedTea6 prior to 1.10.4 allows remote attackers to affect integrity\n via unknown vectors related to Networking (CVE-2011-3552). \n \n A flaw was found in the way the SSL 3 and TLS 1.0 protocols used\n block ciphers in cipher-block chaining (CBC) mode. An attacker able\n to perform a chosen plain text attack against a connection mixing\n trusted and untrusted data could use this flaw to recover portions\n of the trusted data sent over the connection (CVE-2011-3389). \n \n Note: This update mitigates the CVE-2011-3389 issue by splitting\n the first application data record byte to a separate SSL/TLS\n protocol record. This mitigation may cause compatibility issues\n with some SSL/TLS implementations and can be disabled using the\n jsse.enableCBCProtection boolean property. This can be done on the\n command line by appending the flag -Djsse.enableCBCProtection=false\n to the java command. \n \n IcedTea6 prior to 1.10.4 allows remote attackers to affect\n confidentiality, integrity, and availability, related to RMI\n (CVE-2011-3556). \n \n IcedTea6 prior to 1.10.4 allows remote attackers to affect\n confidentiality, integrity, and availability, related to RMI\n (CVE-2011-3557). A\n malicious applet could use this flaw to bypass SOP protection and\n open connections to any sub-domain of the second-level domain of\n the applet\u0026#039;s origin, as well as any sub-domain of the domain that\n is the suffix of the origin second-level domain. For example,\n IcedTea-Web plugin allowed applet from some.host.example.com to\n connect to other.host.example.com, www.example.com, and example.com,\n as well as www.ample.com or ample.com. (CVE-2011-3377). The verification\n of md5 checksums and GPG signatures is performed automatically for you. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niD8DBQFOvSWxmqjQ0CJFipgRAnk1AKDUddZYCqwkfhoUpLxEL0BT3mDf0ACfbuTI\naaF2JGTyfceBABs92un/yVA=\n=yPsD\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n\nRelease Date: 2012-01-23\nLast Updated: 2012-01-23\n\n ------------------------------------------------------------------------------\n\nPotential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.12 or earlier\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2011-3516 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6\nCVE-2011-3521 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3544 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3545 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3546 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8\nCVE-2011-3547 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2011-3548 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3549 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3550 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6\nCVE-2011-3551 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\nCVE-2011-3552 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6\nCVE-2011-3553 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\nCVE-2011-3554 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3556 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2011-3557 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2011-3558 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2011-3560 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2011-3561 (AV:A/AC:H/Au:N/C:P/I:N/A:N) 1.8\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following Java version upgrades to resolve these vulnerabilities. This bulletin will be revised as other upgrades for additional supported Java versions become available. \nThe upgrades are available from the following location\n\nhttp://www.hp.com/go/java\n\nHP-UX B.11.11, B.11.23, B.11.31\n JDK and JRE v6.0.13 or subsequent\n\nMANUAL ACTIONS: Yes - Update\nFor Java v6.0.12 and earlier, update to Java v6.0.13 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\nHP-UX B.11.23\nHP-UX B.11.31\n===========\nJre60.JRE60-COM\nJre60.JRE60-IPF32\nJre60.JRE60-IPF32-HS\nJre60.JRE60-IPF64\nJre60.JRE60-IPF64-HS\nJre60.JRE60-PA20\nJre60.JRE60-PA20-HS\nJre60.JRE60-PA20W\nJre60.JRE60-PA20W-HS\nJdk60.JDK60-COM\nJdk60.JDK60-IPF32\nJdk60.JDK60-IPF64\nJdk60.JDK60-PA20\nJdk60.JDK60-PA20W\naction: install revision 1.6.0.13.00 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) 23 January 2012 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in the title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners", "sources": [ { "db": "NVD", "id": "CVE-2011-3553" }, { "db": "JVNDB", "id": "JVNDB-2011-002587" }, { "db": "BID", "id": "50246" }, { "db": "VULMON", "id": "CVE-2011-3553" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "108800" }, { "db": "PACKETSTORM", "id": "123734" }, { "db": "PACKETSTORM", "id": "107532" }, { "db": "PACKETSTORM", "id": "107051" }, { "db": "PACKETSTORM", "id": "106868" }, { "db": "PACKETSTORM", "id": "109072" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-3553", "trust": 2.9 }, { "db": "BID", "id": "50246", "trust": 1.4 }, { "db": "SECUNIA", "id": "48308", "trust": 1.1 }, { "db": "OSVDB", "id": "76512", "trust": 1.1 }, { "db": "SECTRACK", "id": "1026215", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2011-002587", "trust": 0.8 }, { "db": "HITACHI", "id": "HS11-024", "trust": 0.4 }, { "db": "ICS CERT", "id": "ICSA-17-213-02", "trust": 0.3 }, { "db": "SECUNIA", "id": "46694", "trust": 0.2 }, { "db": "VULMON", "id": "CVE-2011-3553", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106640", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106747", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "108800", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "123734", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "107532", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "107051", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106868", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "109072", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3553" }, { "db": "BID", "id": "50246" }, { "db": "JVNDB", "id": "JVNDB-2011-002587" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "108800" }, { "db": "PACKETSTORM", "id": "123734" }, { "db": "PACKETSTORM", "id": "107532" }, { "db": "PACKETSTORM", "id": "107051" }, { "db": "PACKETSTORM", "id": "106868" }, { "db": "PACKETSTORM", "id": "109072" }, { "db": "NVD", "id": "CVE-2011-3553" } ] }, "id": "VAR-201110-0384", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 1.0 }, "last_update_date": "2024-09-19T20:11:38.120000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "HT5045", "trust": 0.8, "url": "http://support.apple.com/kb/HT5045" }, { "title": "HS11-024", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-024/index.html" }, { "title": "Oracle Java SE Critical Patch Update Advisory - October 2011", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" }, { "title": "RHSA-2013:1455", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2013-1455.html" }, { "title": "RHSA-2011:1384", "trust": 0.8, "url": "http://rhn.redhat.com/errata/RHSA-2011-1384.html" }, { "title": "October 2011 Critical Patch Updates Released", "trust": 0.8, "url": "http://blogs.oracle.com/security/entry/october_2011_critical_patch_updates" }, { "title": "VMSA-2012-0003", "trust": 0.8, "url": "http://www.vmware.com/jp/support/support-resources/advisories/VMSA-2012-0003.html" }, { "title": "HS11-024", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-024/index.html" }, { "title": "Red Hat: Critical: java-1.6.0-ibm security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120034 - Security Advisory" }, { "title": "Ubuntu Security Notice: openjdk-6, openjdk-6b18 regression", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1263-2" }, { "title": "Ubuntu Security Notice: icedtea-web, openjdk-6, openjdk-6b18 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1263-1" }, { "title": "Debian Security Advisories: DSA-2356-1 openjdk-6 -- several vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a48d7ee302b835c97c950b74a371fcfe" }, { "title": "Amazon Linux AMI: ALAS-2011-010", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2011-010" }, { "title": "Red Hat: Low: Red Hat Network Satellite server IBM Java Runtime security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20131455 - Security Advisory" } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3553" }, { "db": "JVNDB", "id": "JVNDB-2011-002587" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2011-3553" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "http://www.ibm.com/developerworks/java/jdk/alerts/" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" }, { "trust": 1.2, "url": "http://www.securityfocus.com/bid/50246" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2013-1455.html" }, { "trust": 1.2, "url": "http://www.ubuntu.com/usn/usn-1263-1" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2011-1384.html" }, { "trust": 1.1, "url": "http://osvdb.org/76512" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id?1026215" }, { "trust": 1.1, "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2" }, { "trust": 1.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70840" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14311" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2" }, { "trust": 1.1, "url": "http://secunia.com/advisories/48308" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3553" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3553" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3521" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3553" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3560" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3554" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3552" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3544" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3389" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3556" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3557" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3548" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3551" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3547" }, { "trust": 0.4, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs11-024/index.html" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-213-02" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100151219" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100150852" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100154049" }, { "trust": 0.3, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03358587" }, { "trust": 0.3, "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?docid=emr_na-c03909126-1\u0026ac.admitted=1378134276525.876444892.492883150" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643845" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21641966" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21609004" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21609022" }, { "trust": 0.3, "url": "http://lists.vmware.com/pipermail/security-announce/2012/000162.html" }, { "trust": 0.3, "url": "http://www.vmware.com/security/advisories/vmsa-2012-0005.html" }, { "trust": 0.3, "url": "http://www.xerox.com/download/security/security-bulletin/1284333-14afb-4baadb5bccb00/cert_xrx12-002_v1.1.pdf" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3550" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3549" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3546" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3545" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3516" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3561" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3558" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3560.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3547.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3548.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3557.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3554.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3553.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3556.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3549.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3551.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3546.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3516.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3545.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3389.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3561.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3550.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3544.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3521.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3552.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.2, "url": "http://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0862" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0867" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0869" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0865" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0871" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0868" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3377" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2012:0034" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/1263-2/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4474" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3565" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0814" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3563" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3570" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0864" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3553" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4451" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3516" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3557" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3550" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0865" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4471" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3550" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3557" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3562" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3567" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3556" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3550" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4447" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4476" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3549" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3554" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3563" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0862" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4466" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3568" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4467" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3567" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4465" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4472" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3556" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0863" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3568" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3548" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3558" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3566" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3549" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3562" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3556" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3573" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3552" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4462" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4469" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4448" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3521" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3546" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3569" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3559" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0871" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0815" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3561" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3554" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4475" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3569" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3559" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3573" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3549" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3565" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0872" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3552" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3554" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3552" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4470" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4422" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3553" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0867" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4468" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3551" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4463" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3544" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3570" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3545" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3547" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0869" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3566" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4452" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0802" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3551" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4422" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3553" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4473" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3558" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201111-02.xml" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0873" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0868" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4454" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3389" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3551" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3557" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46694/#comments" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/products/corporate/vim/ovum_2011_request/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46694" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46694/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "https://access.redhat.com/kb/docs/doc-11259" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2012-0034.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2468.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0873.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1540.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1476.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2463.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2446.html" }, { "trust": 0.1, "url": "https://access.redhat.com/site/articles/11258" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1500.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0428.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1480.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2419.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3563.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0401.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2444.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0425.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2454.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5089.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1722.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5079.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0497.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0500.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0419.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2422.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1721.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5081.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0409.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5071.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0863.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0423.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1532.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3216.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5069.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0499.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0867.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5084.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0443.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0507.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2451.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0809.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1487.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0351.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0814.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-4820.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0503.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0427.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0433.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1493.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1569.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5073.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-4823.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2435.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2456.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-3743.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#low" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2407.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0871.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2470.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5068.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1541.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0868.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-4822.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0873" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3159.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1557.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5075.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2471.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2429.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2443.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1713.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3213.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0441.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2457.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2412.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5072.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1718.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0432.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0446.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1481.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1537.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1717.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1531.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2432.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2447.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0802.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2452.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0865.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0450.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1491.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2464.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0862.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1571.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2383.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2418.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1473.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0547.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1563.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2465.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2472.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2466.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2424.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2453.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2473.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2433.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2437.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1716.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0506.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5083.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0501.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1533.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3342.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0426.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2450.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3143.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0440.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1725.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0502.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2417.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0445.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2394.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2455.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0498.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1682.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2442.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2459.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2430.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0442.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0551.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0424.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0869.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2448.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0863" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1719.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1486.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-5035.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2384.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0169.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0505.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2469.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0438.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1478.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0435.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0434.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0802" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0814" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2420.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2440.html" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0864" }, { "trust": 0.1, "url": "http://www.debian.org/security/" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6b18/6b18-1.8.10-0ubuntu1~10.10.2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b20-1.9.10-0ubuntu1~10.04.2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/icedtea-web/1.1.1-0ubuntu1~11.04.2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b23~pre11-0ubuntu1.11.10" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6b18/6b18-1.8.10-0ubuntu1~11.04.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b22-1.10.4-0ubuntu1~11.04.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6b18/6b18-1.8.10-0ubuntu1~10.04.2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b20-1.9.10-0ubuntu1~10.10.2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/icedtea-web/1.1.3-1ubuntu1.1" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3377" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3556" }, { "trust": 0.1, "url": "http://secunia.com/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3552" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3558" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3560" }, { "trust": 0.1, "url": "https://www.ample.com" }, { "trust": 0.1, "url": "https://www.example.com," }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3389" }, { "trust": 0.1, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3557" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3554" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/advisories" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3551" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3544" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3521" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3548" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3547" }, { "trust": 0.1, "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.1, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.1, "url": "http://www.hp.com/go/java" }, { "trust": 0.1, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430" }, { "trust": 0.1, "url": "https://www.hp.com/go/swa" } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3553" }, { "db": "BID", "id": "50246" }, { "db": "JVNDB", "id": "JVNDB-2011-002587" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "108800" }, { "db": "PACKETSTORM", "id": "123734" }, { "db": "PACKETSTORM", "id": "107532" }, { "db": "PACKETSTORM", "id": "107051" }, { "db": "PACKETSTORM", "id": "106868" }, { "db": "PACKETSTORM", "id": "109072" }, { "db": "NVD", "id": "CVE-2011-3553" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2011-3553" }, { "db": "BID", "id": "50246" }, { "db": "JVNDB", "id": "JVNDB-2011-002587" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "108800" }, { "db": "PACKETSTORM", "id": "123734" }, { "db": "PACKETSTORM", "id": "107532" }, { "db": "PACKETSTORM", "id": "107051" }, { "db": "PACKETSTORM", "id": "106868" }, { "db": "PACKETSTORM", "id": "109072" }, { "db": "NVD", "id": "CVE-2011-3553" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-10-19T00:00:00", "db": "VULMON", "id": "CVE-2011-3553" }, { "date": "2011-10-18T00:00:00", "db": "BID", "id": "50246" }, { "date": "2011-10-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-002587" }, { "date": "2011-11-06T01:01:42", "db": "PACKETSTORM", "id": "106640" }, { "date": "2011-11-08T04:55:18", "db": "PACKETSTORM", "id": "106747" }, { "date": "2012-01-18T23:25:42", "db": "PACKETSTORM", "id": "108800" }, { "date": "2013-10-23T22:57:57", "db": "PACKETSTORM", "id": "123734" }, { "date": "2011-12-05T14:44:00", "db": "PACKETSTORM", "id": "107532" }, { "date": "2011-11-17T02:34:27", "db": "PACKETSTORM", "id": "107051" }, { "date": "2011-11-12T00:06:50", "db": "PACKETSTORM", "id": "106868" }, { "date": "2012-01-25T16:35:02", "db": "PACKETSTORM", "id": "109072" }, { "date": "2011-10-19T21:55:01.470000", "db": "NVD", "id": "CVE-2011-3553" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-01-06T00:00:00", "db": "VULMON", "id": "CVE-2011-3553" }, { "date": "2017-08-02T18:09:00", "db": "BID", "id": "50246" }, { "date": "2015-08-11T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-002587" }, { "date": "2018-01-06T02:29:20.487000", "db": "NVD", "id": "CVE-2011-3553" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "network", "sources": [ { "db": "BID", "id": "50246" } ], "trust": 0.3 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Oracle Java SE of Java Runtime Environment (JRE) Component vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-002587" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unknown", "sources": [ { "db": "BID", "id": "50246" } ], "trust": 0.3 } }
var-201110-0347
Vulnerability from variot
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Oracle Java SE is prone to a remote vulnerability in Java Runtime Environment. The vulnerability can be exploited over multiple protocols. This issue affects the 'Deployment' sub-component. This vulnerability affects the following supported versions: 6 Update 27. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201111-02
http://security.gentoo.org/
Severity: Normal Title: Oracle JRE/JDK: Multiple vulnerabilities Date: November 05, 2011 Bugs: #340421, #354213, #370559, #387851 ID: 201111-02
Synopsis
Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/sun-jre-bin < 1.6.0.29 >= 1.6.0.29 * 2 app-emulation/emul-linux-x86-java < 1.6.0.29 >= 1.6.0.29 * 3 dev-java/sun-jdk < 1.6.0.29 >= 1.6.0.29 * ------------------------------------------------------------------- NOTE: Packages marked with asterisks require manual intervention! ------------------------------------------------------------------- 3 affected packages -------------------------------------------------------------------
Description
Multiple vulnerabilities have been reported in the Oracle Java implementation.
Impact
A remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code.
Workaround
There is no known workaround at this time.
Resolution
All Oracle JDK 1.6 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.6.0.29"
All Oracle JRE 1.6 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.6.0.29"
All users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to the latest version:
# emerge --sync # emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.6.0.29"
NOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically. This limitation is not present on a non-fetch restricted implementation such as dev-java/icedtea-bin.
References
[ 1 ] CVE-2010-3541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541 [ 2 ] CVE-2010-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548 [ 3 ] CVE-2010-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549 [ 4 ] CVE-2010-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550 [ 5 ] CVE-2010-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551 [ 6 ] CVE-2010-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552 [ 7 ] CVE-2010-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553 [ 8 ] CVE-2010-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554 [ 9 ] CVE-2010-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555 [ 10 ] CVE-2010-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556 [ 11 ] CVE-2010-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557 [ 12 ] CVE-2010-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558 [ 13 ] CVE-2010-3559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559 [ 14 ] CVE-2010-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560 [ 15 ] CVE-2010-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561 [ 16 ] CVE-2010-3562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562 [ 17 ] CVE-2010-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563 [ 18 ] CVE-2010-3565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565 [ 19 ] CVE-2010-3566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566 [ 20 ] CVE-2010-3567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567 [ 21 ] CVE-2010-3568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568 [ 22 ] CVE-2010-3569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569 [ 23 ] CVE-2010-3570 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570 [ 24 ] CVE-2010-3571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571 [ 25 ] CVE-2010-3572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572 [ 26 ] CVE-2010-3573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573 [ 27 ] CVE-2010-3574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574 [ 28 ] CVE-2010-4422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422 [ 29 ] CVE-2010-4447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447 [ 30 ] CVE-2010-4448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448 [ 31 ] CVE-2010-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450 [ 32 ] CVE-2010-4451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451 [ 33 ] CVE-2010-4452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452 [ 34 ] CVE-2010-4454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454 [ 35 ] CVE-2010-4462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462 [ 36 ] CVE-2010-4463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463 [ 37 ] CVE-2010-4465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465 [ 38 ] CVE-2010-4466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466 [ 39 ] CVE-2010-4467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467 [ 40 ] CVE-2010-4468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468 [ 41 ] CVE-2010-4469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469 [ 42 ] CVE-2010-4470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470 [ 43 ] CVE-2010-4471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471 [ 44 ] CVE-2010-4472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472 [ 45 ] CVE-2010-4473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473 [ 46 ] CVE-2010-4474 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474 [ 47 ] CVE-2010-4475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475 [ 48 ] CVE-2010-4476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476 [ 49 ] CVE-2011-0802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802 [ 50 ] CVE-2011-0814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814 [ 51 ] CVE-2011-0815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815 [ 52 ] CVE-2011-0862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862 [ 53 ] CVE-2011-0863 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863 [ 54 ] CVE-2011-0864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864 [ 55 ] CVE-2011-0865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865 [ 56 ] CVE-2011-0867 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867 [ 57 ] CVE-2011-0868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868 [ 58 ] CVE-2011-0869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869 [ 59 ] CVE-2011-0871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871 [ 60 ] CVE-2011-0872 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872 [ 61 ] CVE-2011-0873 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873 [ 62 ] CVE-2011-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389 [ 63 ] CVE-2011-3516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516 [ 64 ] CVE-2011-3521 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521 [ 65 ] CVE-2011-3544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544 [ 66 ] CVE-2011-3545 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545 [ 67 ] CVE-2011-3546 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546 [ 68 ] CVE-2011-3547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547 [ 69 ] CVE-2011-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548 [ 70 ] CVE-2011-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549 [ 71 ] CVE-2011-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550 [ 72 ] CVE-2011-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551 [ 73 ] CVE-2011-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552 [ 74 ] CVE-2011-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553 [ 75 ] CVE-2011-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554 [ 76 ] CVE-2011-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555 [ 77 ] CVE-2011-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556 [ 78 ] CVE-2011-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557 [ 79 ] CVE-2011-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558 [ 80 ] CVE-2011-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560 [ 81 ] CVE-2011-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201111-02.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Xerox FreeFlow Print Server Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA48308
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48308/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48308
RELEASE DATE: 2012-03-14
DISCUSS ADVISORY: http://secunia.com/advisories/48308/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/48308/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48308
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Xerox has acknowledged multiple vulnerabilities in Xerox FreeFlow Print Server, which can be exploited by malicious, local users to gain escalated privileges, bypass certain security restrictions, and cause a DoS (Denial of Service), by malicious users to disclose certain information, and by malicious people to conduct cross-site scripting attacks, hijack a user's session, disclose potentially sensitive information, bypass certain security restrictions, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a user's system.
SOLUTION: Apply updates. Please see the vendor's advisory for more details.
ORIGINAL ADVISORY: http://www.xerox.com/download/security/security-bulletin/1284333-14afb-4baadb5bccb00/cert_XRX12-002_v1.1.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: java-1.6.0-sun security update Advisory ID: RHSA-2011:1384-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1384.html Issue date: 2011-10-19 CVE Names: CVE-2011-3389 CVE-2011-3516 CVE-2011-3521 CVE-2011-3544 CVE-2011-3545 CVE-2011-3546 CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 CVE-2011-3550 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3555 CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 CVE-2011-3560 CVE-2011-3561 =====================================================================
- Summary:
Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
- Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section. (CVE-2011-3389, CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3555, CVE-2011-3556, CVE-2011-3557, CVE-2011-3558, CVE-2011-3560, CVE-2011-3561)
All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide JDK and JRE 6 Update 29 and resolve these issues. All running instances of Sun Java must be restarted for the update to take effect.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
- Bugs fixed (http://bugzilla.redhat.com/):
737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) 745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936) 745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600) 745391 - CVE-2011-3551 OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640) 745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417) 745399 - CVE-2011-3544 OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823) 745442 - CVE-2011-3521 OpenJDK: IIOP deserialization code execution (Deserialization, 7055902) 745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857) 745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466) 745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012) 745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773) 745476 - CVE-2011-3553 OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794) 745492 - CVE-2011-3558 OpenJDK: Hotspot unspecified issue (Hotspot, 7070134) 747191 - CVE-2011-3545 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Sound) 747198 - CVE-2011-3549 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Swing) 747200 - CVE-2011-3550 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (AWT) 747203 - CVE-2011-3516 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment) 747205 - CVE-2011-3546 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment) 747206 - CVE-2011-3555 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (JRE) 747208 - CVE-2011-3561 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)
- Package List:
Red Hat Enterprise Linux AS version 4 Extras:
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm
Red Hat Desktop version 4 Extras:
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm
Red Hat Enterprise Linux ES version 4 Extras:
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm
Red Hat Enterprise Linux WS version 4 Extras:
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.x86_64.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node Supplementary (v. 6):
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-3389.html https://www.redhat.com/security/data/cve/CVE-2011-3516.html https://www.redhat.com/security/data/cve/CVE-2011-3521.html https://www.redhat.com/security/data/cve/CVE-2011-3544.html https://www.redhat.com/security/data/cve/CVE-2011-3545.html https://www.redhat.com/security/data/cve/CVE-2011-3546.html https://www.redhat.com/security/data/cve/CVE-2011-3547.html https://www.redhat.com/security/data/cve/CVE-2011-3548.html https://www.redhat.com/security/data/cve/CVE-2011-3549.html https://www.redhat.com/security/data/cve/CVE-2011-3550.html https://www.redhat.com/security/data/cve/CVE-2011-3551.html https://www.redhat.com/security/data/cve/CVE-2011-3552.html https://www.redhat.com/security/data/cve/CVE-2011-3553.html https://www.redhat.com/security/data/cve/CVE-2011-3554.html https://www.redhat.com/security/data/cve/CVE-2011-3555.html https://www.redhat.com/security/data/cve/CVE-2011-3556.html https://www.redhat.com/security/data/cve/CVE-2011-3557.html https://www.redhat.com/security/data/cve/CVE-2011-3558.html https://www.redhat.com/security/data/cve/CVE-2011-3560.html https://www.redhat.com/security/data/cve/CVE-2011-3561.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFOnw+BXlSAg2UNWIIRArM2AJwNT0vxdrXLgkZjOCwP8LkDemBYzQCbBrE3 0MJzQCB587rTzSRSo+gGytc= =809z -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.12 or earlier
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-3516 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2011-3521 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3544 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3545 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3546 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8 CVE-2011-3547 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3548 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3549 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3550 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2011-3551 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2011-3552 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2011-3553 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2011-3554 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3556 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-3557 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2011-3558 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3560 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2011-3561 (AV:A/AC:H/Au:N/C:P/I:N/A:N) 1.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following Java version upgrades to resolve these vulnerabilities. This bulletin will be revised as other upgrades for additional supported Java versions become available. The upgrades are available from the following location
http://www.hp.com/go/java
HP-UX B.11.11, B.11.23, B.11.31 JDK and JRE v6.0.13 or subsequent
MANUAL ACTIONS: Yes - Update For Java v6.0.12 and earlier, update to Java v6.0.13 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 =========== Jre60.JRE60-COM Jre60.JRE60-IPF32 Jre60.JRE60-IPF32-HS Jre60.JRE60-IPF64 Jre60.JRE60-IPF64-HS Jre60.JRE60-PA20 Jre60.JRE60-PA20-HS Jre60.JRE60-PA20W Jre60.JRE60-PA20W-HS Jdk60.JDK60-COM Jdk60.JDK60-IPF32 Jdk60.JDK60-IPF64 Jdk60.JDK60-PA20 Jdk60.JDK60-PA20W action: install revision 1.6.0.13.00 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) 23 January 2012 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201110-0347", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jre", "scope": "eq", "trust": 1.6, "vendor": "sun", "version": "1.6.0" }, { "model": "esx", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "3.5" }, { "model": "esx", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "4.0" }, { "model": "esx", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "4.1" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jdk", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jre", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jre 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 28", "scope": "ne", "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 27", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 27", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 12", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 01", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 28", "scope": "ne", "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 26", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 26", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 24", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 11", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 24", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "vcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "4.0 (windows)" }, { "model": "vcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "4.1 (windows)" }, { "model": "vcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "5.0 (windows)" }, { "model": "virtualcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "2.5 (windows)" }, { "model": "jdk", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "6 update 27" }, { "model": "jre", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "6 update 27" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 extras" }, { "model": "enterprise linux hpc node supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux server supplementary eus", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6.1.z" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "jdk 01-b06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 2", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 01", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 20", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "java se sr8 fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8" }, { "model": "linux enterprise sdk sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "trio tview software", "scope": "eq", "trust": 0.3, "vendor": "schneider electric", "version": "3.27.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.1" }, { "model": "nonstop server h06.16.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.19.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "enterprise linux as extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "jdk 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6" }, { "model": "nonstop server j06.08.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.15.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "trio tview software", "scope": "ne", "trust": 0.3, "vendor": "schneider electric", "version": "3.29.0" }, { "model": "nonstop server j06.06.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "15.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1" }, { "model": "nonstop server j06.14", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.8" }, { "model": "nonstop server j06.09.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.26", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.04.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system platform sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server j06.13", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "linux enterprise server sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "nonstop server j06.09.04", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.2" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0.0.52" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "nonstop server h06.18.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.15.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.22.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "nonstop server j06.12.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ir", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server j06.05.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.08.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.09.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "nonstop server j06.16", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "java se sr6", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "nonstop server j6.0.14.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "freeflow print server 73.c0.41", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.2" }, { "model": "enterprise linux desktop supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0" }, { "model": "nonstop server j06.07.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.09.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "nonstop server j06.10.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "nonstop server j06.06.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "nonstop server h06.24.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.0" }, { "model": "nonstop server h06.25", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "messaging storage server sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.0.2" }, { "model": "nonstop server h06.15.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "freeflow print server 73.b3.61", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "linux enterprise software development kit sp1 for sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "virtualcenter update 6b", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "2.5" }, { "model": "security appscan standard", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "enterprise linux ws extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "java se sr9", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.07.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "enterprise linux es extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "message networking sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux enterprise server for vmware sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "nonstop server j06.08.04", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "nonstop server j06.08.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura system manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "messaging storage server sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "nonstop server h06.15.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.24", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "java se sr10", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "nonstop server h06.16.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.18.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.20.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "nonstop server j06.13.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "nonstop server h06.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "nonstop server h06.19.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "java se sr7", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "openpages grc platform", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.2.1" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "nonstop server h06.22.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "nonstop server h06.19.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "linux enterprise server sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.1" }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "interactive response", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.1" }, { "model": "nonstop server j06.11.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr9-fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0" }, { "model": "nonstop server j06.15", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "messaging application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "update manager update", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "5.01" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server h06.21.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "virtualcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "nonstop server h06.20.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0" }, { "model": "messaging storage server sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "nonstop server j06.05.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.07.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cms server aux", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "15.0" }, { "model": "nonstop server h06.21.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server h06.19.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux enterprise java sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.2" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "nonstop server j06.11.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "nonstop server h06.26.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "linux enterprise server sp1 for sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "desktop extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "nonstop server j06.04.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "nonstop server j06.04.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.06.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "nonstop server h06.21.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.06.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.17.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "network node manager i", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.1" }, { "model": "update manager", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura system platform sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "jdk 1.6.0 01-b06", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "nonstop server h06.20.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "nonstop server j06.10.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server h06.17.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "enterprise linux hpc node supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "nonstop server h06.16.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.4" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.2" }, { "model": "nonstop server j06.05.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux enterprise java sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "nonstop server h06.20.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5" }, { "model": "nonstop server j06.09.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0.1" }, { "model": "nonstop server h06.17.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.08.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura conferencing standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server j06.10.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "nonstop server h06.25.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.18.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.27", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.17.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.14.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null } ], "sources": [ { "db": "BID", "id": "50229" }, { "db": "JVNDB", "id": "JVNDB-2011-002576" }, { "db": "CNNVD", "id": "CNNVD-201110-482" }, { "db": "NVD", "id": "CVE-2011-3516" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:vmware:esx", "vulnerable": true }, { "cpe22Uri": "cpe:/a:vmware:vcenter", "vulnerable": true }, { "cpe22Uri": "cpe:/a:vmware:virtualcenter", "vulnerable": true }, { "cpe22Uri": "cpe:/a:sun:jdk", "vulnerable": true }, { "cpe22Uri": "cpe:/a:sun:jre", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:enterprise_linux", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:enterprise_linux_hpc_node_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_server_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_server_supplementary_eus", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_workstation_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_desktop_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_supplementary", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-002576" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Oracle", "sources": [ { "db": "BID", "id": "50229" }, { "db": "CNNVD", "id": "CNNVD-201110-482" } ], "trust": 0.9 }, "cve": "CVE-2011-3516", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 4.9, "id": "CVE-2011-3516", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2011-3516", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2011-3516", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-201110-482", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-002576" }, { "db": "CNNVD", "id": "CNNVD-201110-482" }, { "db": "NVD", "id": "CVE-2011-3516" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Oracle Java SE is prone to a remote vulnerability in Java Runtime Environment. \nThe vulnerability can be exploited over multiple protocols. This issue affects the \u0027Deployment\u0027 sub-component. \nThis vulnerability affects the following supported versions:\n6 Update 27. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201111-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Oracle JRE/JDK: Multiple vulnerabilities\n Date: November 05, 2011\n Bugs: #340421, #354213, #370559, #387851\n ID: 201111-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in the Oracle JRE/JDK,\nallowing attackers to cause unspecified impact. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-java/sun-jre-bin \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n 2 app-emulation/emul-linux-x86-java\n \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n 3 dev-java/sun-jdk \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n -------------------------------------------------------------------\n NOTE: Packages marked with asterisks require manual intervention!\n -------------------------------------------------------------------\n 3 affected packages\n -------------------------------------------------------------------\n\nDescription\n===========\n\nMultiple vulnerabilities have been reported in the Oracle Java\nimplementation. \n\nImpact\n======\n\nA remote attacker could exploit these vulnerabilities to cause\nunspecified impact, possibly including remote execution of arbitrary\ncode. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Oracle JDK 1.6 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-java/sun-jdk-1.6.0.29\"\n\nAll Oracle JRE 1.6 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-java/sun-jre-bin-1.6.0.29\"\n\nAll users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to\nthe latest version:\n\n # emerge --sync\n # emerge -a -1 -v \"\u003e=app-emulation/emul-linux-x86-java-1.6.0.29\"\n\nNOTE: As Oracle has revoked the DLJ license for its Java\nimplementation, the packages can no longer be updated automatically. \nThis limitation is not present on a non-fetch restricted implementation\nsuch as dev-java/icedtea-bin. \n\nReferences\n==========\n\n[ 1 ] CVE-2010-3541\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541\n[ 2 ] CVE-2010-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548\n[ 3 ] CVE-2010-3549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549\n[ 4 ] CVE-2010-3550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550\n[ 5 ] CVE-2010-3551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551\n[ 6 ] CVE-2010-3552\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552\n[ 7 ] CVE-2010-3553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553\n[ 8 ] CVE-2010-3554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554\n[ 9 ] CVE-2010-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555\n[ 10 ] CVE-2010-3556\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556\n[ 11 ] CVE-2010-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557\n[ 12 ] CVE-2010-3558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558\n[ 13 ] CVE-2010-3559\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559\n[ 14 ] CVE-2010-3560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560\n[ 15 ] CVE-2010-3561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561\n[ 16 ] CVE-2010-3562\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562\n[ 17 ] CVE-2010-3563\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563\n[ 18 ] CVE-2010-3565\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565\n[ 19 ] CVE-2010-3566\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566\n[ 20 ] CVE-2010-3567\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567\n[ 21 ] CVE-2010-3568\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568\n[ 22 ] CVE-2010-3569\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569\n[ 23 ] CVE-2010-3570\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570\n[ 24 ] CVE-2010-3571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571\n[ 25 ] CVE-2010-3572\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572\n[ 26 ] CVE-2010-3573\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573\n[ 27 ] CVE-2010-3574\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574\n[ 28 ] CVE-2010-4422\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422\n[ 29 ] CVE-2010-4447\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447\n[ 30 ] CVE-2010-4448\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448\n[ 31 ] CVE-2010-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450\n[ 32 ] CVE-2010-4451\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451\n[ 33 ] CVE-2010-4452\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452\n[ 34 ] CVE-2010-4454\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454\n[ 35 ] CVE-2010-4462\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462\n[ 36 ] CVE-2010-4463\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463\n[ 37 ] CVE-2010-4465\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465\n[ 38 ] CVE-2010-4466\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466\n[ 39 ] CVE-2010-4467\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467\n[ 40 ] CVE-2010-4468\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468\n[ 41 ] CVE-2010-4469\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469\n[ 42 ] CVE-2010-4470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470\n[ 43 ] CVE-2010-4471\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471\n[ 44 ] CVE-2010-4472\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472\n[ 45 ] CVE-2010-4473\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473\n[ 46 ] CVE-2010-4474\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474\n[ 47 ] CVE-2010-4475\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475\n[ 48 ] CVE-2010-4476\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476\n[ 49 ] CVE-2011-0802\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802\n[ 50 ] CVE-2011-0814\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814\n[ 51 ] CVE-2011-0815\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815\n[ 52 ] CVE-2011-0862\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862\n[ 53 ] CVE-2011-0863\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863\n[ 54 ] CVE-2011-0864\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864\n[ 55 ] CVE-2011-0865\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865\n[ 56 ] CVE-2011-0867\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867\n[ 57 ] CVE-2011-0868\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868\n[ 58 ] CVE-2011-0869\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869\n[ 59 ] CVE-2011-0871\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871\n[ 60 ] CVE-2011-0872\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872\n[ 61 ] CVE-2011-0873\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873\n[ 62 ] CVE-2011-3389\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389\n[ 63 ] CVE-2011-3516\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516\n[ 64 ] CVE-2011-3521\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521\n[ 65 ] CVE-2011-3544\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544\n[ 66 ] CVE-2011-3545\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545\n[ 67 ] CVE-2011-3546\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546\n[ 68 ] CVE-2011-3547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547\n[ 69 ] CVE-2011-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548\n[ 70 ] CVE-2011-3549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549\n[ 71 ] CVE-2011-3550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550\n[ 72 ] CVE-2011-3551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551\n[ 73 ] CVE-2011-3552\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552\n[ 74 ] CVE-2011-3553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553\n[ 75 ] CVE-2011-3554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554\n[ 76 ] CVE-2011-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555\n[ 77 ] CVE-2011-3556\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556\n[ 78 ] CVE-2011-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557\n[ 79 ] CVE-2011-3558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558\n[ 80 ] CVE-2011-3560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560\n[ 81 ] CVE-2011-3561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201111-02.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. In a typical operating environment, these are of low security risk as\nthe runtime is not used on untrusted applets. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nXerox FreeFlow Print Server Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA48308\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/48308/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48308\n\nRELEASE DATE:\n2012-03-14\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/48308/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/48308/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48308\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nXerox has acknowledged multiple vulnerabilities in Xerox FreeFlow\nPrint Server, which can be exploited by malicious, local users to\ngain escalated privileges, bypass certain security restrictions, and\ncause a DoS (Denial of Service), by malicious users to disclose\ncertain information, and by malicious people to conduct cross-site\nscripting attacks, hijack a user\u0027s session, disclose potentially\nsensitive information, bypass certain security restrictions, conduct\nDNS cache poisoning attacks, manipulate certain data, cause a DoS\n(Denial of Service), and compromise a user\u0027s system. \n\nSOLUTION:\nApply updates. Please see the vendor\u0027s advisory for more details. \n\nORIGINAL ADVISORY:\nhttp://www.xerox.com/download/security/security-bulletin/1284333-14afb-4baadb5bccb00/cert_XRX12-002_v1.1.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: java-1.6.0-sun security update\nAdvisory ID: RHSA-2011:1384-01\nProduct: Red Hat Enterprise Linux Extras\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2011-1384.html\nIssue date: 2011-10-19\nCVE Names: CVE-2011-3389 CVE-2011-3516 CVE-2011-3521 \n CVE-2011-3544 CVE-2011-3545 CVE-2011-3546 \n CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 \n CVE-2011-3550 CVE-2011-3551 CVE-2011-3552 \n CVE-2011-3553 CVE-2011-3554 CVE-2011-3555 \n CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 \n CVE-2011-3560 CVE-2011-3561 \n=====================================================================\n\n1. Summary:\n\nUpdated java-1.6.0-sun packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise\nLinux 5 and 6 Supplementary. \n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Desktop version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux AS version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux ES version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux WS version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. Further\ninformation about these flaws can be found on the Oracle Java SE Critical\nPatch page, listed in the References section. (CVE-2011-3389,\nCVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546,\nCVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551,\nCVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3555, CVE-2011-3556,\nCVE-2011-3557, CVE-2011-3558, CVE-2011-3560, CVE-2011-3561)\n\nAll users of java-1.6.0-sun are advised to upgrade to these updated\npackages, which provide JDK and JRE 6 Update 29 and resolve these issues. \nAll running instances of Sun Java must be restarted for the update to take\neffect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)\n745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936)\n745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600)\n745391 - CVE-2011-3551 OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640)\n745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417)\n745399 - CVE-2011-3544 OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823)\n745442 - CVE-2011-3521 OpenJDK: IIOP deserialization code execution (Deserialization, 7055902)\n745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857)\n745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466)\n745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012)\n745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773)\n745476 - CVE-2011-3553 OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794)\n745492 - CVE-2011-3558 OpenJDK: Hotspot unspecified issue (Hotspot, 7070134)\n747191 - CVE-2011-3545 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Sound)\n747198 - CVE-2011-3549 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Swing)\n747200 - CVE-2011-3550 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (AWT)\n747203 - CVE-2011-3516 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)\n747205 - CVE-2011-3546 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)\n747206 - CVE-2011-3555 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (JRE)\n747208 - CVE-2011-3561 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)\n\n6. Package List:\n\nRed Hat Enterprise Linux AS version 4 Extras:\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm\n\nRed Hat Desktop version 4 Extras:\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm\n\nRed Hat Enterprise Linux ES version 4 Extras:\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm\n\nRed Hat Enterprise Linux WS version 4 Extras:\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5):\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 5):\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6):\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3389.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3516.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3521.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3544.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3545.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3546.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3547.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3548.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3549.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3550.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3551.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3552.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3553.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3554.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3555.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3556.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3557.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3558.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3560.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3561.html\nhttps://access.redhat.com/security/updates/classification/#critical\nhttp://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2011 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFOnw+BXlSAg2UNWIIRArM2AJwNT0vxdrXLgkZjOCwP8LkDemBYzQCbBrE3\n0MJzQCB587rTzSRSo+gGytc=\n=809z\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. \nHP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.12 or earlier\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2011-3516 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6\nCVE-2011-3521 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3544 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3545 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3546 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8\nCVE-2011-3547 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2011-3548 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3549 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3550 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6\nCVE-2011-3551 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\nCVE-2011-3552 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6\nCVE-2011-3553 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\nCVE-2011-3554 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3556 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2011-3557 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2011-3558 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2011-3560 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2011-3561 (AV:A/AC:H/Au:N/C:P/I:N/A:N) 1.8\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following Java version upgrades to resolve these vulnerabilities. This bulletin will be revised as other upgrades for additional supported Java versions become available. \nThe upgrades are available from the following location\n\nhttp://www.hp.com/go/java\n\nHP-UX B.11.11, B.11.23, B.11.31\n JDK and JRE v6.0.13 or subsequent\n\nMANUAL ACTIONS: Yes - Update\nFor Java v6.0.12 and earlier, update to Java v6.0.13 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\nHP-UX B.11.23\nHP-UX B.11.31\n===========\nJre60.JRE60-COM\nJre60.JRE60-IPF32\nJre60.JRE60-IPF32-HS\nJre60.JRE60-IPF64\nJre60.JRE60-IPF64-HS\nJre60.JRE60-PA20\nJre60.JRE60-PA20-HS\nJre60.JRE60-PA20W\nJre60.JRE60-PA20W-HS\nJdk60.JDK60-COM\nJdk60.JDK60-IPF32\nJdk60.JDK60-IPF64\nJdk60.JDK60-PA20\nJdk60.JDK60-PA20W\naction: install revision 1.6.0.13.00 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) 23 January 2012 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in the title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners", "sources": [ { "db": "NVD", "id": "CVE-2011-3516" }, { "db": "JVNDB", "id": "JVNDB-2011-002576" }, { "db": "BID", "id": "50229" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "108800" }, { "db": "PACKETSTORM", "id": "123734" }, { "db": "PACKETSTORM", "id": "110783" }, { "db": "PACKETSTORM", "id": "105998" }, { "db": "PACKETSTORM", "id": "109072" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-3516", "trust": 3.2 }, { "db": "BID", "id": "50229", "trust": 1.9 }, { "db": "SECUNIA", "id": "48308", "trust": 1.1 }, { "db": "SECTRACK", "id": "1026215", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2011-002576", "trust": 0.8 }, { "db": "NSFOCUS", "id": "19032", "trust": 0.6 }, { "db": "NSFOCUS", "id": "19819", "trust": 0.6 }, { "db": "NSFOCUS", "id": "18025", "trust": 0.6 }, { "db": "NSFOCUS", "id": "19096", "trust": 0.6 }, { "db": "NSFOCUS", "id": "20539", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201110-482", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-17-213-02", "trust": 0.3 }, { "db": "PACKETSTORM", "id": "106640", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "108800", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "123734", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "110783", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "105998", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "109072", "trust": 0.1 } ], "sources": [ { "db": "BID", "id": "50229" }, { "db": "JVNDB", "id": "JVNDB-2011-002576" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "108800" }, { "db": "PACKETSTORM", "id": "123734" }, { "db": "PACKETSTORM", "id": "110783" }, { "db": "PACKETSTORM", "id": "105998" }, { "db": "PACKETSTORM", "id": "109072" }, { "db": "CNNVD", "id": "CNNVD-201110-482" }, { "db": "NVD", "id": "CVE-2011-3516" } ] }, "id": "VAR-201110-0347", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 1.0 }, "last_update_date": "2024-08-14T13:06:37.760000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Oracle Java SE Critical Patch Update Advisory - October 2011", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" }, { "title": "RHSA-2011:1384", "trust": 0.8, "url": "http://rhn.redhat.com/errata/RHSA-2011-1384.html" }, { "title": "RHSA-2013:1455", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2013-1455.html" }, { "title": "October 2011 Critical Patch Updates Released", "trust": 0.8, "url": "http://blogs.oracle.com/security/entry/october_2011_critical_patch_updates" }, { "title": "VMSA-2012-0003", "trust": 0.8, "url": "http://www.vmware.com/jp/support/support-resources/advisories/VMSA-2012-0003.html" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-002576" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2011-3516" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/50229" }, { "trust": 1.4, "url": "http://www.ibm.com/developerworks/java/jdk/alerts/" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2013-1455.html" }, { "trust": 1.0, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2" }, { "trust": 1.0, "url": "http://secunia.com/advisories/48308" }, { "trust": 1.0, "url": "http://www.redhat.com/support/errata/rhsa-2011-1384.html" }, { "trust": 1.0, "url": "http://www.securitytracker.com/id?1026215" }, { "trust": 1.0, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70851" }, { "trust": 1.0, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14273" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3516" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3516" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/18025" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/19096" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/19032" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/19819" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/20539" }, { "trust": 0.4, "url": "http://www.xerox.com/download/security/security-bulletin/1284333-14afb-4baadb5bccb00/cert_xrx12-002_v1.1.pdf" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3550" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3549" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3521" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3546" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3545" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3553" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3560" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3516" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3554" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3552" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3544" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3389" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3561" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3556" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3557" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3548" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3551" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3547" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-213-02" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100150852" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100154049" }, { "trust": 0.3, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03358587" }, { "trust": 0.3, "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?docid=emr_na-c03909126-1\u0026ac.admitted=1378134276525.876444892.492883150" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643845" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21641966" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21609004" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21609022" }, { "trust": 0.3, "url": "http://lists.vmware.com/pipermail/security-announce/2012/000162.html" }, { "trust": 0.3, "url": "http://www.vmware.com/security/advisories/vmsa-2012-0005.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3560.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3547.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3548.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3557.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3554.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3553.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3556.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3549.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3551.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3546.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3516.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3545.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3389.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3561.html" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.3, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3550.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3544.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3521.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3552.html" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.3, "url": "http://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://access.redhat.com/kb/docs/doc-11259" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4474" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3565" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0814" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3563" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3570" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0864" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3553" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4451" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3516" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3557" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3550" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0865" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4471" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3550" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3557" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3562" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3567" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3556" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3550" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4447" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4476" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3549" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3554" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3563" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0862" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4466" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3568" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4467" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3567" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4465" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4472" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3556" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0863" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3568" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3548" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3558" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3566" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3549" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3562" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3556" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3573" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3552" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4462" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4469" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4448" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3521" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3546" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3569" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3559" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0871" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0815" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3561" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3554" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4475" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3569" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3559" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3573" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3549" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3565" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0872" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3552" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3554" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3552" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4470" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4422" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3553" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0867" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4468" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3551" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4463" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3544" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3570" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3545" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3547" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0869" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3566" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4452" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0802" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3551" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4422" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3553" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4473" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3558" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201111-02.xml" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0873" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0868" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4454" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3389" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3551" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3557" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2012-0034.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2468.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0873.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1540.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1476.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2463.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2446.html" }, { "trust": 0.1, "url": "https://access.redhat.com/site/articles/11258" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1500.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0428.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1480.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2419.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3563.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0401.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2444.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0425.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2454.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5089.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1722.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5079.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0497.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0500.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0419.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2422.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1721.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5081.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0409.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5071.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0863.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0423.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1532.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3216.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5069.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0499.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0862" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0867.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5084.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0443.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0507.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2451.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0809.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1487.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0351.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0814.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-4820.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0503.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0427.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0433.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1493.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1569.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5073.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-4823.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2435.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2456.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-3743.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#low" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2407.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0871.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2470.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5068.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1541.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0868.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-4822.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0873" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3159.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1557.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5075.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2471.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2429.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2443.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1713.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3213.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0441.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2457.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2412.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5072.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1718.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0432.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0446.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1481.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1537.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1717.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1531.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2432.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2447.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0802.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2452.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0865.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0450.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1491.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2464.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0862.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1571.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2383.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2418.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1473.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0547.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1563.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2465.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2472.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2466.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2424.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2453.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0867" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2473.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2433.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2437.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1716.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0506.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5083.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0501.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1533.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3342.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0869" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0426.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2450.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3143.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0440.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1725.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0865" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0502.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2417.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0445.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2394.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2455.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0498.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1682.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2442.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2459.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2430.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0442.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0551.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0424.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0869.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2448.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0863" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1719.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1486.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-5035.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2384.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0169.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0505.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2469.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0438.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0871" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0868" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1478.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0435.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0434.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0802" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0814" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2420.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2440.html" }, { "trust": 0.1, "url": "http://secunia.com/psi_30_beta_launch" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/48308/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/48308/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48308" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3555" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2011-1384.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3558.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3555.html" }, { "trust": 0.1, "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.1, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.1, "url": "http://www.hp.com/go/java" }, { "trust": 0.1, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430" }, { "trust": 0.1, "url": "https://www.hp.com/go/swa" } ], "sources": [ { "db": "BID", "id": "50229" }, { "db": "JVNDB", "id": "JVNDB-2011-002576" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "108800" }, { "db": "PACKETSTORM", "id": "123734" }, { "db": "PACKETSTORM", "id": "110783" }, { "db": "PACKETSTORM", "id": "105998" }, { "db": "PACKETSTORM", "id": "109072" }, { "db": "CNNVD", "id": "CNNVD-201110-482" }, { "db": "NVD", "id": "CVE-2011-3516" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "50229" }, { "db": "JVNDB", "id": "JVNDB-2011-002576" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "108800" }, { "db": "PACKETSTORM", "id": "123734" }, { "db": "PACKETSTORM", "id": "110783" }, { "db": "PACKETSTORM", "id": "105998" }, { "db": "PACKETSTORM", "id": "109072" }, { "db": "CNNVD", "id": "CNNVD-201110-482" }, { "db": "NVD", "id": "CVE-2011-3516" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-10-18T00:00:00", "db": "BID", "id": "50229" }, { "date": "2011-10-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-002576" }, { "date": "2011-11-06T01:01:42", "db": "PACKETSTORM", "id": "106640" }, { "date": "2012-01-18T23:25:42", "db": "PACKETSTORM", "id": "108800" }, { "date": "2013-10-23T22:57:57", "db": "PACKETSTORM", "id": "123734" }, { "date": "2012-03-14T05:16:39", "db": "PACKETSTORM", "id": "110783" }, { "date": "2011-10-19T22:54:10", "db": "PACKETSTORM", "id": "105998" }, { "date": "2012-01-25T16:35:02", "db": "PACKETSTORM", "id": "109072" }, { "date": "1900-01-01T00:00:00", "db": "CNNVD", "id": "CNNVD-201110-482" }, { "date": "2011-10-19T21:55:01.003000", "db": "NVD", "id": "CVE-2011-3516" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-08-02T18:10:00", "db": "BID", "id": "50229" }, { "date": "2015-08-11T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-002576" }, { "date": "2011-10-21T00:00:00", "db": "CNNVD", "id": "CNNVD-201110-482" }, { "date": "2018-01-06T02:29:19.207000", "db": "NVD", "id": "CVE-2011-3516" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "109072" }, { "db": "CNNVD", "id": "CNNVD-201110-482" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Windows Run on Oracle Java SE of Java Runtime Environment (JRE) Component vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-002576" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-201110-482" } ], "trust": 0.6 } }
var-201110-0388
Vulnerability from variot
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI, a different vulnerability than CVE-2011-3556. Oracle Java SE is prone to a remote vulnerability in Java Runtime Environment. The vulnerability can be exploited over multiple protocols. This issue affects the 'RMI' sub-component. This vulnerability affects the following supported versions: JDK and JRE 7, 6 Update 27, 5.0 Update 31, 1.4.2_33, JRockit R28.1.4. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201111-02
http://security.gentoo.org/
Severity: Normal Title: Oracle JRE/JDK: Multiple vulnerabilities Date: November 05, 2011 Bugs: #340421, #354213, #370559, #387851 ID: 201111-02
Synopsis
Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact.
Background
The Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE) provide the Oracle Java platform (formerly known as Sun Java Platform).
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/sun-jre-bin < 1.6.0.29 >= 1.6.0.29 * 2 app-emulation/emul-linux-x86-java < 1.6.0.29 >= 1.6.0.29 * 3 dev-java/sun-jdk < 1.6.0.29 >= 1.6.0.29 * ------------------------------------------------------------------- NOTE: Packages marked with asterisks require manual intervention! ------------------------------------------------------------------- 3 affected packages -------------------------------------------------------------------
Description
Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below and the associated Oracle Critical Patch Update Advisory for details.
Impact
A remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code.
Workaround
There is no known workaround at this time.
Resolution
All Oracle JDK 1.6 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.6.0.29"
All Oracle JRE 1.6 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.6.0.29"
All users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to the latest version:
# emerge --sync # emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.6.0.29"
NOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically. This limitation is not present on a non-fetch restricted implementation such as dev-java/icedtea-bin.
References
[ 1 ] CVE-2010-3541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541 [ 2 ] CVE-2010-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548 [ 3 ] CVE-2010-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549 [ 4 ] CVE-2010-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550 [ 5 ] CVE-2010-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551 [ 6 ] CVE-2010-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552 [ 7 ] CVE-2010-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553 [ 8 ] CVE-2010-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554 [ 9 ] CVE-2010-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555 [ 10 ] CVE-2010-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556 [ 11 ] CVE-2010-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557 [ 12 ] CVE-2010-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558 [ 13 ] CVE-2010-3559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559 [ 14 ] CVE-2010-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560 [ 15 ] CVE-2010-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561 [ 16 ] CVE-2010-3562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562 [ 17 ] CVE-2010-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563 [ 18 ] CVE-2010-3565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565 [ 19 ] CVE-2010-3566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566 [ 20 ] CVE-2010-3567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567 [ 21 ] CVE-2010-3568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568 [ 22 ] CVE-2010-3569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569 [ 23 ] CVE-2010-3570 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570 [ 24 ] CVE-2010-3571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571 [ 25 ] CVE-2010-3572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572 [ 26 ] CVE-2010-3573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573 [ 27 ] CVE-2010-3574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574 [ 28 ] CVE-2010-4422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422 [ 29 ] CVE-2010-4447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447 [ 30 ] CVE-2010-4448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448 [ 31 ] CVE-2010-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450 [ 32 ] CVE-2010-4451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451 [ 33 ] CVE-2010-4452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452 [ 34 ] CVE-2010-4454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454 [ 35 ] CVE-2010-4462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462 [ 36 ] CVE-2010-4463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463 [ 37 ] CVE-2010-4465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465 [ 38 ] CVE-2010-4466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466 [ 39 ] CVE-2010-4467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467 [ 40 ] CVE-2010-4468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468 [ 41 ] CVE-2010-4469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469 [ 42 ] CVE-2010-4470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470 [ 43 ] CVE-2010-4471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471 [ 44 ] CVE-2010-4472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472 [ 45 ] CVE-2010-4473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473 [ 46 ] CVE-2010-4474 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474 [ 47 ] CVE-2010-4475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475 [ 48 ] CVE-2010-4476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476 [ 49 ] CVE-2011-0802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802 [ 50 ] CVE-2011-0814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814 [ 51 ] CVE-2011-0815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815 [ 52 ] CVE-2011-0862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862 [ 53 ] CVE-2011-0863 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863 [ 54 ] CVE-2011-0864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864 [ 55 ] CVE-2011-0865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865 [ 56 ] CVE-2011-0867 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867 [ 57 ] CVE-2011-0868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868 [ 58 ] CVE-2011-0869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869 [ 59 ] CVE-2011-0871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871 [ 60 ] CVE-2011-0872 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872 [ 61 ] CVE-2011-0873 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873 [ 62 ] CVE-2011-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389 [ 63 ] CVE-2011-3516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516 [ 64 ] CVE-2011-3521 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521 [ 65 ] CVE-2011-3544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544 [ 66 ] CVE-2011-3545 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545 [ 67 ] CVE-2011-3546 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546 [ 68 ] CVE-2011-3547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547 [ 69 ] CVE-2011-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548 [ 70 ] CVE-2011-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549 [ 71 ] CVE-2011-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550 [ 72 ] CVE-2011-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551 [ 73 ] CVE-2011-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552 [ 74 ] CVE-2011-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553 [ 75 ] CVE-2011-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554 [ 76 ] CVE-2011-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555 [ 77 ] CVE-2011-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556 [ 78 ] CVE-2011-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557 [ 79 ] CVE-2011-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558 [ 80 ] CVE-2011-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560 [ 81 ] CVE-2011-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201111-02.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Hitachi Cosminexus Products Java Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA46694
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46694/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46694
RELEASE DATE: 2011-11-08
DISCUSS ADVISORY: http://secunia.com/advisories/46694/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46694/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46694
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Hitachi has acknowledged multiple vulnerabilities in Hitachi Cosminexus products, which can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
The vulnerabilities are caused due to vulnerabilities in the bundled version of Cosminexus Developer's Kit for Java.
For more information: SA46512
Please see the vendor's advisory for a list of affected products. Please see the vendor's advisory for details.
ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-024/index.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: java-1.6.0-ibm security update Advisory ID: RHSA-2012:0034-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0034.html Issue date: 2012-01-18 CVE Names: CVE-2011-3389 CVE-2011-3516 CVE-2011-3521 CVE-2011-3544 CVE-2011-3545 CVE-2011-3546 CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 CVE-2011-3550 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3560 CVE-2011-3561 =====================================================================
- Summary:
Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
- Detailed vulnerability descriptions are linked from the IBM "Security alerts" page, listed in the References section. (CVE-2011-3389, CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3556, CVE-2011-3557, CVE-2011-3560, CVE-2011-3561)
All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java 6 SR10 release. All running instances of IBM Java must be restarted for the update to take effect.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
- Bugs fixed (http://bugzilla.redhat.com/):
737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) 745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936) 745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600) 745391 - CVE-2011-3551 OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640) 745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417) 745399 - CVE-2011-3544 OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823) 745442 - CVE-2011-3521 OpenJDK: IIOP deserialization code execution (Deserialization, 7055902) 745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857) 745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466) 745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012) 745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773) 745476 - CVE-2011-3553 OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794) 747191 - CVE-2011-3545 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Sound) 747198 - CVE-2011-3549 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Swing) 747200 - CVE-2011-3550 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (AWT) 747203 - CVE-2011-3516 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment) 747205 - CVE-2011-3546 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment) 747208 - CVE-2011-3561 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)
- Package List:
Red Hat Enterprise Linux AS version 4 Extras:
i386: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.i386.rpm
ppc: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.ppc.rpm java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.ppc64.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.ppc.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.ppc.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.ppc.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.ppc.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.ppc64.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.ppc.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.ppc.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.ppc64.rpm
s390: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.s390.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.s390.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.s390.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.s390.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.s390.rpm
s390x: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.s390x.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.s390x.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.s390x.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.s390x.rpm
x86_64: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.x86_64.rpm
Red Hat Desktop version 4 Extras:
i386: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.i386.rpm
x86_64: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.x86_64.rpm
Red Hat Enterprise Linux ES version 4 Extras:
i386: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.i386.rpm
x86_64: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.x86_64.rpm
Red Hat Enterprise Linux WS version 4 Extras:
i386: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.i386.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.i386.rpm
x86_64: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.x86_64.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.i386.rpm
x86_64: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.10.0-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.i386.rpm
ppc: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.ppc64.rpm java-1.6.0-ibm-accessibility-1.6.0.10.0-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el5.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.ppc64.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.ppc.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.ppc64.rpm
s390x: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.s390.rpm java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.s390x.rpm java-1.6.0-ibm-accessibility-1.6.0.10.0-1jpp.2.el5.s390x.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.s390.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.s390x.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.s390.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.s390.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.s390x.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.s390.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.s390x.rpm
x86_64: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.10.0-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el5.x86_64.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.i386.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.x86_64.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el6.i686.rpm
x86_64: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node Supplementary (v. 6):
x86_64: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el6.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el6.i686.rpm
ppc64: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el6.ppc64.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el6.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.ppc.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el6.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el6.ppc64.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el6.ppc64.rpm
s390x: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el6.s390x.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el6.s390x.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.s390.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el6.s390x.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el6.s390x.rpm
x86_64: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el6.i686.rpm
x86_64: java-1.6.0-ibm-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.i686.rpm java-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el6.x86_64.rpm java-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-3389.html https://www.redhat.com/security/data/cve/CVE-2011-3516.html https://www.redhat.com/security/data/cve/CVE-2011-3521.html https://www.redhat.com/security/data/cve/CVE-2011-3544.html https://www.redhat.com/security/data/cve/CVE-2011-3545.html https://www.redhat.com/security/data/cve/CVE-2011-3546.html https://www.redhat.com/security/data/cve/CVE-2011-3547.html https://www.redhat.com/security/data/cve/CVE-2011-3548.html https://www.redhat.com/security/data/cve/CVE-2011-3549.html https://www.redhat.com/security/data/cve/CVE-2011-3550.html https://www.redhat.com/security/data/cve/CVE-2011-3551.html https://www.redhat.com/security/data/cve/CVE-2011-3552.html https://www.redhat.com/security/data/cve/CVE-2011-3553.html https://www.redhat.com/security/data/cve/CVE-2011-3554.html https://www.redhat.com/security/data/cve/CVE-2011-3556.html https://www.redhat.com/security/data/cve/CVE-2011-3557.html https://www.redhat.com/security/data/cve/CVE-2011-3560.html https://www.redhat.com/security/data/cve/CVE-2011-3561.html https://access.redhat.com/security/updates/classification/#critical http://www.ibm.com/developerworks/java/jdk/alerts/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFPFx2vXlSAg2UNWIIRAhTiAKC/De/npwAlSJPQ/Grh51Bmxq3M5ACgvw8T hoc/VGW50B8EPSdZ48jR034= =nw0v -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . This combines the two previous openjdk-6 advisories, DSA-2311-1 and DSA-2356-1.
CVE-2011-0862 Integer overflow errors in the JPEG and font parser allow untrusted code (including applets) to elevate its privileges.
CVE-2011-0864 Hotspot, the just-in-time compiler in OpenJDK, mishandled certain byte code instructions, allowing untrusted code (including applets) to crash the virtual machine.
CVE-2011-0865 A race condition in signed object deserialization could allow untrusted code to modify signed content, apparently leaving its signature intact.
CVE-2011-0867 Untrusted code (including applets) could access information about network interfaces which was not intended to be public. (Note that the interface MAC address is still available to untrusted code.)
CVE-2011-0868 A float-to-long conversion could overflow, , allowing untrusted code (including applets) to crash the virtual machine.
CVE-2011-0869 Untrusted code (including applets) could intercept HTTP requests by reconfiguring proxy settings through a SOAP connection.
CVE-2011-0871 Untrusted code (including applets) could elevate its privileges through the Swing MediaTracker code.
CVE-2011-3521 The CORBA implementation contains a deserialization vulnerability in the IIOP implementation, allowing untrusted Java code (such as applets) to elevate its privileges.
CVE-2011-3547 The skip() method in java.io.InputStream uses a shared buffer, allowing untrusted Java code (such as applets) to access data that is skipped by other code.
CVE-2011-3551 The Java2D C code contains an integer overflow which results in a heap-based buffer overflow, potentially allowing untrusted Java code (such as applets) to elevate its privileges.
CVE-2011-3552 Malicous Java code can use up an excessive amount of UDP ports, leading to a denial of service.
CVE-2011-3553 JAX-WS enables stack traces for certain server responses by default, potentially leaking sensitive information.
CVE-2011-3554 JAR files in pack200 format are not properly checked for errors, potentially leading to arbitrary code execution when unpacking crafted pack200 files.
CVE-2011-3556 The RMI Registry server lacks access restrictions on certain methods, allowing a remote client to execute arbitary code.
CVE-2011-3557 The RMI Registry server fails to properly restrict privileges of untrusted Java code, allowing RMI clients to elevate their privileges on the RMI Registry server.
CVE-2011-3560 The com.sun.net.ssl.HttpsURLConnection class does not perform proper security manager checks in the setSSLSocketFactory() method, allowing untrusted Java code to bypass security policy restrictions.
For the oldstable distribution (lenny), these problems have been fixed in version 6b18-1.8.10-0~lenny1.
IcedTea6 prior to 1.10.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D (CVE-2011-3551).
IcedTea6 prior to 1.10.4 allows remote attackers to affect integrity via unknown vectors related to Networking (CVE-2011-3552).
IcedTea6 prior to 1.10.4 allows remote authenticated users to affect confidentiality, related to JAXWS (CVE-2011-3553).
A flaw was found in the way the SSL 3 and TLS 1.0 protocols used block ciphers in cipher-block chaining (CBC) mode. An attacker able to perform a chosen plain text attack against a connection mixing trusted and untrusted data could use this flaw to recover portions of the trusted data sent over the connection (CVE-2011-3389).
Note: This update mitigates the CVE-2011-3389 issue by splitting the first application data record byte to a separate SSL/TLS protocol record. This mitigation may cause compatibility issues with some SSL/TLS implementations and can be disabled using the jsse.enableCBCProtection boolean property. This can be done on the command line by appending the flag -Djsse.enableCBCProtection=false to the java command.
IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to HotSpot (CVE-2011-3558).
Deepak Bhole discovered a flaw in the Same Origin Policy (SOP) implementation in the IcedTea project Web browser plugin. A malicious applet could use this flaw to bypass SOP protection and open connections to any sub-domain of the second-level domain of the applet's origin, as well as any sub-domain of the domain that is the suffix of the origin second-level domain. For example, IcedTea-Web plugin allowed applet from some.host.example.com to connect to other.host.example.com, www.example.com, and example.com, as well as www.ample.com or ample.com. (CVE-2011-3377). The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFOvSWxmqjQ0CJFipgRAnk1AKDUddZYCqwkfhoUpLxEL0BT3mDf0ACfbuTI aaF2JGTyfceBABs92un/yVA= =yPsD -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . 6) - x86_64
- These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.12 or earlier
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-3516 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2011-3521 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3544 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3545 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3546 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8 CVE-2011-3547 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3548 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3549 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3550 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2011-3551 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2011-3552 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2011-3553 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2011-3554 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3556 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-3557 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2011-3558 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3560 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2011-3561 (AV:A/AC:H/Au:N/C:P/I:N/A:N) 1.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following Java version upgrades to resolve these vulnerabilities. This bulletin will be revised as other upgrades for additional supported Java versions become available. The upgrades are available from the following location
http://www.hp.com/go/java
HP-UX B.11.11, B.11.23, B.11.31 JDK and JRE v6.0.13 or subsequent
MANUAL ACTIONS: Yes - Update For Java v6.0.12 and earlier, update to Java v6.0.13 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 =========== Jre60.JRE60-COM Jre60.JRE60-IPF32 Jre60.JRE60-IPF32-HS Jre60.JRE60-IPF64 Jre60.JRE60-IPF64-HS Jre60.JRE60-PA20 Jre60.JRE60-PA20-HS Jre60.JRE60-PA20W Jre60.JRE60-PA20W-HS Jdk60.JDK60-COM Jdk60.JDK60-IPF32 Jdk60.JDK60-IPF64 Jdk60.JDK60-PA20 Jdk60.JDK60-PA20W action: install revision 1.6.0.13.00 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) 23 January 2012 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201110-0388", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jdk", "scope": "eq", "trust": 1.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre", "scope": "eq", "trust": 1.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre", "scope": "eq", "trust": 1.6, "vendor": "sun", "version": "1.7.0" }, { "model": "jdk", "scope": "eq", "trust": 1.6, "vendor": "sun", "version": "1.7.0" }, { "model": "jre", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "jdk", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_22" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_22" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_26" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_17" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_6" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_17" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_6" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_27" }, { "model": "jrockit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "r28.1.3" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_27" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_1" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_1" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_18" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_18" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_7" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_25" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_7" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_25" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_31" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_31" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_21" }, { "model": "jrockit", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "r28.1.4" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_21" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_4" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_4" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_28" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_28" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_11" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_11" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_2" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_2" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_10" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_10" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_16" }, { "model": "jrockit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "r28.1.1" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_16" }, { "model": "jrockit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "r28.1.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_14" }, { "model": "jrockit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "r28.0.2" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_14" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_12" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_12" }, { "model": "jrockit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "r28.0.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_29" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_29" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_20" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_24" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_20" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_24" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_5" }, { "model": "jre", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.4.2_33" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_5" }, { "model": "jdk", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.4.2_33" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_26" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_8" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_8" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_32" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_32" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_15" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_15" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_30" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_30" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_3" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_3" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_9" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_9" }, { "model": "jre", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jdk", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_23" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_23" }, { "model": "jrockit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "r28.0.1" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_19" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_19" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_13" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_13" }, { "model": "jre 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.5.0 32", "scope": "ne", "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 08", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "sdk 1.4.2 30", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 24", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.6.0 28", "scope": "ne", "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.4.2 30", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 17", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 16", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 08", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 1.5.0 32", "scope": "ne", "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.4.2 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.5.0 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 27", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 23", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 22", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 18", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 1.4.2 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.4.2 32", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 28", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 12", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 1.4.2 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 22", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 27", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "sdk 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.4.2 12", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 24", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 09", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 16", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 12", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 1.4.2 12", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.5.0 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.7" }, { "model": "jre 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.4.2 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 01", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 1.5.0 28", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.4.2 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 22", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.4.2 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 1.5.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 28", "scope": "ne", "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "sdk 09", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.4.2 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 23", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.4.2 17", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 10", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 28", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 1.4.2 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.4.2 33", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 26", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 30", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 26", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 24", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 1.4.2 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 22", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 11", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.4.2 16", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 18", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.7" }, { "model": "sdk 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "sdk 1.4.2 16", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 17", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 24", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "sdk 1.4.2 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 30", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "sdk 1.4.2 33", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "sdk 1.4.2 32", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk .0 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 0 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 24", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0.0 11", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.5.0.0 09", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 11-b03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0 12", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 28", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk .0 04", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 01-b06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.6" }, { "model": "jdk .0 03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0.0 08", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0.0 09", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.5.0.0 07", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 2", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 01", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 27", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 07-b03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0.0 08", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 20", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0.0 12", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "cosminexus server web edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux enterprise for sap applications sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "java se sr8 fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8" }, { "model": "linux enterprise sdk sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "trio tview software", "scope": "eq", "trust": 0.3, "vendor": "schneider electric", "version": "3.27.0" }, { "model": "jrockit r27.6.0-50", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.5.015" }, { "model": "antivirus update19", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "processing kit for xml", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.16.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.1" }, { "model": "nonstop server h06.19.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr11 pf1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "enterprise linux as extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.225" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.10" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "jdk 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "nonstop server j06.08.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus studio web edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "nonstop server h06.15.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.06" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "trio tview software", "scope": "ne", "trust": 0.3, "vendor": "schneider electric", "version": "3.29.0" }, { "model": "nonstop server j06.06.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "15.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1" }, { "model": "nonstop server j06.14", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "sdk 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "jrockit r27.6.2", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "jrockit r27.6.5", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "antivirus update17", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5" }, { "model": "ucosminexus application server express", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-70" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.8" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server j06.09.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.26", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.06" }, { "model": "systems insight manager sp2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "systems insight manager sp1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "java se sr10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "nonstop server j06.04.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system platform sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.2" }, { "model": "nonstop server j06.13", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "linux enterprise server sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "java se sr12", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.0" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "nonstop server j06.09.04", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.2" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "jre 27", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0.0.52" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "cosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "nonstop server h06.18.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.15.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.22.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.014" }, { "model": "nonstop server j06.12.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "ir", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "esx", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.5" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "jrockit r27.6.9", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server j06.05.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.011" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.02" }, { "model": "nonstop server j06.08.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus server standard edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server j06.09.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jrockit r27.6.3", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "systems insight manager sp5", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "jdk update14", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "antivirus update23", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.220" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "jdk update24", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.01" }, { "model": "nonstop server j06.16", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "systems insight manager sp1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.1" }, { "model": "ucosminexus client for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "java se sr6", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "nonstop server j6.0.14.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "freeflow print server 73.c0.41", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.011" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.2" }, { "model": "enterprise linux desktop supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "jrockit r27.1.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "antivirus update14", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "010" }, { "model": "enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "jrockit r28.1.4", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 11", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "ucosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "ucosminexus service platform messaging", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "antivirus update22", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "antivirus update24", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0" }, { "model": "nonstop server j06.07.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2011" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "nonstop server j06.09.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk 1.5.0.0 04", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "jrockit r28.0.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "nonstop server j06.10.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "jrockit r27.6.6", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "nonstop server j06.06.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.96" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.012" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "nonstop server h06.24.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "jdk 1.5.0.0 06", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.3" }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.0" }, { "model": "jrockit r27.6.8", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.223" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.219" }, { "model": "nonstop server h06.25", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "messaging storage server sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.012" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.04" }, { "model": "ucosminexus application server light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.15.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "freeflow print server 73.b3.61", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "linux enterprise software development kit sp1 for sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "antivirus update16", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.04" }, { "model": "antivirus update18", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "enterprise linux for sap server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "virtualcenter update 6b", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "2.5" }, { "model": "java se sr12-fp5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "openjdk", "scope": "eq", "trust": 0.3, "vendor": "openjdk", "version": "6" }, { "model": "security appscan standard", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "jre 1.5.0 09", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "enterprise linux ws extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "java se sr9", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0" }, { "model": "jrockit r28.1.1", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "enterprise linux es extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "jre beta", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "nonstop server j06.07.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "message networking sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux enterprise server for vmware sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "openjdk", "scope": "eq", "trust": 0.3, "vendor": "openjdk", "version": "1.6" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.010" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.013" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "jrockit r27.6.4", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "nonstop server j06.08.04", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.08.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura system manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "messaging storage server sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "esx", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "enterprise server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "jdk 07", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "systems insight manager update", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.31" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.015" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.010" }, { "model": "nonstop server h06.15.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.24", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.013" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.018" }, { "model": "cosminexus primary server base", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.019" }, { "model": "antivirus update20", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "java se sr10", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "nonstop server h06.16.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus developer professional for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.18.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.20.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "enterprise linux hpc node optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "java se sr11", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.6" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.015" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "systems insight manager sp2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.2" }, { "model": "systems insight manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "nonstop server j06.13.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update13", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "nonstop server h06.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.014" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.019" }, { "model": "enterprise server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "jdk 1.5.0 11-b03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "nonstop server h06.19.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "java se sr7", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "java se sr13-fp10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "esx", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "antivirus update21", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "jdk update16", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "jrockit r28.0.1", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "jdk update19", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "openpages grc platform", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.2.1" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "nonstop server h06.22.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "enterprise linux workstation optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "jrockit r28.1.3", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "systems insight manager sp3", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.020" }, { "model": "enterprise linux as for sap", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "cosminexus studio standard edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "nonstop server h06.19.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update23", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "linux enterprise server sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.03" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.7" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.05" }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.1" }, { "model": "jre 28", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.020" }, { "model": "interactive response", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.1" }, { "model": "nonstop server j06.11.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr9-fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0" }, { "model": "nonstop server j06.15", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.03" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2011" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "2008" }, { "model": "messaging application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "update manager update", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "5.01" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.226" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.21.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "virtualcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5" }, { "model": "jrockit r27.6.7", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "systems insight manager sp2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "antivirus update25", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "nonstop server h06.20.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "jre 10-b03", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "jrockit r27.6.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-80" }, { "model": "cosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.2" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0" }, { "model": "messaging storage server sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "nonstop server j06.05.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jre 07", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "nonstop server j06.07.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cms server aux", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "15.0" }, { "model": "nonstop server h06.21.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server h06.19.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk 0 09", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "linux enterprise java sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "jre 1.5.0 08", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "hirdb for java", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.2" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.10" }, { "model": "java ibm 31-bit sdk for z/os", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "ucosminexus application server smart edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.227" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.7" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.224" }, { "model": "nonstop server j06.11.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "nonstop server h06.26.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "cosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "linux enterprise server sp1 for sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.221" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.021" }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "enterprise linux server optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "desktop extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "systems insight manager sp6", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "nonstop server j06.04.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "nonstop server j06.04.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "nonstop server j06.06.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus primary server base", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.016" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "nonstop server h06.21.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.021" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.07" }, { "model": "nonstop server j06.06.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.17.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk 1.5.0 07-b03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "jdk update25", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "jdk update21", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.016" }, { "model": "linux enterprise software development kit sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "systems insight manager sp1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "java se sr13-fp11", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.4.2" }, { "model": "network node manager i", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.1" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.018" }, { "model": "update manager", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura system platform sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "jdk 1.6.0 01-b06", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "cosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.07" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "enterprise linux sap", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "nonstop server h06.20.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "nonstop server j06.10.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "enterprise linux desktop optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server h06.17.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.017" }, { "model": "enterprise linux hpc node supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "ucosminexus application server standard-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "nonstop server h06.16.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update17", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "jdk 1.5.0.0 03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.4" }, { "model": "antivirus update15", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.2" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "nonstop server j06.05.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "linux enterprise java sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "sdk 02", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.017" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "jdk update22", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.222" }, { "model": "java se sr1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "nonstop server h06.20.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update15", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "cosminexus developer no version", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5" }, { "model": "jdk 0 03", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "jdk update18", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "jdk update20", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "nonstop server j06.09.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0.1" }, { "model": "linux enterprise desktop sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "nonstop server h06.17.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.08.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura conferencing standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "nonstop server j06.10.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "nonstop server h06.25.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.18.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus application server no version", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.27", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.05" }, { "model": "nonstop server h06.17.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.14.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.2" } ], "sources": [ { "db": "BID", "id": "50234" }, { "db": "CNNVD", "id": "CNNVD-201110-480" }, { "db": "NVD", "id": "CVE-2011-3557" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Oracle", "sources": [ { "db": "CNNVD", "id": "CNNVD-201110-480" } ], "trust": 0.6 }, "cve": "CVE-2011-3557", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2011-3557", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.1, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2011-3557", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201110-480", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2011-3557", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3557" }, { "db": "CNNVD", "id": "CNNVD-201110-480" }, { "db": "NVD", "id": "CVE-2011-3557" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI, a different vulnerability than CVE-2011-3556. Oracle Java SE is prone to a remote vulnerability in Java Runtime Environment. \nThe vulnerability can be exploited over multiple protocols. This issue affects the \u0027RMI\u0027 sub-component. \nThis vulnerability affects the following supported versions:\nJDK and JRE 7, 6 Update 27, 5.0 Update 31, 1.4.2_33, JRockit R28.1.4. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201111-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Oracle JRE/JDK: Multiple vulnerabilities\n Date: November 05, 2011\n Bugs: #340421, #354213, #370559, #387851\n ID: 201111-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in the Oracle JRE/JDK,\nallowing attackers to cause unspecified impact. \n\nBackground\n==========\n\nThe Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and\nthe Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE)\nprovide the Oracle Java platform (formerly known as Sun Java Platform). \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-java/sun-jre-bin \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n 2 app-emulation/emul-linux-x86-java\n \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n 3 dev-java/sun-jdk \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n -------------------------------------------------------------------\n NOTE: Packages marked with asterisks require manual intervention!\n -------------------------------------------------------------------\n 3 affected packages\n -------------------------------------------------------------------\n\nDescription\n===========\n\nMultiple vulnerabilities have been reported in the Oracle Java\nimplementation. Please review the CVE identifiers referenced below and\nthe associated Oracle Critical Patch Update Advisory for details. \n\nImpact\n======\n\nA remote attacker could exploit these vulnerabilities to cause\nunspecified impact, possibly including remote execution of arbitrary\ncode. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Oracle JDK 1.6 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-java/sun-jdk-1.6.0.29\"\n\nAll Oracle JRE 1.6 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-java/sun-jre-bin-1.6.0.29\"\n\nAll users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to\nthe latest version:\n\n # emerge --sync\n # emerge -a -1 -v \"\u003e=app-emulation/emul-linux-x86-java-1.6.0.29\"\n\nNOTE: As Oracle has revoked the DLJ license for its Java\nimplementation, the packages can no longer be updated automatically. \nThis limitation is not present on a non-fetch restricted implementation\nsuch as dev-java/icedtea-bin. \n\nReferences\n==========\n\n[ 1 ] CVE-2010-3541\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541\n[ 2 ] CVE-2010-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548\n[ 3 ] CVE-2010-3549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549\n[ 4 ] CVE-2010-3550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550\n[ 5 ] CVE-2010-3551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551\n[ 6 ] CVE-2010-3552\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552\n[ 7 ] CVE-2010-3553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553\n[ 8 ] CVE-2010-3554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554\n[ 9 ] CVE-2010-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555\n[ 10 ] CVE-2010-3556\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556\n[ 11 ] CVE-2010-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557\n[ 12 ] CVE-2010-3558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558\n[ 13 ] CVE-2010-3559\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559\n[ 14 ] CVE-2010-3560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560\n[ 15 ] CVE-2010-3561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561\n[ 16 ] CVE-2010-3562\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562\n[ 17 ] CVE-2010-3563\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563\n[ 18 ] CVE-2010-3565\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565\n[ 19 ] CVE-2010-3566\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566\n[ 20 ] CVE-2010-3567\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567\n[ 21 ] CVE-2010-3568\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568\n[ 22 ] CVE-2010-3569\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569\n[ 23 ] CVE-2010-3570\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570\n[ 24 ] CVE-2010-3571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571\n[ 25 ] CVE-2010-3572\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572\n[ 26 ] CVE-2010-3573\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573\n[ 27 ] CVE-2010-3574\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574\n[ 28 ] CVE-2010-4422\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422\n[ 29 ] CVE-2010-4447\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447\n[ 30 ] CVE-2010-4448\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448\n[ 31 ] CVE-2010-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450\n[ 32 ] CVE-2010-4451\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451\n[ 33 ] CVE-2010-4452\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452\n[ 34 ] CVE-2010-4454\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454\n[ 35 ] CVE-2010-4462\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462\n[ 36 ] CVE-2010-4463\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463\n[ 37 ] CVE-2010-4465\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465\n[ 38 ] CVE-2010-4466\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466\n[ 39 ] CVE-2010-4467\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467\n[ 40 ] CVE-2010-4468\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468\n[ 41 ] CVE-2010-4469\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469\n[ 42 ] CVE-2010-4470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470\n[ 43 ] CVE-2010-4471\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471\n[ 44 ] CVE-2010-4472\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472\n[ 45 ] CVE-2010-4473\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473\n[ 46 ] CVE-2010-4474\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474\n[ 47 ] CVE-2010-4475\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475\n[ 48 ] CVE-2010-4476\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476\n[ 49 ] CVE-2011-0802\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802\n[ 50 ] CVE-2011-0814\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814\n[ 51 ] CVE-2011-0815\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815\n[ 52 ] CVE-2011-0862\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862\n[ 53 ] CVE-2011-0863\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863\n[ 54 ] CVE-2011-0864\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864\n[ 55 ] CVE-2011-0865\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865\n[ 56 ] CVE-2011-0867\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867\n[ 57 ] CVE-2011-0868\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868\n[ 58 ] CVE-2011-0869\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869\n[ 59 ] CVE-2011-0871\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871\n[ 60 ] CVE-2011-0872\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872\n[ 61 ] CVE-2011-0873\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873\n[ 62 ] CVE-2011-3389\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389\n[ 63 ] CVE-2011-3516\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516\n[ 64 ] CVE-2011-3521\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521\n[ 65 ] CVE-2011-3544\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544\n[ 66 ] CVE-2011-3545\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545\n[ 67 ] CVE-2011-3546\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546\n[ 68 ] CVE-2011-3547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547\n[ 69 ] CVE-2011-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548\n[ 70 ] CVE-2011-3549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549\n[ 71 ] CVE-2011-3550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550\n[ 72 ] CVE-2011-3551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551\n[ 73 ] CVE-2011-3552\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552\n[ 74 ] CVE-2011-3553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553\n[ 75 ] CVE-2011-3554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554\n[ 76 ] CVE-2011-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555\n[ 77 ] CVE-2011-3556\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556\n[ 78 ] CVE-2011-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557\n[ 79 ] CVE-2011-3558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558\n[ 80 ] CVE-2011-3560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560\n[ 81 ] CVE-2011-3561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201111-02.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nHitachi Cosminexus Products Java Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA46694\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46694/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46694\n\nRELEASE DATE:\n2011-11-08\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46694/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46694/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46694\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nHitachi has acknowledged multiple vulnerabilities in Hitachi\nCosminexus products, which can be exploited by malicious users to\ndisclose certain information and by malicious people to disclose\npotentially sensitive information, hijack a user\u0027s session, conduct\nDNS cache poisoning attacks, manipulate certain data, cause a DoS\n(Denial of Service), and compromise a vulnerable system. \n\nThe vulnerabilities are caused due to vulnerabilities in the bundled\nversion of Cosminexus Developer\u0027s Kit for Java. \n\nFor more information:\nSA46512\n\nPlease see the vendor\u0027s advisory for a list of affected products. Please see the vendor\u0027s advisory for\ndetails. \n\nORIGINAL ADVISORY:\nhttp://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-024/index.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. In a typical operating environment, these are of low security risk as\nthe runtime is not used on untrusted applets. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: java-1.6.0-ibm security update\nAdvisory ID: RHSA-2012:0034-01\nProduct: Red Hat Enterprise Linux Extras\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2012-0034.html\nIssue date: 2012-01-18\nCVE Names: CVE-2011-3389 CVE-2011-3516 CVE-2011-3521 \n CVE-2011-3544 CVE-2011-3545 CVE-2011-3546 \n CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 \n CVE-2011-3550 CVE-2011-3551 CVE-2011-3552 \n CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 \n CVE-2011-3557 CVE-2011-3560 CVE-2011-3561 \n=====================================================================\n\n1. Summary:\n\nUpdated java-1.6.0-ibm packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise\nLinux 5 and 6 Supplementary. \n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Desktop version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux AS version 4 Extras - i386, ppc, s390, s390x, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux ES version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux WS version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. Detailed\nvulnerability descriptions are linked from the IBM \"Security alerts\" page,\nlisted in the References section. (CVE-2011-3389, CVE-2011-3516,\nCVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546, CVE-2011-3547,\nCVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551, CVE-2011-3552,\nCVE-2011-3553, CVE-2011-3554, CVE-2011-3556, CVE-2011-3557, CVE-2011-3560,\nCVE-2011-3561)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM Java 6 SR10 release. All running instances\nof IBM Java must be restarted for the update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)\n745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936)\n745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600)\n745391 - CVE-2011-3551 OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640)\n745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417)\n745399 - CVE-2011-3544 OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823)\n745442 - CVE-2011-3521 OpenJDK: IIOP deserialization code execution (Deserialization, 7055902)\n745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857)\n745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466)\n745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012)\n745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773)\n745476 - CVE-2011-3553 OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794)\n747191 - CVE-2011-3545 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Sound)\n747198 - CVE-2011-3549 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Swing)\n747200 - CVE-2011-3550 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (AWT)\n747203 - CVE-2011-3516 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)\n747205 - CVE-2011-3546 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)\n747208 - CVE-2011-3561 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)\n\n6. Package List:\n\nRed Hat Enterprise Linux AS version 4 Extras:\n\ni386:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.i386.rpm\n\nppc:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.ppc.rpm\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.ppc64.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.ppc.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.ppc64.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.ppc.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.ppc64.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.ppc.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.ppc64.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.ppc.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.ppc64.rpm\njava-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.ppc.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.ppc.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.ppc64.rpm\n\ns390:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.s390.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.s390.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.s390.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.s390.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.s390.rpm\n\ns390x:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.s390x.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.s390x.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.s390x.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.s390x.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.s390x.rpm\n\nx86_64:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\n\nRed Hat Desktop version 4 Extras:\n\ni386:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.i386.rpm\n\nx86_64:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\n\nRed Hat Enterprise Linux ES version 4 Extras:\n\ni386:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.i386.rpm\n\nx86_64:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\n\nRed Hat Enterprise Linux WS version 4 Extras:\n\ni386:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.i386.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.i386.rpm\n\nx86_64:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el4.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5):\n\ni386:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-accessibility-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.i386.rpm\n\nx86_64:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.x86_64.rpm\njava-1.6.0-ibm-accessibility-1.6.0.10.0-1jpp.2.el5.x86_64.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.x86_64.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.x86_64.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el5.x86_64.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.x86_64.rpm\njava-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el5.x86_64.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 5):\n\ni386:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-accessibility-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.i386.rpm\n\nppc:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.ppc.rpm\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.ppc64.rpm\njava-1.6.0-ibm-accessibility-1.6.0.10.0-1jpp.2.el5.ppc.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.ppc.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.ppc64.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.ppc.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.ppc64.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el5.ppc.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el5.ppc64.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.ppc.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.ppc64.rpm\njava-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el5.ppc.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.ppc.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.ppc64.rpm\n\ns390x:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.s390.rpm\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.s390x.rpm\njava-1.6.0-ibm-accessibility-1.6.0.10.0-1jpp.2.el5.s390x.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.s390.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.s390x.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.s390.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.s390x.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.s390.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.s390x.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.s390.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.s390x.rpm\n\nx86_64:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el5.x86_64.rpm\njava-1.6.0-ibm-accessibility-1.6.0.10.0-1jpp.2.el5.x86_64.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el5.x86_64.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el5.x86_64.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el5.x86_64.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el5.x86_64.rpm\njava-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el5.x86_64.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.i386.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el5.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el6.i686.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el6.i686.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.i686.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el6.i686.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el6.i686.rpm\njava-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el6.i686.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el6.i686.rpm\n\nx86_64:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.i686.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\njava-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6):\n\nx86_64:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.i686.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el6.i686.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el6.i686.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.i686.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el6.i686.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el6.i686.rpm\njava-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el6.i686.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el6.i686.rpm\n\nppc64:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el6.ppc64.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el6.ppc64.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.ppc.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.ppc64.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el6.ppc64.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el6.ppc64.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el6.ppc64.rpm\n\ns390x:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el6.s390x.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el6.s390x.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.s390.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.s390x.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el6.s390x.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el6.s390x.rpm\n\nx86_64:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.i686.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\njava-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el6.i686.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el6.i686.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.i686.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el6.i686.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el6.i686.rpm\njava-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el6.i686.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el6.i686.rpm\n\nx86_64:\njava-1.6.0-ibm-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\njava-1.6.0-ibm-demo-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.i686.rpm\njava-1.6.0-ibm-devel-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\njava-1.6.0-ibm-javacomm-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\njava-1.6.0-ibm-jdbc-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\njava-1.6.0-ibm-plugin-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\njava-1.6.0-ibm-src-1.6.0.10.0-1jpp.2.el6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3389.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3516.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3521.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3544.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3545.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3546.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3547.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3548.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3549.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3550.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3551.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3552.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3553.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3554.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3556.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3557.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3560.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3561.html\nhttps://access.redhat.com/security/updates/classification/#critical\nhttp://www.ibm.com/developerworks/java/jdk/alerts/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFPFx2vXlSAg2UNWIIRAhTiAKC/De/npwAlSJPQ/Grh51Bmxq3M5ACgvw8T\nhoc/VGW50B8EPSdZ48jR034=\n=nw0v\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. This combines the two previous\nopenjdk-6 advisories, DSA-2311-1 and DSA-2356-1. \n\nCVE-2011-0862\n\tInteger overflow errors in the JPEG and font parser allow\n\tuntrusted code (including applets) to elevate its privileges. \n\nCVE-2011-0864\n\tHotspot, the just-in-time compiler in OpenJDK, mishandled\n\tcertain byte code instructions, allowing untrusted code\n\t(including applets) to crash the virtual machine. \n\nCVE-2011-0865\n\tA race condition in signed object deserialization could\n\tallow untrusted code to modify signed content, apparently\n\tleaving its signature intact. \n\nCVE-2011-0867\n\tUntrusted code (including applets) could access information\n\tabout network interfaces which was not intended to be public. \n\t(Note that the interface MAC address is still available to\n\tuntrusted code.)\n\nCVE-2011-0868\n\tA float-to-long conversion could overflow, , allowing\n\tuntrusted code (including applets) to crash the virtual\n\tmachine. \n\nCVE-2011-0869\n\tUntrusted code (including applets) could intercept HTTP\n\trequests by reconfiguring proxy settings through a SOAP\n\tconnection. \n\nCVE-2011-0871\n\tUntrusted code (including applets) could elevate its\n\tprivileges through the Swing MediaTracker code. \n\nCVE-2011-3521\n\tThe CORBA implementation contains a deserialization\n\tvulnerability in the IIOP implementation, allowing untrusted\n\tJava code (such as applets) to elevate its privileges. \n\nCVE-2011-3547\n\tThe skip() method in java.io.InputStream uses a shared buffer,\n\tallowing untrusted Java code (such as applets) to access data\n\tthat is skipped by other code. \n\nCVE-2011-3551\n\tThe Java2D C code contains an integer overflow which results\n\tin a heap-based buffer overflow, potentially allowing\n\tuntrusted Java code (such as applets) to elevate its\n\tprivileges. \n\nCVE-2011-3552\n\tMalicous Java code can use up an excessive amount of UDP\n\tports, leading to a denial of service. \n\nCVE-2011-3553\n\tJAX-WS enables stack traces for certain server responses by\n\tdefault, potentially leaking sensitive information. \n\nCVE-2011-3554\n\tJAR files in pack200 format are not properly checked for\n\terrors, potentially leading to arbitrary code execution when\n\tunpacking crafted pack200 files. \n\nCVE-2011-3556\n\tThe RMI Registry server lacks access restrictions on certain\n\tmethods, allowing a remote client to execute arbitary code. \n\nCVE-2011-3557\n\tThe RMI Registry server fails to properly restrict privileges\n\tof untrusted Java code, allowing RMI clients to elevate their\n\tprivileges on the RMI Registry server. \n\nCVE-2011-3560\n\tThe com.sun.net.ssl.HttpsURLConnection class does not perform\n\tproper security manager checks in the setSSLSocketFactory()\n\tmethod, allowing untrusted Java code to bypass security policy\n\trestrictions. \n\nFor the oldstable distribution (lenny), these problems have been fixed\nin version 6b18-1.8.10-0~lenny1. \n \n IcedTea6 prior to 1.10.4 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown vectors\n related to 2D (CVE-2011-3551). \n \n IcedTea6 prior to 1.10.4 allows remote attackers to affect integrity\n via unknown vectors related to Networking (CVE-2011-3552). \n \n IcedTea6 prior to 1.10.4 allows remote authenticated users to affect\n confidentiality, related to JAXWS (CVE-2011-3553). \n \n A flaw was found in the way the SSL 3 and TLS 1.0 protocols used\n block ciphers in cipher-block chaining (CBC) mode. An attacker able\n to perform a chosen plain text attack against a connection mixing\n trusted and untrusted data could use this flaw to recover portions\n of the trusted data sent over the connection (CVE-2011-3389). \n \n Note: This update mitigates the CVE-2011-3389 issue by splitting\n the first application data record byte to a separate SSL/TLS\n protocol record. This mitigation may cause compatibility issues\n with some SSL/TLS implementations and can be disabled using the\n jsse.enableCBCProtection boolean property. This can be done on the\n command line by appending the flag -Djsse.enableCBCProtection=false\n to the java command. \n \n IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start\n applications and untrusted Java applets to affect confidentiality\n via unknown vectors related to HotSpot (CVE-2011-3558). \n \n Deepak Bhole discovered a flaw in the Same Origin Policy (SOP)\n implementation in the IcedTea project Web browser plugin. A\n malicious applet could use this flaw to bypass SOP protection and\n open connections to any sub-domain of the second-level domain of\n the applet\u0026#039;s origin, as well as any sub-domain of the domain that\n is the suffix of the origin second-level domain. For example,\n IcedTea-Web plugin allowed applet from some.host.example.com to\n connect to other.host.example.com, www.example.com, and example.com,\n as well as www.ample.com or ample.com. (CVE-2011-3377). The verification\n of md5 checksums and GPG signatures is performed automatically for you. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niD8DBQFOvSWxmqjQ0CJFipgRAnk1AKDUddZYCqwkfhoUpLxEL0BT3mDf0ACfbuTI\naaF2JGTyfceBABs92un/yVA=\n=yPsD\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. 6) - x86_64\n\n3. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.12 or earlier\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2011-3516 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6\nCVE-2011-3521 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3544 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3545 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3546 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8\nCVE-2011-3547 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2011-3548 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3549 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3550 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6\nCVE-2011-3551 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\nCVE-2011-3552 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6\nCVE-2011-3553 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\nCVE-2011-3554 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3556 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2011-3557 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2011-3558 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2011-3560 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2011-3561 (AV:A/AC:H/Au:N/C:P/I:N/A:N) 1.8\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following Java version upgrades to resolve these vulnerabilities. This bulletin will be revised as other upgrades for additional supported Java versions become available. \nThe upgrades are available from the following location\n\nhttp://www.hp.com/go/java\n\nHP-UX B.11.11, B.11.23, B.11.31\n JDK and JRE v6.0.13 or subsequent\n\nMANUAL ACTIONS: Yes - Update\nFor Java v6.0.12 and earlier, update to Java v6.0.13 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\nHP-UX B.11.23\nHP-UX B.11.31\n===========\nJre60.JRE60-COM\nJre60.JRE60-IPF32\nJre60.JRE60-IPF32-HS\nJre60.JRE60-IPF64\nJre60.JRE60-IPF64-HS\nJre60.JRE60-PA20\nJre60.JRE60-PA20-HS\nJre60.JRE60-PA20W\nJre60.JRE60-PA20W-HS\nJdk60.JDK60-COM\nJdk60.JDK60-IPF32\nJdk60.JDK60-IPF64\nJdk60.JDK60-PA20\nJdk60.JDK60-PA20W\naction: install revision 1.6.0.13.00 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) 23 January 2012 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in the title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners", "sources": [ { "db": "NVD", "id": "CVE-2011-3557" }, { "db": "BID", "id": "50234" }, { "db": "VULMON", "id": "CVE-2011-3557" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "123734" }, { "db": "PACKETSTORM", "id": "108800" }, { "db": "PACKETSTORM", "id": "107455" }, { "db": "PACKETSTORM", "id": "107532" }, { "db": "PACKETSTORM", "id": "106868" }, { "db": "PACKETSTORM", "id": "110287" }, { "db": "PACKETSTORM", "id": "109072" } ], "trust": 2.07 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-3557", "trust": 2.8 }, { "db": "BID", "id": "50234", "trust": 2.0 }, { "db": "SECUNIA", "id": "48915", "trust": 1.1 }, { "db": "SECUNIA", "id": "48308", "trust": 1.1 }, { "db": "SECUNIA", "id": "48948", "trust": 1.1 }, { "db": "SECUNIA", "id": "49198", "trust": 1.1 }, { "db": "SECUNIA", "id": "48692", "trust": 1.1 }, { "db": "OSVDB", "id": "76506", "trust": 1.1 }, { "db": "SECTRACK", "id": "1026215", "trust": 1.0 }, { "db": "NSFOCUS", "id": "18004", "trust": 0.6 }, { "db": "NSFOCUS", "id": "19032", "trust": 0.6 }, { "db": "NSFOCUS", "id": "19819", "trust": 0.6 }, { "db": "NSFOCUS", "id": "19096", "trust": 0.6 }, { "db": "NSFOCUS", "id": "20539", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201110-480", "trust": 0.6 }, { "db": "HITACHI", "id": "HS11-024", "trust": 0.4 }, { "db": "ICS CERT", "id": "ICSA-17-213-02", "trust": 0.3 }, { "db": "SECUNIA", "id": "46694", "trust": 0.2 }, { "db": "VULMON", "id": "CVE-2011-3557", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106640", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106747", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "123734", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "108800", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "107455", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "107532", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106868", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "110287", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "109072", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3557" }, { "db": "BID", "id": "50234" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "123734" }, { "db": "PACKETSTORM", "id": "108800" }, { "db": "PACKETSTORM", "id": "107455" }, { "db": "PACKETSTORM", "id": "107532" }, { "db": "PACKETSTORM", "id": "106868" }, { "db": "PACKETSTORM", "id": "110287" }, { "db": "PACKETSTORM", "id": "109072" }, { "db": "CNNVD", "id": "CNNVD-201110-480" }, { "db": "NVD", "id": "CVE-2011-3557" } ] }, "id": "VAR-201110-0388", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 1.0 }, "last_update_date": "2024-09-19T20:49:13.557000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Red Hat: Critical: java-1.4.2-ibm security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120006 - Security Advisory" }, { "title": "Red Hat: Moderate: java-1.4.2-ibm-sap security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120343 - Security Advisory" }, { "title": "Red Hat: Critical: java-1.6.0-ibm security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120034 - Security Advisory" }, { "title": "Ubuntu Security Notice: openjdk-6, openjdk-6b18 regression", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1263-2" }, { "title": "Ubuntu Security Notice: icedtea-web, openjdk-6, openjdk-6b18 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1263-1" }, { "title": "Debian Security Advisories: DSA-2356-1 openjdk-6 -- several vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a48d7ee302b835c97c950b74a371fcfe" }, { "title": "Amazon Linux AMI: ALAS-2011-010", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2011-010" }, { "title": "Red Hat: Low: Red Hat Network Satellite server IBM Java Runtime security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20131455 - Security Advisory" } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3557" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2011-3557" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" }, { "trust": 1.9, "url": "http://www.ibm.com/developerworks/java/jdk/alerts/" }, { "trust": 1.8, "url": "http://www.securityfocus.com/bid/50234" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2013-1455.html" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2011-1384.html" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2012-0006.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/49198" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html" }, { "trust": 1.1, "url": "http://osvdb.org/76506" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id?1026215" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/48692" }, { "trust": 1.1, "url": "http://secunia.com/advisories/48948" }, { "trust": 1.1, "url": "http://secunia.com/advisories/48915" }, { "trust": 1.1, "url": "http://www.ubuntu.com/usn/usn-1263-1" }, { "trust": 1.1, "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2" }, { "trust": 1.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70836" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14373" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2012-0508.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/48308" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3389" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3548" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3547" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3556" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3560" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3552" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3557" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3521" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3553" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3554" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3551" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3544" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/18004" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/19096" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/19032" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/19819" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/20539" }, { "trust": 0.4, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs11-024/index.html" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3549" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3545" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm60958" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-213-02" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100151219" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100150852" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100154049" }, { "trust": 0.3, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03358587" }, { "trust": 0.3, "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?docid=emr_na-c03909126-1\u0026ac.admitted=1378134276525.876444892.492883150" }, { "trust": 0.3, "url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03266681\u0026ac.admitted=1333452464452.876444892.492883150" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21641966" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21609004" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21609022" }, { "trust": 0.3, "url": "http://lists.vmware.com/pipermail/security-announce/2012/000162.html" }, { "trust": 0.3, "url": "http://www.vmware.com/security/advisories/vmsa-2012-0005.html" }, { "trust": 0.3, "url": "http://www.xerox.com/download/security/security-bulletin/1284333-14afb-4baadb5bccb00/cert_xrx12-002_v1.1.pdf" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3548.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3556.html" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3546" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3389.html" }, { "trust": 0.3, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3552.html" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3547.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3549.html" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3516" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3545.html" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3561" }, { "trust": 0.3, "url": "http://bugzilla.redhat.com/):" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3560.html" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3550" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3557.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3551.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3561.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0862" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3554.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3516.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3521.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3553.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3544.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0867" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0869" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0865" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3546.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3550.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0871" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0868" }, { "trust": 0.2, "url": "http://www.debian.org/security/faq" }, { "trust": 0.2, "url": "http://www.debian.org/security/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3558" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2012:0006" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/1263-2/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4474" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3565" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0814" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3563" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3570" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0864" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3553" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4451" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3516" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3557" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3550" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0865" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4471" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3550" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3557" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3562" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3567" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3556" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3550" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4447" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4476" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3549" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3554" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3563" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0862" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4466" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3568" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4467" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3567" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4465" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4472" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3556" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0863" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3568" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3548" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3558" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3566" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3549" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3562" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3556" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3573" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3552" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4462" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4469" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4448" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3521" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3546" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3569" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3559" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0871" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0815" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3561" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3554" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4475" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3569" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3559" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3573" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3549" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3565" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0872" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3552" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3554" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3552" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4470" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4422" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3553" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0867" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4468" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3551" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4463" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3544" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3570" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3545" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3547" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0869" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3566" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4452" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0802" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3551" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4422" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3553" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4473" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3558" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201111-02.xml" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0873" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0868" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4454" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3389" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3551" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3557" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46694/#comments" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/products/corporate/vim/ovum_2011_request/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46694" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46694/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2468.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0873.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1540.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1476.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2463.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2446.html" }, { "trust": 0.1, "url": "https://access.redhat.com/site/articles/11258" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1500.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0428.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1480.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2419.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3563.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0401.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2444.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0425.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2454.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5089.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1722.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5079.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0497.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0500.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0419.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2422.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1721.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5081.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0409.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5071.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0863.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0423.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1532.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3216.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5069.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0499.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0867.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5084.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0443.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0507.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2451.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0809.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1487.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0351.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0814.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-4820.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0503.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0427.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0433.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1493.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1569.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5073.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-4823.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2435.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2456.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-3743.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#low" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2407.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0871.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2470.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5068.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1541.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0868.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-4822.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0873" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3159.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1557.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5075.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2471.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2429.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2443.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1713.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3213.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0441.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2457.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2412.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5072.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1718.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0432.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0446.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1481.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1537.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1717.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1531.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2432.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2447.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0802.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2452.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0865.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0450.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1491.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2464.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0862.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1571.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2383.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2418.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1473.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0547.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1563.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2465.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2472.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2466.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2424.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2453.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2473.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2433.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2437.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1716.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0506.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5083.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0501.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1533.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3342.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0426.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2450.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3143.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0440.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1725.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0502.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2417.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0445.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2394.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2455.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0498.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1682.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2442.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2459.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2430.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0442.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0551.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0424.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0869.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2448.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0863" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1719.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1486.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-5035.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2384.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0169.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0505.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2469.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0438.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1478.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0435.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0434.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0802" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0814" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2420.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2440.html" }, { "trust": 0.1, "url": "https://access.redhat.com/kb/docs/doc-11259" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2012-0034.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0864" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3377" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3556" }, { "trust": 0.1, "url": "http://secunia.com/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3552" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3558" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3560" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3553" }, { "trust": 0.1, "url": "https://www.ample.com" }, { "trust": 0.1, "url": "https://www.example.com," }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3389" }, { "trust": 0.1, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3557" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3554" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/advisories" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3551" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3377" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3544" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3521" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3548" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3547" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://access.redhat.com/knowledge/articles/11258" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2012-0343.html" }, { "trust": 0.1, "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.1, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.1, "url": "http://www.hp.com/go/java" }, { "trust": 0.1, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430" }, { "trust": 0.1, "url": "https://www.hp.com/go/swa" } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3557" }, { "db": "BID", "id": "50234" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "123734" }, { "db": "PACKETSTORM", "id": "108800" }, { "db": "PACKETSTORM", "id": "107455" }, { "db": "PACKETSTORM", "id": "107532" }, { "db": "PACKETSTORM", "id": "106868" }, { "db": "PACKETSTORM", "id": "110287" }, { "db": "PACKETSTORM", "id": "109072" }, { "db": "CNNVD", "id": "CNNVD-201110-480" }, { "db": "NVD", "id": "CVE-2011-3557" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2011-3557" }, { "db": "BID", "id": "50234" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "123734" }, { "db": "PACKETSTORM", "id": "108800" }, { "db": "PACKETSTORM", "id": "107455" }, { "db": "PACKETSTORM", "id": "107532" }, { "db": "PACKETSTORM", "id": "106868" }, { "db": "PACKETSTORM", "id": "110287" }, { "db": "PACKETSTORM", "id": "109072" }, { "db": "CNNVD", "id": "CNNVD-201110-480" }, { "db": "NVD", "id": "CVE-2011-3557" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-10-19T00:00:00", "db": "VULMON", "id": "CVE-2011-3557" }, { "date": "2011-10-18T00:00:00", "db": "BID", "id": "50234" }, { "date": "2011-11-06T01:01:42", "db": "PACKETSTORM", "id": "106640" }, { "date": "2011-11-08T04:55:18", "db": "PACKETSTORM", "id": "106747" }, { "date": "2013-10-23T22:57:57", "db": "PACKETSTORM", "id": "123734" }, { "date": "2012-01-18T23:25:42", "db": "PACKETSTORM", "id": "108800" }, { "date": "2011-12-01T21:42:10", "db": "PACKETSTORM", "id": "107455" }, { "date": "2011-12-05T14:44:00", "db": "PACKETSTORM", "id": "107532" }, { "date": "2011-11-12T00:06:50", "db": "PACKETSTORM", "id": "106868" }, { "date": "2012-02-29T16:04:30", "db": "PACKETSTORM", "id": "110287" }, { "date": "2012-01-25T16:35:02", "db": "PACKETSTORM", "id": "109072" }, { "date": "1900-01-01T00:00:00", "db": "CNNVD", "id": "CNNVD-201110-480" }, { "date": "2011-10-19T21:55:01.643000", "db": "NVD", "id": "CVE-2011-3557" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-01-06T00:00:00", "db": "VULMON", "id": "CVE-2011-3557" }, { "date": "2017-08-02T18:09:00", "db": "BID", "id": "50234" }, { "date": "2011-10-21T00:00:00", "db": "CNNVD", "id": "CNNVD-201110-480" }, { "date": "2018-01-06T02:29:20.910000", "db": "NVD", "id": "CVE-2011-3557" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "106868" }, { "db": "PACKETSTORM", "id": "109072" }, { "db": "CNNVD", "id": "CNNVD-201110-480" } ], "trust": 0.8 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Oracle \u2018 Java Runtime Environment \u0027Component security vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-201110-480" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-201110-480" } ], "trust": 0.6 } }
var-201110-0394
Vulnerability from variot
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking. Oracle Java SE is prone to a remote vulnerability in Java Runtime Environment. The vulnerability can be exploited over multiple protocols. This issue affects the 'Networking' sub-component. This vulnerability affects the following supported versions: JDK and JRE 7, 6 Update 27, 5.0 Update 31, 1.4.2_33. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201111-02
http://security.gentoo.org/
Severity: Normal Title: Oracle JRE/JDK: Multiple vulnerabilities Date: November 05, 2011 Bugs: #340421, #354213, #370559, #387851 ID: 201111-02
Synopsis
Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/sun-jre-bin < 1.6.0.29 >= 1.6.0.29 * 2 app-emulation/emul-linux-x86-java < 1.6.0.29 >= 1.6.0.29 * 3 dev-java/sun-jdk < 1.6.0.29 >= 1.6.0.29 * ------------------------------------------------------------------- NOTE: Packages marked with asterisks require manual intervention! ------------------------------------------------------------------- 3 affected packages -------------------------------------------------------------------
Description
Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below and the associated Oracle Critical Patch Update Advisory for details.
Workaround
There is no known workaround at this time.
Resolution
All Oracle JDK 1.6 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.6.0.29"
All Oracle JRE 1.6 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.6.0.29"
All users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to the latest version:
# emerge --sync # emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.6.0.29"
NOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically. This limitation is not present on a non-fetch restricted implementation such as dev-java/icedtea-bin.
References
[ 1 ] CVE-2010-3541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541 [ 2 ] CVE-2010-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548 [ 3 ] CVE-2010-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549 [ 4 ] CVE-2010-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550 [ 5 ] CVE-2010-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551 [ 6 ] CVE-2010-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552 [ 7 ] CVE-2010-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553 [ 8 ] CVE-2010-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554 [ 9 ] CVE-2010-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555 [ 10 ] CVE-2010-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556 [ 11 ] CVE-2010-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557 [ 12 ] CVE-2010-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558 [ 13 ] CVE-2010-3559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559 [ 14 ] CVE-2010-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560 [ 15 ] CVE-2010-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561 [ 16 ] CVE-2010-3562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562 [ 17 ] CVE-2010-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563 [ 18 ] CVE-2010-3565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565 [ 19 ] CVE-2010-3566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566 [ 20 ] CVE-2010-3567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567 [ 21 ] CVE-2010-3568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568 [ 22 ] CVE-2010-3569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569 [ 23 ] CVE-2010-3570 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570 [ 24 ] CVE-2010-3571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571 [ 25 ] CVE-2010-3572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572 [ 26 ] CVE-2010-3573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573 [ 27 ] CVE-2010-3574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574 [ 28 ] CVE-2010-4422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422 [ 29 ] CVE-2010-4447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447 [ 30 ] CVE-2010-4448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448 [ 31 ] CVE-2010-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450 [ 32 ] CVE-2010-4451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451 [ 33 ] CVE-2010-4452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452 [ 34 ] CVE-2010-4454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454 [ 35 ] CVE-2010-4462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462 [ 36 ] CVE-2010-4463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463 [ 37 ] CVE-2010-4465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465 [ 38 ] CVE-2010-4466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466 [ 39 ] CVE-2010-4467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467 [ 40 ] CVE-2010-4468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468 [ 41 ] CVE-2010-4469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469 [ 42 ] CVE-2010-4470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470 [ 43 ] CVE-2010-4471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471 [ 44 ] CVE-2010-4472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472 [ 45 ] CVE-2010-4473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473 [ 46 ] CVE-2010-4474 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474 [ 47 ] CVE-2010-4475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475 [ 48 ] CVE-2010-4476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476 [ 49 ] CVE-2011-0802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802 [ 50 ] CVE-2011-0814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814 [ 51 ] CVE-2011-0815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815 [ 52 ] CVE-2011-0862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862 [ 53 ] CVE-2011-0863 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863 [ 54 ] CVE-2011-0864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864 [ 55 ] CVE-2011-0865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865 [ 56 ] CVE-2011-0867 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867 [ 57 ] CVE-2011-0868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868 [ 58 ] CVE-2011-0869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869 [ 59 ] CVE-2011-0871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871 [ 60 ] CVE-2011-0872 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872 [ 61 ] CVE-2011-0873 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873 [ 62 ] CVE-2011-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389 [ 63 ] CVE-2011-3516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516 [ 64 ] CVE-2011-3521 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521 [ 65 ] CVE-2011-3544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544 [ 66 ] CVE-2011-3545 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545 [ 67 ] CVE-2011-3546 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546 [ 68 ] CVE-2011-3547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547 [ 69 ] CVE-2011-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548 [ 70 ] CVE-2011-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549 [ 71 ] CVE-2011-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550 [ 72 ] CVE-2011-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551 [ 73 ] CVE-2011-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552 [ 74 ] CVE-2011-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553 [ 75 ] CVE-2011-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554 [ 76 ] CVE-2011-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555 [ 77 ] CVE-2011-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556 [ 78 ] CVE-2011-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557 [ 79 ] CVE-2011-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558 [ 80 ] CVE-2011-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560 [ 81 ] CVE-2011-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201111-02.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Hitachi Cosminexus Products Java Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA46694
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46694/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46694
RELEASE DATE: 2011-11-08
DISCUSS ADVISORY: http://secunia.com/advisories/46694/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46694/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46694
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Hitachi has acknowledged multiple vulnerabilities in Hitachi Cosminexus products, which can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
The vulnerabilities are caused due to vulnerabilities in the bundled version of Cosminexus Developer's Kit for Java.
For more information: SA46512
Please see the vendor's advisory for a list of affected products. Please see the vendor's advisory for details.
ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-024/index.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
.
Background
IcedTea is a distribution of the Java OpenJDK source code built with free build tools. This combines the two previous openjdk-6 advisories, DSA-2311-1 and DSA-2356-1.
CVE-2011-0862 Integer overflow errors in the JPEG and font parser allow untrusted code (including applets) to elevate its privileges.
CVE-2011-0864 Hotspot, the just-in-time compiler in OpenJDK, mishandled certain byte code instructions, allowing untrusted code (including applets) to crash the virtual machine.
CVE-2011-0865 A race condition in signed object deserialization could allow untrusted code to modify signed content, apparently leaving its signature intact.
CVE-2011-0867 Untrusted code (including applets) could access information about network interfaces which was not intended to be public. (Note that the interface MAC address is still available to untrusted code.)
CVE-2011-0868 A float-to-long conversion could overflow, , allowing untrusted code (including applets) to crash the virtual machine.
CVE-2011-0869 Untrusted code (including applets) could intercept HTTP requests by reconfiguring proxy settings through a SOAP connection.
CVE-2011-0871 Untrusted code (including applets) could elevate its privileges through the Swing MediaTracker code.
CVE-2011-3547 The skip() method in java.io.InputStream uses a shared buffer, allowing untrusted Java code (such as applets) to access data that is skipped by other code.
CVE-2011-3551 The Java2D C code contains an integer overflow which results in a heap-based buffer overflow, potentially allowing untrusted Java code (such as applets) to elevate its privileges.
CVE-2011-3553 JAX-WS enables stack traces for certain server responses by default, potentially leaking sensitive information.
CVE-2011-3560 The com.sun.net.ssl.HttpsURLConnection class does not perform proper security manager checks in the setSSLSocketFactory() method, allowing untrusted Java code to bypass security policy restrictions.
For the oldstable distribution (lenny), these problems have been fixed in version 6b18-1.8.10-0~lenny1. ========================================================================== Ubuntu Security Notice USN-1263-1 November 16, 2011
icedtea-web, openjdk-6, openjdk-6b18 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Summary:
Multiple OpenJDK 6 and IcedTea-Web vulnerabilities have been fixed.
Software Description: - icedtea-web: A web browser plugin to execute Java applets - openjdk-6: Open Source Java implementation - openjdk-6b18: Open Source Java implementation
Details:
Deepak Bhole discovered a flaw in the Same Origin Policy (SOP) implementation in the IcedTea web browser plugin. This could allow a remote attacker to open connections to certain hosts that should not be permitted. (CVE-2011-3377)
Juliano Rizzo and Thai Duong discovered that the block-wise AES encryption algorithm block-wise as used in TLS/SSL was vulnerable to a chosen-plaintext attack. This could allow a remote attacker to view confidential data. (CVE-2011-3389)
It was discovered that a type confusion flaw existed in the in the Internet Inter-Orb Protocol (IIOP) deserialization code. A remote attacker could use this to cause an untrusted application or applet to execute arbitrary code by deserializing malicious input. (CVE-2011-3521)
It was discovered that the Java scripting engine did not perform SecurityManager checks. This could allow a remote attacker to cause an untrusted application or applet to execute arbitrary code with the full privileges of the JVM. (CVE-2011-3544)
It was discovered that the InputStream class used a global buffer to store input bytes skipped. An attacker could possibly use this to gain access to sensitive information. (CVE-2011-3547)
It was discovered that a vulnerability existed in the AWTKeyStroke class. A remote attacker could cause an untrusted application or applet to execute arbitrary code. (CVE-2011-3548)
It was discovered that an integer overflow vulnerability existed in the TransformHelper class in the Java2D implementation. A remote attacker could use this cause a denial of service via an application or applet crash or possibly execute arbitrary code. (CVE-2011-3551)
It was discovered that the default number of available UDP sockets for applications running under SecurityManager restrictions was set too high. A remote attacker could use this with a malicious application or applet exhaust the number of available UDP sockets to cause a denial of service for other applets or applications running within the same JVM. (CVE-2011-3552)
It was discovered that Java API for XML Web Services (JAX-WS) could incorrectly expose a stack trace. A remote attacker could potentially use this to gain access to sensitive information. (CVE-2011-3553)
It was discovered that the unpacker for pack200 JAR files did not sufficiently check for errors. An attacker could cause a denial of service or possibly execute arbitrary code through a specially crafted pack200 JAR file. (CVE-2011-3554)
It was discovered that the RMI registration implementation did not properly restrict privileges of remotely executed code. A remote attacker could use this to execute code with elevated privileges. (CVE-2011-3556, CVE-2011-3557)
It was discovered that the HotSpot VM could be made to crash, allowing an attacker to cause a denial of service or possibly leak sensitive information. (CVE-2011-3558)
It was discovered that the HttpsURLConnection class did not properly perform SecurityManager checks in certain situations. This could allow a remote attacker to bypass restrictions on HTTPS connections. (CVE-2011-3560)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.10: icedtea-6-jre-cacao 6b23~pre11-0ubuntu1.11.10 icedtea-6-jre-jamvm 6b23~pre11-0ubuntu1.11.10 icedtea-netx 1.1.3-1ubuntu1.1 icedtea-plugin 1.1.3-1ubuntu1.1 openjdk-6-jre 6b23~pre11-0ubuntu1.11.10 openjdk-6-jre-headless 6b23~pre11-0ubuntu1.11.10 openjdk-6-jre-lib 6b23~pre11-0ubuntu1.11.10 openjdk-6-jre-zero 6b23~pre11-0ubuntu1.11.10
Ubuntu 11.04: icedtea-6-jre-cacao 6b22-1.10.4-0ubuntu1~11.04.1 icedtea-6-jre-jamvm 6b22-1.10.4-0ubuntu1~11.04.1 icedtea-netx 1.1.1-0ubuntu1~11.04.2 icedtea-plugin 1.1.1-0ubuntu1~11.04.2 openjdk-6-jre 6b22-1.10.4-0ubuntu1~11.04.1 openjdk-6-jre-headless 6b22-1.10.4-0ubuntu1~11.04.1 openjdk-6-jre-lib 6b22-1.10.4-0ubuntu1~11.04.1 openjdk-6-jre-zero 6b22-1.10.4-0ubuntu1~11.04.1
Ubuntu 10.10: icedtea-6-jre-cacao 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-demo 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-jdk 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-jre 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-jre-headless 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-jre-lib 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-jre-zero 6b20-1.9.10-0ubuntu1~10.10.2
Ubuntu 10.04 LTS: icedtea-6-jre-cacao 6b20-1.9.10-0ubuntu1~10.04.2 icedtea6-plugin 6b20-1.9.10-0ubuntu1~10.04.2 openjdk-6-demo 6b20-1.9.10-0ubuntu1~10.04.2 openjdk-6-jre 6b20-1.9.10-0ubuntu1~10.04.2 openjdk-6-jre-headless 6b20-1.9.10-0ubuntu1~10.04.2 openjdk-6-jre-lib 6b20-1.9.10-0ubuntu1~10.04.2 openjdk-6-jre-zero 6b20-1.9.10-0ubuntu1~10.04.2
After a standard system update you need to restart any Java applications or applets to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1263-1 CVE-2011-3377, CVE-2011-3389, CVE-2011-3521, CVE-2011-3544, CVE-2011-3547, CVE-2011-3548, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3556, CVE-2011-3557, CVE-2011-3558, CVE-2011-3560
Package Information: https://launchpad.net/ubuntu/+source/icedtea-web/1.1.3-1ubuntu1.1 https://launchpad.net/ubuntu/+source/openjdk-6/6b23~pre11-0ubuntu1.11.10 https://launchpad.net/ubuntu/+source/icedtea-web/1.1.1-0ubuntu1~11.04.2 https://launchpad.net/ubuntu/+source/openjdk-6/6b22-1.10.4-0ubuntu1~11.04.1 https://launchpad.net/ubuntu/+source/openjdk-6b18/6b18-1.8.10-0ubuntu1~11.04.1 https://launchpad.net/ubuntu/+source/openjdk-6/6b20-1.9.10-0ubuntu1~10.10.2 https://launchpad.net/ubuntu/+source/openjdk-6b18/6b18-1.8.10-0ubuntu1~10.10.2 https://launchpad.net/ubuntu/+source/openjdk-6/6b20-1.9.10-0ubuntu1~10.04.2 https://launchpad.net/ubuntu/+source/openjdk-6b18/6b18-1.8.10-0ubuntu1~10.04.2
.
IcedTea6 prior to 1.10.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D (CVE-2011-3551).
IcedTea6 prior to 1.10.4 allows remote attackers to affect integrity via unknown vectors related to Networking (CVE-2011-3552).
IcedTea6 prior to 1.10.4 allows remote authenticated users to affect confidentiality, related to JAXWS (CVE-2011-3553).
A flaw was found in the way the SSL 3 and TLS 1.0 protocols used block ciphers in cipher-block chaining (CBC) mode. An attacker able to perform a chosen plain text attack against a connection mixing trusted and untrusted data could use this flaw to recover portions of the trusted data sent over the connection (CVE-2011-3389).
Note: This update mitigates the CVE-2011-3389 issue by splitting the first application data record byte to a separate SSL/TLS protocol record. This mitigation may cause compatibility issues with some SSL/TLS implementations and can be disabled using the jsse.enableCBCProtection boolean property. This can be done on the command line by appending the flag -Djsse.enableCBCProtection=false to the java command.
IcedTea6 prior to 1.10.4 allows remote attackers to affect confidentiality, integrity, and availability, related to RMI (CVE-2011-3556).
IcedTea6 prior to 1.10.4 allows remote attackers to affect confidentiality, integrity, and availability, related to RMI (CVE-2011-3557). A malicious applet could use this flaw to bypass SOP protection and open connections to any sub-domain of the second-level domain of the applet's origin, as well as any sub-domain of the domain that is the suffix of the origin second-level domain. For example, IcedTea-Web plugin allowed applet from some.host.example.com to connect to other.host.example.com, www.example.com, and example.com, as well as www.ample.com or ample.com. (CVE-2011-3377).
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3547 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3548 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3551 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3552 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3553 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3544 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3521 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3554 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3558 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3556 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3557 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3560 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3377
Updated Packages:
Mandriva Linux 2010.1: 2881c71d1da084f6c7a136335f5383d6 2010.1/i586/icedtea-web-1.0.6-0.1mdv2010.2.i586.rpm 415d7598363639aecbafd380827b7ab2 2010.1/i586/java-1.6.0-openjdk-1.6.0.0-24.b22.1mdv2010.2.i586.rpm 27d2d84f2a00e4d18cb68e8c8ecd1626 2010.1/i586/java-1.6.0-openjdk-demo-1.6.0.0-24.b22.1mdv2010.2.i586.rpm 8b4b727a2139d866d0e88ff720de9b57 2010.1/i586/java-1.6.0-openjdk-devel-1.6.0.0-24.b22.1mdv2010.2.i586.rpm 8084b3aaeac98db2ddf89913db805725 2010.1/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-24.b22.1mdv2010.2.i586.rpm f5c32405224455a5065d85ecbba6f1f2 2010.1/i586/java-1.6.0-openjdk-src-1.6.0.0-24.b22.1mdv2010.2.i586.rpm 45fd80b86f46b8e9ca3711c47d4fbb40 2010.1/SRPMS/icedtea-web-1.0.6-0.1mdv2010.2.src.rpm 6bbb0d8c0e0ce847b86d9145ca12e211 2010.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-24.b22.1mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64: 899e54445bf4ad65ea254e835006ce27 2010.1/x86_64/icedtea-web-1.0.6-0.1mdv2010.2.x86_64.rpm 7da63e6b6d83974f32f6580c4de53929 2010.1/x86_64/java-1.6.0-openjdk-1.6.0.0-24.b22.1mdv2010.2.x86_64.rpm 859e838ff8583b814f1270c36d0bf248 2010.1/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-24.b22.1mdv2010.2.x86_64.rpm 8da61ef538893c8b7766e868e369f400 2010.1/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-24.b22.1mdv2010.2.x86_64.rpm 3b56e8612ba71e92e728e3e1a9fef319 2010.1/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-24.b22.1mdv2010.2.x86_64.rpm 23eea5b9bf1a2ee3db0ebf0c6927234a 2010.1/x86_64/java-1.6.0-openjdk-src-1.6.0.0-24.b22.1mdv2010.2.x86_64.rpm 45fd80b86f46b8e9ca3711c47d4fbb40 2010.1/SRPMS/icedtea-web-1.0.6-0.1mdv2010.2.src.rpm 6bbb0d8c0e0ce847b86d9145ca12e211 2010.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-24.b22.1mdv2010.2.src.rpm
Mandriva Linux 2011: b585d6580568d064d9e99ab2d8898dbb 2011/i586/icedtea-web-1.0.6-0.1-mdv2011.0.i586.rpm 17ea4db995836efdb63f62370adc21f3 2011/i586/java-1.6.0-openjdk-1.6.0.0-24.b22.1-mdv2011.0.i586.rpm b5b625dd4b96e479ce532f2d578650bb 2011/i586/java-1.6.0-openjdk-demo-1.6.0.0-24.b22.1-mdv2011.0.i586.rpm 3bc34e225ec9e6b38dd1876a5c5ffe6d 2011/i586/java-1.6.0-openjdk-devel-1.6.0.0-24.b22.1-mdv2011.0.i586.rpm 050f5c111f9e65c0ea06f80e4ffff35d 2011/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-24.b22.1-mdv2011.0.i586.rpm 3d5eed0e210b9d4e38a6dcd74929f0dd 2011/i586/java-1.6.0-openjdk-src-1.6.0.0-24.b22.1-mdv2011.0.i586.rpm 0579fb909e08a0f420183284ba7061e9 2011/SRPMS/icedtea-web-1.0.6-0.1.src.rpm 128cec9fdd9fd0e0d921341f178be9a1 2011/SRPMS/java-1.6.0-openjdk-1.6.0.0-24.b22.1.src.rpm
Mandriva Linux 2011/X86_64: aa77ab19c7746723530e3a696fd4355a 2011/x86_64/icedtea-web-1.0.6-0.1-mdv2011.0.x86_64.rpm 467cc14261ed055450afbf1a2a5fe483 2011/x86_64/java-1.6.0-openjdk-1.6.0.0-24.b22.1-mdv2011.0.x86_64.rpm 2850bfa26b1f992dff3c2c1ac3f1326b 2011/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-24.b22.1-mdv2011.0.x86_64.rpm 50053850cfdd573a9469aa0b5783cc82 2011/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-24.b22.1-mdv2011.0.x86_64.rpm 04ba44e392bf335e86fdc2c66d03bdf3 2011/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-24.b22.1-mdv2011.0.x86_64.rpm 678776c021e19498a6e201c9b0ef6513 2011/x86_64/java-1.6.0-openjdk-src-1.6.0.0-24.b22.1-mdv2011.0.x86_64.rpm 0579fb909e08a0f420183284ba7061e9 2011/SRPMS/icedtea-web-1.0.6-0.1.src.rpm 128cec9fdd9fd0e0d921341f178be9a1 2011/SRPMS/java-1.6.0-openjdk-1.6.0.0-24.b22.1.src.rpm
Mandriva Enterprise Server 5: c6af60f8fac7b8fb91a79983e4c68364 mes5/i586/icedtea-web-1.0.6-0.1mdvmes5.2.i586.rpm 00295911ed1610030bd0b39680c2fb20 mes5/i586/java-1.6.0-openjdk-1.6.0.0-24.b22.1mdvmes5.2.i586.rpm bdcd904e1e04d57f8205904b84dd5971 mes5/i586/java-1.6.0-openjdk-demo-1.6.0.0-24.b22.1mdvmes5.2.i586.rpm 960da26357c48af97ca8e9cdb4245692 mes5/i586/java-1.6.0-openjdk-devel-1.6.0.0-24.b22.1mdvmes5.2.i586.rpm 8cf1ac9ad06eddba1916d8e4e2b3cedf mes5/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-24.b22.1mdvmes5.2.i586.rpm f0a00b845915e25e7b4bc9802914aee4 mes5/i586/java-1.6.0-openjdk-src-1.6.0.0-24.b22.1mdvmes5.2.i586.rpm 3860e9d27e8bc15ea72a57deb811c961 mes5/SRPMS/icedtea-web-1.0.6-0.1mdvmes5.2.src.rpm b0701aff2a8ffdcc27a6cd7560d0d099 mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-24.b22.1mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64: 765023a21377d664c2ba05e98147dd1b mes5/x86_64/icedtea-web-1.0.6-0.1mdvmes5.2.x86_64.rpm f0b699b476a124eb0a1b2f5187101de9 mes5/x86_64/java-1.6.0-openjdk-1.6.0.0-24.b22.1mdvmes5.2.x86_64.rpm 249ffd15ed12d64798ff39431e402d69 mes5/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-24.b22.1mdvmes5.2.x86_64.rpm d747f2b1361c0a67d4d85824a94d0a69 mes5/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-24.b22.1mdvmes5.2.x86_64.rpm d50d63017beb08a2f23d08138a17c992 mes5/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-24.b22.1mdvmes5.2.x86_64.rpm dd36ff4d9b91a541dfa86bb46288bbe0 mes5/x86_64/java-1.6.0-openjdk-src-1.6.0.0-24.b22.1mdvmes5.2.x86_64.rpm 3860e9d27e8bc15ea72a57deb811c961 mes5/SRPMS/icedtea-web-1.0.6-0.1mdvmes5.2.src.rpm b0701aff2a8ffdcc27a6cd7560d0d099 mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-24.b22.1mdvmes5.2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFOvSWxmqjQ0CJFipgRAnk1AKDUddZYCqwkfhoUpLxEL0BT3mDf0ACfbuTI aaF2JGTyfceBABs92un/yVA= =yPsD -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .
The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, ia64, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, ia64, x86_64
- Detailed vulnerability descriptions are linked from the IBM "Security alerts" page, listed in the References section. (CVE-2011-3389, CVE-2011-3545, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3552, CVE-2011-3556, CVE-2011-3557, CVE-2011-3560)
All users of java-1.4.2-ibm are advised to upgrade to these updated packages, which contain the IBM Java 1.4.2 SR13-FP11 release. All running instances of IBM Java must be restarted for this update to take effect.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
- Bugs fixed (http://bugzilla.redhat.com/):
737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) 745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936) 745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600) 745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417) 745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466) 745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012) 745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773) 747191 - CVE-2011-3545 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Sound) 747198 - CVE-2011-3549 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Swing)
- Package List:
Red Hat Enterprise Linux AS version 4 Extras:
i386: java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el4.i386.rpm
ia64: java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el4.ia64.rpm
ppc: java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el4.ppc64.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el4.ppc64.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el4.ppc64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el4.ppc64.rpm java-1.4.2-ibm-jdbc-1.4.2.13.11-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el4.ppc64.rpm
s390: java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el4.s390.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el4.s390.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el4.s390.rpm java-1.4.2-ibm-jdbc-1.4.2.13.11-1jpp.1.el4.s390.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el4.s390.rpm
s390x: java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el4.s390x.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el4.s390x.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el4.s390x.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el4.s390x.rpm
x86_64: java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el4.x86_64.rpm
Red Hat Desktop version 4 Extras:
i386: java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el4.i386.rpm
x86_64: java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el4.x86_64.rpm
Red Hat Enterprise Linux ES version 4 Extras:
i386: java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el4.i386.rpm
ia64: java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el4.ia64.rpm
x86_64: java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el4.x86_64.rpm
Red Hat Enterprise Linux WS version 4 Extras:
i386: java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.11-1jpp.1.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el4.i386.rpm
ia64: java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el4.ia64.rpm
x86_64: java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el4.x86_64.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386: java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el5.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.11-1jpp.1.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.11-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el5.i386.rpm
ia64: java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el5.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el5.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el5.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el5.ia64.rpm
ppc: java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el5.ppc64.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el5.ppc64.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el5.ppc64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el5.ppc64.rpm java-1.4.2-ibm-jdbc-1.4.2.13.11-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el5.ppc64.rpm
s390x: java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el5.s390.rpm java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el5.s390x.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el5.s390.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el5.s390x.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el5.s390.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el5.s390x.rpm java-1.4.2-ibm-jdbc-1.4.2.13.11-1jpp.1.el5.s390.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el5.s390.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el5.s390x.rpm
x86_64: java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el5.i386.rpm java-1.4.2-ibm-1.4.2.13.11-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-jdbc-1.4.2.13.11-1jpp.1.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.11-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFPC0nZXlSAg2UNWIIRAv1RAKCl92qrTYYU1hbGCfxx4pg/qqVM2gCcDbOP 1GEavw104zEMlVmzCOrcfx4= =j7JJ -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
Release Date: 2012-05-15 Last Updated: 2012-05-15
Potential Security Impact: Remote Denial of service, unauthorized modification and disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities may allow remote Denial of Service (DoS), unauthorized modification and disclosure of information.
References: CVE-2010-4447, CVE-2010-4448, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465, CVE-2010-4469, CVE-2010-4473, CVE-2010-4475, CVE-2010-4476, CVE-2011-0802, CVE-2011-0814, CVE-2011-0815, CVE-2011-0862, CVE-2011-0864, CVE-2011-0865, CVE-2011-0867, CVE-2011-0871, CVE-2011-3389, CVE-2011-3545, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3552, CVE-2011-3556, CVE-2011-3557, CVE-2011-3560, CVE-2011-3563, CVE-2012-0499, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2010-4447 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2010-4448 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2010-4454 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2010-4462 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2010-4465 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2010-4469 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2010-4473 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2010-4475 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2010-4476 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-0802 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-0814 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-0815 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-0862 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-0864 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-0865 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2011-0867 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-0871 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-3545 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3547 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3548 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3549 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3552 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2011-3556 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-3557 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2011-3560 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2011-3563 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2012-0499 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-0502 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2012-0503 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-0505 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-0506 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP is providing the following Java updates to resolve the vulnerabilities.
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 =========== Jpi14.JPI14-COM Jpi14.JPI14-COM-DOC Jpi14.JPI14-IPF32 Jpi14.JPI14-PA11 Jdk14.JDK14-COM Jdk14.JDK14-DEMO Jdk14.JDK14-IPF32 Jdk14.JDK14-IPF64 Jdk14.JDK14-PA11 Jdk14.JDK14-PA20 Jdk14.JDK14-PA20W Jdk14.JDK14-PNV2 Jdk14.JDK14-PWV2 Jre14.JRE14-COM Jre14.JRE14-COM-DOC Jre14.JRE14-IPF32 Jre14.JRE14-IPF32-HS Jre14.JRE14-IPF64 Jre14.JRE14-IPF64-HS Jre14.JRE14-PA11 Jre14.JRE14-PA11-HS Jre14.JRE14-PA20 Jre14.JRE14-PA20-HS Jre14.JRE14-PA20W Jre14.JRE14-PA20W-HS Jre14.JRE14-PNV2 Jre14.JRE14-PNV2-H Jre14.JRE14-PWV2 Jre14.JRE14-PWV2-H action: install revision 1.4.2.28.00 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) - 15 May 2012 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201110-0394", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jdk", "scope": "eq", "trust": 1.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "jdk", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_22" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_22" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.7.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.7.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_26" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_17" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_6" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_17" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_6" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_27" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_27" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_1" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_1" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_18" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_18" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_7" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_25" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_7" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_25" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_31" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_31" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_21" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_4" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_4" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_28" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_28" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_11" }, { "model": "jre", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "1.6.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_11" }, { "model": "jdk", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "1.6.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_2" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_2" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_10" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_10" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_16" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_16" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_14" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_14" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_12" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_12" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_29" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_29" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_20" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_24" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_24" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_5" }, { "model": "jre", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.4.2_33" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_5" }, { "model": "jdk", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.4.2_33" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.6.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_8" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.6.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_8" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_26" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_32" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_32" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_15" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_15" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_30" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_30" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_3" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_3" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_9" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_9" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_23" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_23" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_19" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_19" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_13" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_13" }, { "model": "jre 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.5.0 32", "scope": "ne", "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 08", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "sdk 1.4.2 30", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 24", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.6.0 28", "scope": "ne", "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.4.2 30", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 17", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 16", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 08", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 1.5.0 32", "scope": "ne", "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.4.2 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.5.0 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 27", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 23", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 22", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 18", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 1.4.2 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.4.2 32", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 28", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 12", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 1.4.2 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 22", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 27", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "sdk 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.4.2 12", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 24", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 09", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 16", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 12", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 1.4.2 12", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.5.0 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.7" }, { "model": "jre 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.4.2 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.6.0 01", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 1.5.0 28", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.4.2 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 22", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.4.2 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 1.5.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 28", "scope": "ne", "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "sdk 09", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.4.2 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 23", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.4.2 17", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 10", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 28", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 1.4.2 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.4.2 33", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 26", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 30", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 26", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 24", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 1.4.2 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 22", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 11", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.4.2 16", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 18", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.7" }, { "model": "sdk 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "sdk 1.4.2 16", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 17", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 24", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "sdk 1.4.2 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 30", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "sdk 1.4.2 33", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "sdk 1.4.2 32", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk .0 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 0 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 24", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0.0 11", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.5.0.0 09", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 11-b03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0 12", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 28", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk .0 04", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 01-b06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.6" }, { "model": "jdk .0 03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0.0 08", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0.0 09", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.5.0.0 07", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 2", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 01", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 27", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 07-b03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0.0 08", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 20", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0.0 12", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "cosminexus server web edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux enterprise for sap applications sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "java se sr8 fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8" }, { "model": "linux enterprise sdk sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "trio tview software", "scope": "eq", "trust": 0.3, "vendor": "schneider electric", "version": "3.27.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.1" }, { "model": "antivirus update19", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "telelogic license server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "nonstop server h06.16.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "processing kit for xml", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.19.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr11 pf1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "enterprise linux as extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.225" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.10" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "jdk 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "nonstop server j06.08.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus studio web edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "nonstop server h06.15.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational license key server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.1" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.06" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "trio tview software", "scope": "ne", "trust": 0.3, "vendor": "schneider electric", "version": "3.29.0" }, { "model": "nonstop server j06.06.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "15.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1" }, { "model": "nonstop server j06.14", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "sdk 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "antivirus update17", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5" }, { "model": "ucosminexus application server express", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-70" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.8" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server j06.09.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.26", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.06" }, { "model": "java se sr10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "nonstop server j06.04.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system platform sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.2" }, { "model": "nonstop server j06.13", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr13", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "linux enterprise server sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "java se sr12", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.0" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "nonstop server j06.09.04", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.2" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "jre 27", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0.0.52" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "cosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "nonstop server h06.18.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.15.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.22.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.014" }, { "model": "nonstop server j06.12.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "ir", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "esx", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.5" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server j06.05.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.011" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.02" }, { "model": "nonstop server j06.08.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus server standard edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server j06.09.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "jdk update14", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "antivirus update23", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.220" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "jdk update24", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.01" }, { "model": "nonstop server j06.16", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "ucosminexus client for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "java se sr6", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "nonstop server j6.0.14.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "freeflow print server 73.c0.41", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.011" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.2" }, { "model": "enterprise linux desktop supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "antivirus update14", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "010" }, { "model": "enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "jdk 1.5.0 11", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "ucosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "ucosminexus service platform messaging", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "antivirus update22", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "antivirus update24", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0" }, { "model": "nonstop server j06.07.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2011" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "nonstop server j06.09.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk 1.5.0.0 04", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "nonstop server j06.10.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "nonstop server j06.06.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.012" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "nonstop server h06.24.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "jdk 1.5.0.0 06", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.0" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.223" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.219" }, { "model": "nonstop server h06.25", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "messaging storage server sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.012" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.04" }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.0.2" }, { "model": "ucosminexus application server light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.15.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "freeflow print server 73.b3.61", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "linux enterprise software development kit sp1 for sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "antivirus update16", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.04" }, { "model": "antivirus update18", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "enterprise linux for sap server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "virtualcenter update 6b", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "2.5" }, { "model": "java se sr12-fp5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "openjdk", "scope": "eq", "trust": 0.3, "vendor": "openjdk", "version": "6" }, { "model": "security appscan standard", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "jre 1.5.0 09", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "enterprise linux ws extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "java se sr9", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "enterprise linux es extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "jre beta", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "nonstop server j06.07.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "message networking sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux enterprise server for vmware sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "openjdk", "scope": "eq", "trust": 0.3, "vendor": "openjdk", "version": "1.6" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.010" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.013" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "nonstop server j06.08.04", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.08.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura system manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "messaging storage server sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "esx", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "enterprise server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "jdk 07", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.015" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.010" }, { "model": "nonstop server h06.15.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.24", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.013" }, { "model": "rational license key server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.2" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.018" }, { "model": "cosminexus primary server base", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.019" }, { "model": "antivirus update20", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "telelogic license server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "java se sr10", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "nonstop server h06.16.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus developer professional for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.18.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.20.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "enterprise linux hpc node optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "java se sr11", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.6" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.015" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "nonstop server j06.13.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update13", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "nonstop server h06.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.014" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.019" }, { "model": "enterprise server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "jdk 1.5.0 11-b03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "nonstop server h06.19.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "java se sr7", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "java se sr13-fp10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "esx", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "antivirus update21", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "jdk update16", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "jdk update19", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "openpages grc platform", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.2.1" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "nonstop server h06.22.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "enterprise linux workstation optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.020" }, { "model": "enterprise linux as for sap", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "telelogic license server", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.1.2" }, { "model": "cosminexus studio standard edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "nonstop server h06.19.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update23", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "linux enterprise server sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.03" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.7" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.05" }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.1" }, { "model": "jre 28", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.020" }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "interactive response", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.1" }, { "model": "nonstop server j06.11.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr9-fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0" }, { "model": "nonstop server j06.15", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.03" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2011" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "2008" }, { "model": "messaging application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "update manager update", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "5.01" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.226" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.21.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "virtualcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "antivirus update25", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "nonstop server h06.20.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "rational license key server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "jre 10-b03", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-80" }, { "model": "cosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.2" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0" }, { "model": "messaging storage server sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "nonstop server j06.05.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jre 07", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "nonstop server j06.07.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cms server aux", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "15.0" }, { "model": "nonstop server h06.21.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server h06.19.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk 0 09", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "linux enterprise java sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "jre 1.5.0 08", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "hirdb for java", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.2" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.10" }, { "model": "ucosminexus application server smart edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.227" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.7" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.224" }, { "model": "nonstop server j06.11.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "nonstop server h06.26.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "cosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "linux enterprise server sp1 for sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.221" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.021" }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "enterprise linux server optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "desktop extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "nonstop server j06.04.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "nonstop server j06.04.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "nonstop server j06.06.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus primary server base", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.016" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "nonstop server h06.21.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.021" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.07" }, { "model": "nonstop server j06.06.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.17.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk 1.5.0 07-b03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "jdk update25", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "jdk update21", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.016" }, { "model": "linux enterprise software development kit sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "java se sr13-fp11", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.4.2" }, { "model": "network node manager i", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.1" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.018" }, { "model": "update manager", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura system platform sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "jdk 1.6.0 01-b06", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "cosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.07" }, { "model": "enterprise linux sap", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "nonstop server h06.20.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "nonstop server j06.10.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "enterprise linux desktop optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server h06.17.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.017" }, { "model": "enterprise linux hpc node supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "ucosminexus application server standard-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "nonstop server h06.16.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update17", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "jdk 1.5.0.0 03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.4" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "antivirus update15", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.2" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "nonstop server j06.05.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "linux enterprise java sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "sdk 02", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.017" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "jdk update22", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.222" }, { "model": "java se sr1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "nonstop server h06.20.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update15", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "cosminexus developer no version", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5" }, { "model": "jdk 0 03", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "jdk update18", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "jdk update20", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "nonstop server j06.09.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0.1" }, { "model": "linux enterprise desktop sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "nonstop server h06.17.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.08.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura conferencing standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server j06.10.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "nonstop server h06.25.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.18.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus application server no version", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.27", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.05" }, { "model": "nonstop server h06.17.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.14.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.2" } ], "sources": [ { "db": "BID", "id": "50243" }, { "db": "NVD", "id": "CVE-2011-3547" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "\u0026amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;br\u0026amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;Oracle", "sources": [ { "db": "BID", "id": "50243" } ], "trust": 0.3 }, "cve": "CVE-2011-3547", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2011-3547", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.1, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2011-3547", "trust": 1.0, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2011-3547", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3547" }, { "db": "NVD", "id": "CVE-2011-3547" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking. Oracle Java SE is prone to a remote vulnerability in Java Runtime Environment. \nThe vulnerability can be exploited over multiple protocols. This issue affects the \u0027Networking\u0027 sub-component. \nThis vulnerability affects the following supported versions:\nJDK and JRE 7, 6 Update 27, 5.0 Update 31, 1.4.2_33. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201111-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Oracle JRE/JDK: Multiple vulnerabilities\n Date: November 05, 2011\n Bugs: #340421, #354213, #370559, #387851\n ID: 201111-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in the Oracle JRE/JDK,\nallowing attackers to cause unspecified impact. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-java/sun-jre-bin \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n 2 app-emulation/emul-linux-x86-java\n \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n 3 dev-java/sun-jdk \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n -------------------------------------------------------------------\n NOTE: Packages marked with asterisks require manual intervention!\n -------------------------------------------------------------------\n 3 affected packages\n -------------------------------------------------------------------\n\nDescription\n===========\n\nMultiple vulnerabilities have been reported in the Oracle Java\nimplementation. Please review the CVE identifiers referenced below and\nthe associated Oracle Critical Patch Update Advisory for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Oracle JDK 1.6 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-java/sun-jdk-1.6.0.29\"\n\nAll Oracle JRE 1.6 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-java/sun-jre-bin-1.6.0.29\"\n\nAll users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to\nthe latest version:\n\n # emerge --sync\n # emerge -a -1 -v \"\u003e=app-emulation/emul-linux-x86-java-1.6.0.29\"\n\nNOTE: As Oracle has revoked the DLJ license for its Java\nimplementation, the packages can no longer be updated automatically. \nThis limitation is not present on a non-fetch restricted implementation\nsuch as dev-java/icedtea-bin. \n\nReferences\n==========\n\n[ 1 ] CVE-2010-3541\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541\n[ 2 ] CVE-2010-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548\n[ 3 ] CVE-2010-3549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549\n[ 4 ] CVE-2010-3550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550\n[ 5 ] CVE-2010-3551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551\n[ 6 ] CVE-2010-3552\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552\n[ 7 ] CVE-2010-3553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553\n[ 8 ] CVE-2010-3554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554\n[ 9 ] CVE-2010-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555\n[ 10 ] CVE-2010-3556\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556\n[ 11 ] CVE-2010-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557\n[ 12 ] CVE-2010-3558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558\n[ 13 ] CVE-2010-3559\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559\n[ 14 ] CVE-2010-3560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560\n[ 15 ] CVE-2010-3561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561\n[ 16 ] CVE-2010-3562\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562\n[ 17 ] CVE-2010-3563\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563\n[ 18 ] CVE-2010-3565\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565\n[ 19 ] CVE-2010-3566\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566\n[ 20 ] CVE-2010-3567\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567\n[ 21 ] CVE-2010-3568\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568\n[ 22 ] CVE-2010-3569\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569\n[ 23 ] CVE-2010-3570\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570\n[ 24 ] CVE-2010-3571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571\n[ 25 ] CVE-2010-3572\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572\n[ 26 ] CVE-2010-3573\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573\n[ 27 ] CVE-2010-3574\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574\n[ 28 ] CVE-2010-4422\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422\n[ 29 ] CVE-2010-4447\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447\n[ 30 ] CVE-2010-4448\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448\n[ 31 ] CVE-2010-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450\n[ 32 ] CVE-2010-4451\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451\n[ 33 ] CVE-2010-4452\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452\n[ 34 ] CVE-2010-4454\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454\n[ 35 ] CVE-2010-4462\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462\n[ 36 ] CVE-2010-4463\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463\n[ 37 ] CVE-2010-4465\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465\n[ 38 ] CVE-2010-4466\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466\n[ 39 ] CVE-2010-4467\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467\n[ 40 ] CVE-2010-4468\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468\n[ 41 ] CVE-2010-4469\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469\n[ 42 ] CVE-2010-4470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470\n[ 43 ] CVE-2010-4471\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471\n[ 44 ] CVE-2010-4472\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472\n[ 45 ] CVE-2010-4473\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473\n[ 46 ] CVE-2010-4474\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474\n[ 47 ] CVE-2010-4475\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475\n[ 48 ] CVE-2010-4476\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476\n[ 49 ] CVE-2011-0802\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802\n[ 50 ] CVE-2011-0814\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814\n[ 51 ] CVE-2011-0815\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815\n[ 52 ] CVE-2011-0862\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862\n[ 53 ] CVE-2011-0863\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863\n[ 54 ] CVE-2011-0864\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864\n[ 55 ] CVE-2011-0865\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865\n[ 56 ] CVE-2011-0867\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867\n[ 57 ] CVE-2011-0868\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868\n[ 58 ] CVE-2011-0869\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869\n[ 59 ] CVE-2011-0871\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871\n[ 60 ] CVE-2011-0872\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872\n[ 61 ] CVE-2011-0873\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873\n[ 62 ] CVE-2011-3389\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389\n[ 63 ] CVE-2011-3516\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516\n[ 64 ] CVE-2011-3521\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521\n[ 65 ] CVE-2011-3544\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544\n[ 66 ] CVE-2011-3545\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545\n[ 67 ] CVE-2011-3546\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546\n[ 68 ] CVE-2011-3547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547\n[ 69 ] CVE-2011-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548\n[ 70 ] CVE-2011-3549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549\n[ 71 ] CVE-2011-3550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550\n[ 72 ] CVE-2011-3551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551\n[ 73 ] CVE-2011-3552\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552\n[ 74 ] CVE-2011-3553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553\n[ 75 ] CVE-2011-3554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554\n[ 76 ] CVE-2011-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555\n[ 77 ] CVE-2011-3556\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556\n[ 78 ] CVE-2011-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557\n[ 79 ] CVE-2011-3558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558\n[ 80 ] CVE-2011-3560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560\n[ 81 ] CVE-2011-3561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201111-02.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nHitachi Cosminexus Products Java Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA46694\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46694/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46694\n\nRELEASE DATE:\n2011-11-08\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46694/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46694/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46694\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nHitachi has acknowledged multiple vulnerabilities in Hitachi\nCosminexus products, which can be exploited by malicious users to\ndisclose certain information and by malicious people to disclose\npotentially sensitive information, hijack a user\u0027s session, conduct\nDNS cache poisoning attacks, manipulate certain data, cause a DoS\n(Denial of Service), and compromise a vulnerable system. \n\nThe vulnerabilities are caused due to vulnerabilities in the bundled\nversion of Cosminexus Developer\u0027s Kit for Java. \n\nFor more information:\nSA46512\n\nPlease see the vendor\u0027s advisory for a list of affected products. Please see the vendor\u0027s advisory for\ndetails. \n\nORIGINAL ADVISORY:\nhttp://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-024/index.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\nBackground\n==========\n\nIcedTea is a distribution of the Java OpenJDK source code built with\nfree build tools. This combines the two previous\nopenjdk-6 advisories, DSA-2311-1 and DSA-2356-1. \n\nCVE-2011-0862\n\tInteger overflow errors in the JPEG and font parser allow\n\tuntrusted code (including applets) to elevate its privileges. \n\nCVE-2011-0864\n\tHotspot, the just-in-time compiler in OpenJDK, mishandled\n\tcertain byte code instructions, allowing untrusted code\n\t(including applets) to crash the virtual machine. \n\nCVE-2011-0865\n\tA race condition in signed object deserialization could\n\tallow untrusted code to modify signed content, apparently\n\tleaving its signature intact. \n\nCVE-2011-0867\n\tUntrusted code (including applets) could access information\n\tabout network interfaces which was not intended to be public. \n\t(Note that the interface MAC address is still available to\n\tuntrusted code.)\n\nCVE-2011-0868\n\tA float-to-long conversion could overflow, , allowing\n\tuntrusted code (including applets) to crash the virtual\n\tmachine. \n\nCVE-2011-0869\n\tUntrusted code (including applets) could intercept HTTP\n\trequests by reconfiguring proxy settings through a SOAP\n\tconnection. \n\nCVE-2011-0871\n\tUntrusted code (including applets) could elevate its\n\tprivileges through the Swing MediaTracker code. \n\nCVE-2011-3547\n\tThe skip() method in java.io.InputStream uses a shared buffer,\n\tallowing untrusted Java code (such as applets) to access data\n\tthat is skipped by other code. \n\nCVE-2011-3551\n\tThe Java2D C code contains an integer overflow which results\n\tin a heap-based buffer overflow, potentially allowing\n\tuntrusted Java code (such as applets) to elevate its\n\tprivileges. \n\nCVE-2011-3553\n\tJAX-WS enables stack traces for certain server responses by\n\tdefault, potentially leaking sensitive information. \n\nCVE-2011-3560\n\tThe com.sun.net.ssl.HttpsURLConnection class does not perform\n\tproper security manager checks in the setSSLSocketFactory()\n\tmethod, allowing untrusted Java code to bypass security policy\n\trestrictions. \n\nFor the oldstable distribution (lenny), these problems have been fixed\nin version 6b18-1.8.10-0~lenny1. ==========================================================================\nUbuntu Security Notice USN-1263-1\nNovember 16, 2011\n\nicedtea-web, openjdk-6, openjdk-6b18 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 11.10\n- Ubuntu 11.04\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n\nSummary:\n\nMultiple OpenJDK 6 and IcedTea-Web vulnerabilities have been fixed. \n\nSoftware Description:\n- icedtea-web: A web browser plugin to execute Java applets\n- openjdk-6: Open Source Java implementation\n- openjdk-6b18: Open Source Java implementation\n\nDetails:\n\nDeepak Bhole discovered a flaw in the Same Origin Policy (SOP)\nimplementation in the IcedTea web browser plugin. This could allow a\nremote attacker to open connections to certain hosts that should\nnot be permitted. (CVE-2011-3377)\n\nJuliano Rizzo and Thai Duong discovered that the block-wise AES\nencryption algorithm block-wise as used in TLS/SSL was vulnerable to\na chosen-plaintext attack. This could allow a remote attacker to view\nconfidential data. (CVE-2011-3389)\n\nIt was discovered that a type confusion flaw existed in the in\nthe Internet Inter-Orb Protocol (IIOP) deserialization code. A\nremote attacker could use this to cause an untrusted application\nor applet to execute arbitrary code by deserializing malicious\ninput. (CVE-2011-3521)\n\nIt was discovered that the Java scripting engine did not perform\nSecurityManager checks. This could allow a remote attacker to cause\nan untrusted application or applet to execute arbitrary code with\nthe full privileges of the JVM. (CVE-2011-3544)\n\nIt was discovered that the InputStream class used a global buffer to\nstore input bytes skipped. An attacker could possibly use this to gain\naccess to sensitive information. (CVE-2011-3547)\n\nIt was discovered that a vulnerability existed in the AWTKeyStroke\nclass. A remote attacker could cause an untrusted application or applet\nto execute arbitrary code. (CVE-2011-3548)\n\nIt was discovered that an integer overflow vulnerability existed\nin the TransformHelper class in the Java2D implementation. A remote\nattacker could use this cause a denial of service via an application\nor applet crash or possibly execute arbitrary code. (CVE-2011-3551)\n\nIt was discovered that the default number of available UDP sockets for\napplications running under SecurityManager restrictions was set too\nhigh. A remote attacker could use this with a malicious application or\napplet exhaust the number of available UDP sockets to cause a denial\nof service for other applets or applications running within the same\nJVM. (CVE-2011-3552)\n\nIt was discovered that Java API for XML Web Services (JAX-WS) could\nincorrectly expose a stack trace. A remote attacker could potentially\nuse this to gain access to sensitive information. (CVE-2011-3553)\n\nIt was discovered that the unpacker for pack200 JAR files did not\nsufficiently check for errors. An attacker could cause a denial of\nservice or possibly execute arbitrary code through a specially crafted\npack200 JAR file. (CVE-2011-3554)\n\nIt was discovered that the RMI registration implementation did not\nproperly restrict privileges of remotely executed code. A remote\nattacker could use this to execute code with elevated privileges. \n(CVE-2011-3556, CVE-2011-3557)\n\nIt was discovered that the HotSpot VM could be made to crash, allowing\nan attacker to cause a denial of service or possibly leak sensitive\ninformation. (CVE-2011-3558)\n\nIt was discovered that the HttpsURLConnection class did not\nproperly perform SecurityManager checks in certain situations. This\ncould allow a remote attacker to bypass restrictions on HTTPS\nconnections. (CVE-2011-3560)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 11.10:\n icedtea-6-jre-cacao 6b23~pre11-0ubuntu1.11.10\n icedtea-6-jre-jamvm 6b23~pre11-0ubuntu1.11.10\n icedtea-netx 1.1.3-1ubuntu1.1\n icedtea-plugin 1.1.3-1ubuntu1.1\n openjdk-6-jre 6b23~pre11-0ubuntu1.11.10\n openjdk-6-jre-headless 6b23~pre11-0ubuntu1.11.10\n openjdk-6-jre-lib 6b23~pre11-0ubuntu1.11.10\n openjdk-6-jre-zero 6b23~pre11-0ubuntu1.11.10\n\nUbuntu 11.04:\n icedtea-6-jre-cacao 6b22-1.10.4-0ubuntu1~11.04.1\n icedtea-6-jre-jamvm 6b22-1.10.4-0ubuntu1~11.04.1\n icedtea-netx 1.1.1-0ubuntu1~11.04.2\n icedtea-plugin 1.1.1-0ubuntu1~11.04.2\n openjdk-6-jre 6b22-1.10.4-0ubuntu1~11.04.1\n openjdk-6-jre-headless 6b22-1.10.4-0ubuntu1~11.04.1\n openjdk-6-jre-lib 6b22-1.10.4-0ubuntu1~11.04.1\n openjdk-6-jre-zero 6b22-1.10.4-0ubuntu1~11.04.1\n\nUbuntu 10.10:\n icedtea-6-jre-cacao 6b20-1.9.10-0ubuntu1~10.10.2\n openjdk-6-demo 6b20-1.9.10-0ubuntu1~10.10.2\n openjdk-6-jdk 6b20-1.9.10-0ubuntu1~10.10.2\n openjdk-6-jre 6b20-1.9.10-0ubuntu1~10.10.2\n openjdk-6-jre-headless 6b20-1.9.10-0ubuntu1~10.10.2\n openjdk-6-jre-lib 6b20-1.9.10-0ubuntu1~10.10.2\n openjdk-6-jre-zero 6b20-1.9.10-0ubuntu1~10.10.2\n\nUbuntu 10.04 LTS:\n icedtea-6-jre-cacao 6b20-1.9.10-0ubuntu1~10.04.2\n icedtea6-plugin 6b20-1.9.10-0ubuntu1~10.04.2\n openjdk-6-demo 6b20-1.9.10-0ubuntu1~10.04.2\n openjdk-6-jre 6b20-1.9.10-0ubuntu1~10.04.2\n openjdk-6-jre-headless 6b20-1.9.10-0ubuntu1~10.04.2\n openjdk-6-jre-lib 6b20-1.9.10-0ubuntu1~10.04.2\n openjdk-6-jre-zero 6b20-1.9.10-0ubuntu1~10.04.2\n\nAfter a standard system update you need to restart any Java applications\nor applets to make all the necessary changes. \n\nReferences:\n http://www.ubuntu.com/usn/usn-1263-1\n CVE-2011-3377, CVE-2011-3389, CVE-2011-3521, CVE-2011-3544,\n CVE-2011-3547, CVE-2011-3548, CVE-2011-3551, CVE-2011-3552,\n CVE-2011-3553, CVE-2011-3554, CVE-2011-3556, CVE-2011-3557,\n CVE-2011-3558, CVE-2011-3560\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/icedtea-web/1.1.3-1ubuntu1.1\n https://launchpad.net/ubuntu/+source/openjdk-6/6b23~pre11-0ubuntu1.11.10\n https://launchpad.net/ubuntu/+source/icedtea-web/1.1.1-0ubuntu1~11.04.2\n https://launchpad.net/ubuntu/+source/openjdk-6/6b22-1.10.4-0ubuntu1~11.04.1\n https://launchpad.net/ubuntu/+source/openjdk-6b18/6b18-1.8.10-0ubuntu1~11.04.1\n https://launchpad.net/ubuntu/+source/openjdk-6/6b20-1.9.10-0ubuntu1~10.10.2\n https://launchpad.net/ubuntu/+source/openjdk-6b18/6b18-1.8.10-0ubuntu1~10.10.2\n https://launchpad.net/ubuntu/+source/openjdk-6/6b20-1.9.10-0ubuntu1~10.04.2\n https://launchpad.net/ubuntu/+source/openjdk-6b18/6b18-1.8.10-0ubuntu1~10.04.2\n\n. \n \n IcedTea6 prior to 1.10.4 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown vectors\n related to 2D (CVE-2011-3551). \n \n IcedTea6 prior to 1.10.4 allows remote attackers to affect integrity\n via unknown vectors related to Networking (CVE-2011-3552). \n \n IcedTea6 prior to 1.10.4 allows remote authenticated users to affect\n confidentiality, related to JAXWS (CVE-2011-3553). \n \n A flaw was found in the way the SSL 3 and TLS 1.0 protocols used\n block ciphers in cipher-block chaining (CBC) mode. An attacker able\n to perform a chosen plain text attack against a connection mixing\n trusted and untrusted data could use this flaw to recover portions\n of the trusted data sent over the connection (CVE-2011-3389). \n \n Note: This update mitigates the CVE-2011-3389 issue by splitting\n the first application data record byte to a separate SSL/TLS\n protocol record. This mitigation may cause compatibility issues\n with some SSL/TLS implementations and can be disabled using the\n jsse.enableCBCProtection boolean property. This can be done on the\n command line by appending the flag -Djsse.enableCBCProtection=false\n to the java command. \n \n IcedTea6 prior to 1.10.4 allows remote attackers to affect\n confidentiality, integrity, and availability, related to RMI\n (CVE-2011-3556). \n \n IcedTea6 prior to 1.10.4 allows remote attackers to affect\n confidentiality, integrity, and availability, related to RMI\n (CVE-2011-3557). A\n malicious applet could use this flaw to bypass SOP protection and\n open connections to any sub-domain of the second-level domain of\n the applet\u0026#039;s origin, as well as any sub-domain of the domain that\n is the suffix of the origin second-level domain. For example,\n IcedTea-Web plugin allowed applet from some.host.example.com to\n connect to other.host.example.com, www.example.com, and example.com,\n as well as www.ample.com or ample.com. (CVE-2011-3377). \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3547\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3548\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3551\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3552\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3553\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3544\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3521\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3554\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3558\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3556\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3557\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3560\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3377\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2010.1:\n 2881c71d1da084f6c7a136335f5383d6 2010.1/i586/icedtea-web-1.0.6-0.1mdv2010.2.i586.rpm\n 415d7598363639aecbafd380827b7ab2 2010.1/i586/java-1.6.0-openjdk-1.6.0.0-24.b22.1mdv2010.2.i586.rpm\n 27d2d84f2a00e4d18cb68e8c8ecd1626 2010.1/i586/java-1.6.0-openjdk-demo-1.6.0.0-24.b22.1mdv2010.2.i586.rpm\n 8b4b727a2139d866d0e88ff720de9b57 2010.1/i586/java-1.6.0-openjdk-devel-1.6.0.0-24.b22.1mdv2010.2.i586.rpm\n 8084b3aaeac98db2ddf89913db805725 2010.1/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-24.b22.1mdv2010.2.i586.rpm\n f5c32405224455a5065d85ecbba6f1f2 2010.1/i586/java-1.6.0-openjdk-src-1.6.0.0-24.b22.1mdv2010.2.i586.rpm \n 45fd80b86f46b8e9ca3711c47d4fbb40 2010.1/SRPMS/icedtea-web-1.0.6-0.1mdv2010.2.src.rpm\n 6bbb0d8c0e0ce847b86d9145ca12e211 2010.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-24.b22.1mdv2010.2.src.rpm\n\n Mandriva Linux 2010.1/X86_64:\n 899e54445bf4ad65ea254e835006ce27 2010.1/x86_64/icedtea-web-1.0.6-0.1mdv2010.2.x86_64.rpm\n 7da63e6b6d83974f32f6580c4de53929 2010.1/x86_64/java-1.6.0-openjdk-1.6.0.0-24.b22.1mdv2010.2.x86_64.rpm\n 859e838ff8583b814f1270c36d0bf248 2010.1/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-24.b22.1mdv2010.2.x86_64.rpm\n 8da61ef538893c8b7766e868e369f400 2010.1/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-24.b22.1mdv2010.2.x86_64.rpm\n 3b56e8612ba71e92e728e3e1a9fef319 2010.1/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-24.b22.1mdv2010.2.x86_64.rpm\n 23eea5b9bf1a2ee3db0ebf0c6927234a 2010.1/x86_64/java-1.6.0-openjdk-src-1.6.0.0-24.b22.1mdv2010.2.x86_64.rpm \n 45fd80b86f46b8e9ca3711c47d4fbb40 2010.1/SRPMS/icedtea-web-1.0.6-0.1mdv2010.2.src.rpm\n 6bbb0d8c0e0ce847b86d9145ca12e211 2010.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-24.b22.1mdv2010.2.src.rpm\n\n Mandriva Linux 2011:\n b585d6580568d064d9e99ab2d8898dbb 2011/i586/icedtea-web-1.0.6-0.1-mdv2011.0.i586.rpm\n 17ea4db995836efdb63f62370adc21f3 2011/i586/java-1.6.0-openjdk-1.6.0.0-24.b22.1-mdv2011.0.i586.rpm\n b5b625dd4b96e479ce532f2d578650bb 2011/i586/java-1.6.0-openjdk-demo-1.6.0.0-24.b22.1-mdv2011.0.i586.rpm\n 3bc34e225ec9e6b38dd1876a5c5ffe6d 2011/i586/java-1.6.0-openjdk-devel-1.6.0.0-24.b22.1-mdv2011.0.i586.rpm\n 050f5c111f9e65c0ea06f80e4ffff35d 2011/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-24.b22.1-mdv2011.0.i586.rpm\n 3d5eed0e210b9d4e38a6dcd74929f0dd 2011/i586/java-1.6.0-openjdk-src-1.6.0.0-24.b22.1-mdv2011.0.i586.rpm \n 0579fb909e08a0f420183284ba7061e9 2011/SRPMS/icedtea-web-1.0.6-0.1.src.rpm\n 128cec9fdd9fd0e0d921341f178be9a1 2011/SRPMS/java-1.6.0-openjdk-1.6.0.0-24.b22.1.src.rpm\n\n Mandriva Linux 2011/X86_64:\n aa77ab19c7746723530e3a696fd4355a 2011/x86_64/icedtea-web-1.0.6-0.1-mdv2011.0.x86_64.rpm\n 467cc14261ed055450afbf1a2a5fe483 2011/x86_64/java-1.6.0-openjdk-1.6.0.0-24.b22.1-mdv2011.0.x86_64.rpm\n 2850bfa26b1f992dff3c2c1ac3f1326b 2011/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-24.b22.1-mdv2011.0.x86_64.rpm\n 50053850cfdd573a9469aa0b5783cc82 2011/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-24.b22.1-mdv2011.0.x86_64.rpm\n 04ba44e392bf335e86fdc2c66d03bdf3 2011/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-24.b22.1-mdv2011.0.x86_64.rpm\n 678776c021e19498a6e201c9b0ef6513 2011/x86_64/java-1.6.0-openjdk-src-1.6.0.0-24.b22.1-mdv2011.0.x86_64.rpm \n 0579fb909e08a0f420183284ba7061e9 2011/SRPMS/icedtea-web-1.0.6-0.1.src.rpm\n 128cec9fdd9fd0e0d921341f178be9a1 2011/SRPMS/java-1.6.0-openjdk-1.6.0.0-24.b22.1.src.rpm\n\n Mandriva Enterprise Server 5:\n c6af60f8fac7b8fb91a79983e4c68364 mes5/i586/icedtea-web-1.0.6-0.1mdvmes5.2.i586.rpm\n 00295911ed1610030bd0b39680c2fb20 mes5/i586/java-1.6.0-openjdk-1.6.0.0-24.b22.1mdvmes5.2.i586.rpm\n bdcd904e1e04d57f8205904b84dd5971 mes5/i586/java-1.6.0-openjdk-demo-1.6.0.0-24.b22.1mdvmes5.2.i586.rpm\n 960da26357c48af97ca8e9cdb4245692 mes5/i586/java-1.6.0-openjdk-devel-1.6.0.0-24.b22.1mdvmes5.2.i586.rpm\n 8cf1ac9ad06eddba1916d8e4e2b3cedf mes5/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-24.b22.1mdvmes5.2.i586.rpm\n f0a00b845915e25e7b4bc9802914aee4 mes5/i586/java-1.6.0-openjdk-src-1.6.0.0-24.b22.1mdvmes5.2.i586.rpm \n 3860e9d27e8bc15ea72a57deb811c961 mes5/SRPMS/icedtea-web-1.0.6-0.1mdvmes5.2.src.rpm\n b0701aff2a8ffdcc27a6cd7560d0d099 mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-24.b22.1mdvmes5.2.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n 765023a21377d664c2ba05e98147dd1b mes5/x86_64/icedtea-web-1.0.6-0.1mdvmes5.2.x86_64.rpm\n f0b699b476a124eb0a1b2f5187101de9 mes5/x86_64/java-1.6.0-openjdk-1.6.0.0-24.b22.1mdvmes5.2.x86_64.rpm\n 249ffd15ed12d64798ff39431e402d69 mes5/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-24.b22.1mdvmes5.2.x86_64.rpm\n d747f2b1361c0a67d4d85824a94d0a69 mes5/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-24.b22.1mdvmes5.2.x86_64.rpm\n d50d63017beb08a2f23d08138a17c992 mes5/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-24.b22.1mdvmes5.2.x86_64.rpm\n dd36ff4d9b91a541dfa86bb46288bbe0 mes5/x86_64/java-1.6.0-openjdk-src-1.6.0.0-24.b22.1mdvmes5.2.x86_64.rpm \n 3860e9d27e8bc15ea72a57deb811c961 mes5/SRPMS/icedtea-web-1.0.6-0.1mdvmes5.2.src.rpm\n b0701aff2a8ffdcc27a6cd7560d0d099 mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-24.b22.1mdvmes5.2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niD8DBQFOvSWxmqjQ0CJFipgRAnk1AKDUddZYCqwkfhoUpLxEL0BT3mDf0ACfbuTI\naaF2JGTyfceBABs92un/yVA=\n=yPsD\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Desktop version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux AS version 4 Extras - i386, ia64, ppc, s390, s390x, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux ES version 4 Extras - i386, ia64, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 5) - i386, ia64, ppc, s390x, x86_64\nRed Hat Enterprise Linux WS version 4 Extras - i386, ia64, x86_64\n\n3. Detailed\nvulnerability descriptions are linked from the IBM \"Security alerts\" page,\nlisted in the References section. (CVE-2011-3389, CVE-2011-3545,\nCVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3552, CVE-2011-3556,\nCVE-2011-3557, CVE-2011-3560)\n\nAll users of java-1.4.2-ibm are advised to upgrade to these updated\npackages, which contain the IBM Java 1.4.2 SR13-FP11 release. All running\ninstances of IBM Java must be restarted for this update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)\n745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936)\n745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600)\n745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417)\n745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466)\n745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012)\n745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773)\n747191 - CVE-2011-3545 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Sound)\n747198 - CVE-2011-3549 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Swing)\n\n6. Package List:\n\nRed Hat Enterprise Linux AS version 4 Extras:\n\ni386:\njava-1.4.2-ibm-1.4.2.13.11-1jpp.1.el4.i386.rpm\njava-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el4.i386.rpm\njava-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el4.i386.rpm\njava-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el4.i386.rpm\njava-1.4.2-ibm-jdbc-1.4.2.13.11-1jpp.1.el4.i386.rpm\njava-1.4.2-ibm-plugin-1.4.2.13.11-1jpp.1.el4.i386.rpm\njava-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el4.i386.rpm\n\nia64:\njava-1.4.2-ibm-1.4.2.13.11-1jpp.1.el4.ia64.rpm\njava-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el4.ia64.rpm\njava-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el4.ia64.rpm\njava-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el4.ia64.rpm\n\nppc:\njava-1.4.2-ibm-1.4.2.13.11-1jpp.1.el4.ppc.rpm\njava-1.4.2-ibm-1.4.2.13.11-1jpp.1.el4.ppc64.rpm\njava-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el4.ppc.rpm\njava-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el4.ppc64.rpm\njava-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el4.ppc.rpm\njava-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el4.ppc64.rpm\njava-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el4.ppc.rpm\njava-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el4.ppc64.rpm\njava-1.4.2-ibm-jdbc-1.4.2.13.11-1jpp.1.el4.ppc.rpm\njava-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el4.ppc.rpm\njava-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el4.ppc64.rpm\n\ns390:\njava-1.4.2-ibm-1.4.2.13.11-1jpp.1.el4.s390.rpm\njava-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el4.s390.rpm\njava-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el4.s390.rpm\njava-1.4.2-ibm-jdbc-1.4.2.13.11-1jpp.1.el4.s390.rpm\njava-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el4.s390.rpm\n\ns390x:\njava-1.4.2-ibm-1.4.2.13.11-1jpp.1.el4.s390x.rpm\njava-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el4.s390x.rpm\njava-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el4.s390x.rpm\njava-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el4.s390x.rpm\n\nx86_64:\njava-1.4.2-ibm-1.4.2.13.11-1jpp.1.el4.x86_64.rpm\njava-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el4.x86_64.rpm\njava-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el4.x86_64.rpm\njava-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el4.x86_64.rpm\njava-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el4.x86_64.rpm\n\nRed Hat Desktop version 4 Extras:\n\ni386:\njava-1.4.2-ibm-1.4.2.13.11-1jpp.1.el4.i386.rpm\njava-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el4.i386.rpm\njava-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el4.i386.rpm\njava-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el4.i386.rpm\njava-1.4.2-ibm-jdbc-1.4.2.13.11-1jpp.1.el4.i386.rpm\njava-1.4.2-ibm-plugin-1.4.2.13.11-1jpp.1.el4.i386.rpm\njava-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el4.i386.rpm\n\nx86_64:\njava-1.4.2-ibm-1.4.2.13.11-1jpp.1.el4.x86_64.rpm\njava-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el4.x86_64.rpm\njava-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el4.x86_64.rpm\njava-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el4.x86_64.rpm\njava-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el4.x86_64.rpm\n\nRed Hat Enterprise Linux ES version 4 Extras:\n\ni386:\njava-1.4.2-ibm-1.4.2.13.11-1jpp.1.el4.i386.rpm\njava-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el4.i386.rpm\njava-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el4.i386.rpm\njava-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el4.i386.rpm\njava-1.4.2-ibm-jdbc-1.4.2.13.11-1jpp.1.el4.i386.rpm\njava-1.4.2-ibm-plugin-1.4.2.13.11-1jpp.1.el4.i386.rpm\njava-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el4.i386.rpm\n\nia64:\njava-1.4.2-ibm-1.4.2.13.11-1jpp.1.el4.ia64.rpm\njava-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el4.ia64.rpm\njava-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el4.ia64.rpm\njava-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el4.ia64.rpm\n\nx86_64:\njava-1.4.2-ibm-1.4.2.13.11-1jpp.1.el4.x86_64.rpm\njava-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el4.x86_64.rpm\njava-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el4.x86_64.rpm\njava-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el4.x86_64.rpm\njava-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el4.x86_64.rpm\n\nRed Hat Enterprise Linux WS version 4 Extras:\n\ni386:\njava-1.4.2-ibm-1.4.2.13.11-1jpp.1.el4.i386.rpm\njava-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el4.i386.rpm\njava-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el4.i386.rpm\njava-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el4.i386.rpm\njava-1.4.2-ibm-jdbc-1.4.2.13.11-1jpp.1.el4.i386.rpm\njava-1.4.2-ibm-plugin-1.4.2.13.11-1jpp.1.el4.i386.rpm\njava-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el4.i386.rpm\n\nia64:\njava-1.4.2-ibm-1.4.2.13.11-1jpp.1.el4.ia64.rpm\njava-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el4.ia64.rpm\njava-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el4.ia64.rpm\njava-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el4.ia64.rpm\n\nx86_64:\njava-1.4.2-ibm-1.4.2.13.11-1jpp.1.el4.x86_64.rpm\njava-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el4.x86_64.rpm\njava-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el4.x86_64.rpm\njava-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el4.x86_64.rpm\njava-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el4.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5):\n\ni386:\njava-1.4.2-ibm-1.4.2.13.11-1jpp.1.el5.i386.rpm\njava-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el5.i386.rpm\njava-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el5.i386.rpm\njava-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el5.i386.rpm\njava-1.4.2-ibm-jdbc-1.4.2.13.11-1jpp.1.el5.i386.rpm\njava-1.4.2-ibm-plugin-1.4.2.13.11-1jpp.1.el5.i386.rpm\njava-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el5.i386.rpm\n\nia64:\njava-1.4.2-ibm-1.4.2.13.11-1jpp.1.el5.ia64.rpm\njava-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el5.ia64.rpm\njava-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el5.ia64.rpm\njava-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el5.ia64.rpm\n\nppc:\njava-1.4.2-ibm-1.4.2.13.11-1jpp.1.el5.ppc.rpm\njava-1.4.2-ibm-1.4.2.13.11-1jpp.1.el5.ppc64.rpm\njava-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el5.ppc.rpm\njava-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el5.ppc64.rpm\njava-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el5.ppc.rpm\njava-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el5.ppc64.rpm\njava-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el5.ppc.rpm\njava-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el5.ppc64.rpm\njava-1.4.2-ibm-jdbc-1.4.2.13.11-1jpp.1.el5.ppc.rpm\njava-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el5.ppc.rpm\njava-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el5.ppc64.rpm\n\ns390x:\njava-1.4.2-ibm-1.4.2.13.11-1jpp.1.el5.s390.rpm\njava-1.4.2-ibm-1.4.2.13.11-1jpp.1.el5.s390x.rpm\njava-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el5.s390.rpm\njava-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el5.s390x.rpm\njava-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el5.s390.rpm\njava-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el5.s390x.rpm\njava-1.4.2-ibm-jdbc-1.4.2.13.11-1jpp.1.el5.s390.rpm\njava-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el5.s390.rpm\njava-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el5.s390x.rpm\n\nx86_64:\njava-1.4.2-ibm-1.4.2.13.11-1jpp.1.el5.i386.rpm\njava-1.4.2-ibm-1.4.2.13.11-1jpp.1.el5.x86_64.rpm\njava-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el5.i386.rpm\njava-1.4.2-ibm-demo-1.4.2.13.11-1jpp.1.el5.x86_64.rpm\njava-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el5.i386.rpm\njava-1.4.2-ibm-devel-1.4.2.13.11-1jpp.1.el5.x86_64.rpm\njava-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el5.i386.rpm\njava-1.4.2-ibm-javacomm-1.4.2.13.11-1jpp.1.el5.x86_64.rpm\njava-1.4.2-ibm-jdbc-1.4.2.13.11-1jpp.1.el5.i386.rpm\njava-1.4.2-ibm-plugin-1.4.2.13.11-1jpp.1.el5.i386.rpm\njava-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el5.i386.rpm\njava-1.4.2-ibm-src-1.4.2.13.11-1jpp.1.el5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFPC0nZXlSAg2UNWIIRAv1RAKCl92qrTYYU1hbGCfxx4pg/qqVM2gCcDbOP\n1GEavw104zEMlVmzCOrcfx4=\n=j7JJ\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nRelease Date: 2012-05-15\nLast Updated: 2012-05-15\n\n- -----------------------------------------------------------------------------\n\nPotential Security Impact: Remote Denial of service, unauthorized\nmodification and disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified in Java Runtime\nEnvironment (JRE) and Java Developer Kit (JDK) running on HP-UX. These\nvulnerabilities may allow remote Denial of Service (DoS), unauthorized\nmodification and disclosure of information. \n\nReferences: CVE-2010-4447, CVE-2010-4448, CVE-2010-4454, CVE-2010-4462,\nCVE-2010-4465, CVE-2010-4469, CVE-2010-4473, CVE-2010-4475, CVE-2010-4476,\nCVE-2011-0802, CVE-2011-0814, CVE-2011-0815, CVE-2011-0862, CVE-2011-0864,\nCVE-2011-0865, CVE-2011-0867, CVE-2011-0871, CVE-2011-3389, CVE-2011-3545,\nCVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3552, CVE-2011-3556,\nCVE-2011-3557, CVE-2011-3560, CVE-2011-3563, CVE-2012-0499, CVE-2012-0502,\nCVE-2012-0503, CVE-2012-0505, CVE-2012-0506\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2010-4447 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2010-4448 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6\nCVE-2010-4454 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2010-4462 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2010-4465 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2010-4469 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2010-4473 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2010-4475 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2010-4476 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2011-0802 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-0814 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-0815 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-0862 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-0864 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-0865 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6\nCVE-2011-0867 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2011-0871 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2011-3545 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3547 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2011-3548 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3549 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3552 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6\nCVE-2011-3556 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2011-3557 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2011-3560 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2011-3563 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4\nCVE-2012-0499 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2012-0502 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4\nCVE-2012-0503 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2012-0505 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2012-0506 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP is providing the following Java updates to resolve the vulnerabilities. \n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant:\nHP-UX Software Assistant is an enhanced application that replaces HP-UX\nSecurity Patch Check. It analyzes all HP-issued Security Bulletins and lists\nrecommended actions that may apply to a specific HP-UX system. It can also\ndownload patches and create a depot automatically. For more information see:\nhttps://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\nHP-UX B.11.23\nHP-UX B.11.31\n===========\nJpi14.JPI14-COM\nJpi14.JPI14-COM-DOC\nJpi14.JPI14-IPF32\nJpi14.JPI14-PA11\nJdk14.JDK14-COM\nJdk14.JDK14-DEMO\nJdk14.JDK14-IPF32\nJdk14.JDK14-IPF64\nJdk14.JDK14-PA11\nJdk14.JDK14-PA20\nJdk14.JDK14-PA20W\nJdk14.JDK14-PNV2\nJdk14.JDK14-PWV2\nJre14.JRE14-COM\nJre14.JRE14-COM-DOC\nJre14.JRE14-IPF32\nJre14.JRE14-IPF32-HS\nJre14.JRE14-IPF64\nJre14.JRE14-IPF64-HS\nJre14.JRE14-PA11\nJre14.JRE14-PA11-HS\nJre14.JRE14-PA20\nJre14.JRE14-PA20-HS\nJre14.JRE14-PA20W\nJre14.JRE14-PA20W-HS\nJre14.JRE14-PNV2\nJre14.JRE14-PNV2-H\nJre14.JRE14-PWV2\nJre14.JRE14-PWV2-H\naction: install revision 1.4.2.28.00 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 15 May 2012 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated\nperiodically, is contained in HP Security Notice HPSN-2011-001:\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttp://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits;damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners", "sources": [ { "db": "NVD", "id": "CVE-2011-3547" }, { "db": "BID", "id": "50243" }, { "db": "VULMON", "id": "CVE-2011-3547" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "127267" }, { "db": "PACKETSTORM", "id": "107455" }, { "db": "PACKETSTORM", "id": "107532" }, { "db": "PACKETSTORM", "id": "107051" }, { "db": "PACKETSTORM", "id": "106868" }, { "db": "PACKETSTORM", "id": "111633" }, { "db": "PACKETSTORM", "id": "108498" }, { "db": "PACKETSTORM", "id": "112826" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-3547", "trust": 2.3 }, { "db": "BID", "id": "50243", "trust": 1.4 }, { "db": "OSVDB", "id": "76511", "trust": 1.1 }, { "db": "SECUNIA", "id": "48308", "trust": 1.1 }, { "db": "SECUNIA", "id": "49198", "trust": 1.1 }, { "db": "SECUNIA", "id": "48692", "trust": 1.1 }, { "db": "SECTRACK", "id": "1026215", "trust": 1.0 }, { "db": "HITACHI", "id": "HS11-024", "trust": 0.4 }, { "db": "ICS CERT", "id": "ICSA-17-213-02", "trust": 0.3 }, { "db": "SECUNIA", "id": "46694", "trust": 0.2 }, { "db": "VULMON", "id": "CVE-2011-3547", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106640", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106747", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127267", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "107455", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "107532", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "107051", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106868", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "111633", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "108498", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "112826", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3547" }, { "db": "BID", "id": "50243" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "127267" }, { "db": "PACKETSTORM", "id": "107455" }, { "db": "PACKETSTORM", "id": "107532" }, { "db": "PACKETSTORM", "id": "107051" }, { "db": "PACKETSTORM", "id": "106868" }, { "db": "PACKETSTORM", "id": "111633" }, { "db": "PACKETSTORM", "id": "108498" }, { "db": "PACKETSTORM", "id": "112826" }, { "db": "NVD", "id": "CVE-2011-3547" } ] }, "id": "VAR-201110-0394", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 1.0 }, "last_update_date": "2024-09-19T21:24:44.562000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Red Hat: Critical: java-1.4.2-ibm security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120006 - Security Advisory" }, { "title": "Red Hat: Critical: java-1.5.0-ibm security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20111478 - Security Advisory" }, { "title": "Red Hat: Moderate: java-1.4.2-ibm-sap security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120343 - Security Advisory" }, { "title": "Red Hat: Critical: java-1.6.0-ibm security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120034 - Security Advisory" }, { "title": "Ubuntu Security Notice: openjdk-6, openjdk-6b18 regression", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1263-2" }, { "title": "Ubuntu Security Notice: icedtea-web, openjdk-6, openjdk-6b18 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1263-1" }, { "title": "Debian Security Advisories: DSA-2356-1 openjdk-6 -- several vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a48d7ee302b835c97c950b74a371fcfe" }, { "title": "Amazon Linux AMI: ALAS-2011-010", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2011-010" }, { "title": "Red Hat: Low: Red Hat Network Satellite server IBM Java Runtime security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20131455 - Security Advisory" } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3547" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2011-3547" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "http://www.ibm.com/developerworks/java/jdk/alerts/" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" }, { "trust": 1.2, "url": "http://www.securityfocus.com/bid/50243" }, { "trust": 1.2, "url": "http://www.ubuntu.com/usn/usn-1263-1" }, { "trust": 1.2, "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2011-1384.html" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2011-1478.html" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2012-0006.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/49198" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id?1026215" }, { "trust": 1.1, "url": "http://osvdb.org/76511" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/48692" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2013-1455.html" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2" }, { "trust": 1.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70846" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14339" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2" }, { "trust": 1.1, "url": "http://secunia.com/advisories/48308" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3389" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3556" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3560" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3547" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3557" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3548" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3552" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3521" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3554" }, { "trust": 0.4, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs11-024/index.html" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3544" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3551" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3553" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21579415" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-213-02" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100151219" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100150852" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100154049" }, { "trust": 0.3, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03358587" }, { "trust": 0.3, "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?docid=emr_na-c03909126-1\u0026ac.admitted=1378134276525.876444892.492883150" }, { "trust": 0.3, "url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03266681\u0026ac.admitted=1333452464452.876444892.492883150" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643845" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21641966" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21609004" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21609022" }, { "trust": 0.3, "url": "http://lists.vmware.com/pipermail/security-announce/2012/000162.html" }, { "trust": 0.3, "url": "http://www.vmware.com/security/advisories/vmsa-2012-0005.html" }, { "trust": 0.3, "url": "http://www.xerox.com/download/security/security-bulletin/1284333-14afb-4baadb5bccb00/cert_xrx12-002_v1.1.pdf" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3549" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3545" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3574" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3548" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3565" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0864" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3553" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3557" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4450" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0865" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4471" }, { "trust": 0.2, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3557" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3562" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3567" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4476" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3554" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0862" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3568" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3561" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4467" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3567" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4465" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4472" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3556" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3568" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3548" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3541" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3566" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3549" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3562" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3573" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3552" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4469" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4448" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3521" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3569" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0871" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0815" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3554" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3569" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3573" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3548" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3541" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3549" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3565" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0872" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3554" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3574" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4470" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3553" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3551" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3544" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3547" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3560" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0869" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3566" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3551" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3553" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3558" }, { "trust": 0.2, "url": "http://security.gentoo.org/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3561" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0868" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3389" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3551" }, { "trust": 0.2, "url": "https://bugs.gentoo.org." }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3557" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4465" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4469" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4448" }, { "trust": 0.2, "url": "http://www.debian.org/security/faq" }, { "trust": 0.2, "url": "http://www.debian.org/security/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0865" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0864" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0862" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0867" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0871" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3558" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3377" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3563" }, { "trust": 0.2, "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.2, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.2, "url": "http://www.hp.com/go/java" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0499" }, { "trust": 0.2, "url": "https://www.hp.com/go/swa" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2012:0006" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/1263-2/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4474" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0814" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3563" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3570" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4451" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3516" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3550" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3550" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3556" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3550" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4447" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3549" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3563" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4466" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0863" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3556" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4462" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3546" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3559" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4475" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3559" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3552" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3552" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4422" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0867" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4468" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4463" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3560" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3570" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3545" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4452" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0802" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4422" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4473" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201111-02.xml" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0873" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4454" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46694/#comments" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/products/corporate/vim/ovum_2011_request/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46694" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46694/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4470" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3423" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2469" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2443" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1717" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2412" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1716" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0505" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1518" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2419" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2414" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3829" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5829" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5804" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1485" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5806" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5087" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2422" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5075" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2426" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4002" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5084" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1711" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1478" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2461" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5820" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5979" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6954" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2470" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0547" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4540" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0429" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0441" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2451" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2459" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5823" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2421" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0870" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2460" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1713" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0706" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0434" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5784" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5830" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5800" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2456" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5803" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5086" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0425" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2383" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2423" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2447" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2452" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2445" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5778" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5780" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5073" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1493" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2446" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5069" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-5035" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1500" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0426" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0457" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5850" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2783" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0451" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0459" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2423" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1876" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2384" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0431" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1557" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0458" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2453" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0401" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5085" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2407" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2421" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3564" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2429" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2403" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5068" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5071" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2398" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0432" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0444" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1475" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0497" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5774" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5782" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1725" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5790" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5805" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3564" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5802" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5849" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1719" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0461" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0442" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2448" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2458" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0427" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2427" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5825" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0506" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1484" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2430" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2415" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3216" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0429" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1718" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5772" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3860" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3422" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0433" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5074" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2454" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2444" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5072" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2436" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4416" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0822" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1537" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2449" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0503" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0025" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2457" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1476" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0169" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0424" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3563" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0809" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5077" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0435" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0456" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1723" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1726" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1571" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4467" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0460" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5081" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5840" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5851" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2465" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2431" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2473" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6629" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5783" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2783" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2463" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2412" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5809" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1480" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4351" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2420" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0501" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0428" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2417" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2471" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2424" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5076" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5842" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2397" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0452" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1569" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1724" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5797" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5070" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1486" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2472" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0446" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0453" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3860" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1488" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0502" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0440" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0443" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5814" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5817" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4351" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2455" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5089" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0868" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0869" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6b18/6b18-1.8.10-0ubuntu1~10.10.2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b20-1.9.10-0ubuntu1~10.04.2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/icedtea-web/1.1.1-0ubuntu1~11.04.2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b23~pre11-0ubuntu1.11.10" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6b18/6b18-1.8.10-0ubuntu1~11.04.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b22-1.10.4-0ubuntu1~11.04.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6b18/6b18-1.8.10-0ubuntu1~10.04.2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b20-1.9.10-0ubuntu1~10.10.2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/icedtea-web/1.1.3-1ubuntu1.1" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3377" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3556" }, { "trust": 0.1, "url": "http://secunia.com/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3552" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3558" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3560" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3553" }, { "trust": 0.1, "url": "https://www.ample.com" }, { "trust": 0.1, "url": "https://www.example.com," }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3389" }, { "trust": 0.1, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3557" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3554" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/advisories" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3551" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3544" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3521" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3548" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3547" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0507" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0503" }, { "trust": 0.1, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0501" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0498" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0502" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0505" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0506" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3560.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3547.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3548.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3557.html" }, { "trust": 0.1, "url": "https://access.redhat.com/kb/docs/doc-11259" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2012-0006.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3556.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3549.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3545.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3389.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3552.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.1, "url": "http://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4454" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0815" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4476" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4462" }, { "trust": 0.1, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4475" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4473" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4447" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0802" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0814" } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3547" }, { "db": "BID", "id": "50243" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "127267" }, { "db": "PACKETSTORM", "id": "107455" }, { "db": "PACKETSTORM", "id": "107532" }, { "db": "PACKETSTORM", "id": "107051" }, { "db": "PACKETSTORM", "id": "106868" }, { "db": "PACKETSTORM", "id": "111633" }, { "db": "PACKETSTORM", "id": "108498" }, { "db": "PACKETSTORM", "id": "112826" }, { "db": "NVD", "id": "CVE-2011-3547" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2011-3547" }, { "db": "BID", "id": "50243" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "127267" }, { "db": "PACKETSTORM", "id": "107455" }, { "db": "PACKETSTORM", "id": "107532" }, { "db": "PACKETSTORM", "id": "107051" }, { "db": "PACKETSTORM", "id": "106868" }, { "db": "PACKETSTORM", "id": "111633" }, { "db": "PACKETSTORM", "id": "108498" }, { "db": "PACKETSTORM", "id": "112826" }, { "db": "NVD", "id": "CVE-2011-3547" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-10-19T00:00:00", "db": "VULMON", "id": "CVE-2011-3547" }, { "date": "2011-10-18T00:00:00", "db": "BID", "id": "50243" }, { "date": "2011-11-06T01:01:42", "db": "PACKETSTORM", "id": "106640" }, { "date": "2011-11-08T04:55:18", "db": "PACKETSTORM", "id": "106747" }, { "date": "2014-06-30T23:39:28", "db": "PACKETSTORM", "id": "127267" }, { "date": "2011-12-01T21:42:10", "db": "PACKETSTORM", "id": "107455" }, { "date": "2011-12-05T14:44:00", "db": "PACKETSTORM", "id": "107532" }, { "date": "2011-11-17T02:34:27", "db": "PACKETSTORM", "id": "107051" }, { "date": "2011-11-12T00:06:50", "db": "PACKETSTORM", "id": "106868" }, { "date": "2012-04-06T02:42:03", "db": "PACKETSTORM", "id": "111633" }, { "date": "2012-01-09T22:38:38", "db": "PACKETSTORM", "id": "108498" }, { "date": "2012-05-17T21:16:37", "db": "PACKETSTORM", "id": "112826" }, { "date": "2011-10-19T21:55:01.237000", "db": "NVD", "id": "CVE-2011-3547" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-10-30T00:00:00", "db": "VULMON", "id": "CVE-2011-3547" }, { "date": "2017-08-02T18:09:00", "db": "BID", "id": "50243" }, { "date": "2022-05-13T14:52:52.973000", "db": "NVD", "id": "CVE-2011-3547" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "107051" }, { "db": "PACKETSTORM", "id": "106868" }, { "db": "PACKETSTORM", "id": "111633" }, { "db": "PACKETSTORM", "id": "112826" } ], "trust": 0.4 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Oracle Java SE CVE-2011-3547 Remote Java Runtime Environment Vulnerability", "sources": [ { "db": "BID", "id": "50243" } ], "trust": 0.3 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unknown", "sources": [ { "db": "BID", "id": "50243" } ], "trust": 0.3 } }
var-201110-0352
Vulnerability from variot
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deserialization. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the way Java handles IIOP deserialization. Due to insufficient type checking it is possible to trick java into allowing access to otherwise protected and private fields in built-in objects. This could be used, for example, to disable to security manager normally in place for applets. This leads to remote code execution under the context of the current user. The vulnerability can be exploited over multiple protocols. This issue affects the 'Deserialization' sub-component. This vulnerability affects the following supported versions: JDK and JRE 7, 6 Update 27, 5.0 Update 31. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201111-02
http://security.gentoo.org/
Severity: Normal Title: Oracle JRE/JDK: Multiple vulnerabilities Date: November 05, 2011 Bugs: #340421, #354213, #370559, #387851 ID: 201111-02
Synopsis
Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/sun-jre-bin < 1.6.0.29 >= 1.6.0.29 * 2 app-emulation/emul-linux-x86-java < 1.6.0.29 >= 1.6.0.29 * 3 dev-java/sun-jdk < 1.6.0.29 >= 1.6.0.29 * ------------------------------------------------------------------- NOTE: Packages marked with asterisks require manual intervention! ------------------------------------------------------------------- 3 affected packages -------------------------------------------------------------------
Description
Multiple vulnerabilities have been reported in the Oracle Java implementation.
Workaround
There is no known workaround at this time.
Resolution
All Oracle JDK 1.6 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.6.0.29"
All Oracle JRE 1.6 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.6.0.29"
All users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to the latest version:
# emerge --sync # emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.6.0.29"
NOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically. This limitation is not present on a non-fetch restricted implementation such as dev-java/icedtea-bin.
References
[ 1 ] CVE-2010-3541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541 [ 2 ] CVE-2010-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548 [ 3 ] CVE-2010-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549 [ 4 ] CVE-2010-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550 [ 5 ] CVE-2010-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551 [ 6 ] CVE-2010-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552 [ 7 ] CVE-2010-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553 [ 8 ] CVE-2010-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554 [ 9 ] CVE-2010-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555 [ 10 ] CVE-2010-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556 [ 11 ] CVE-2010-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557 [ 12 ] CVE-2010-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558 [ 13 ] CVE-2010-3559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559 [ 14 ] CVE-2010-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560 [ 15 ] CVE-2010-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561 [ 16 ] CVE-2010-3562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562 [ 17 ] CVE-2010-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563 [ 18 ] CVE-2010-3565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565 [ 19 ] CVE-2010-3566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566 [ 20 ] CVE-2010-3567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567 [ 21 ] CVE-2010-3568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568 [ 22 ] CVE-2010-3569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569 [ 23 ] CVE-2010-3570 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570 [ 24 ] CVE-2010-3571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571 [ 25 ] CVE-2010-3572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572 [ 26 ] CVE-2010-3573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573 [ 27 ] CVE-2010-3574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574 [ 28 ] CVE-2010-4422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422 [ 29 ] CVE-2010-4447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447 [ 30 ] CVE-2010-4448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448 [ 31 ] CVE-2010-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450 [ 32 ] CVE-2010-4451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451 [ 33 ] CVE-2010-4452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452 [ 34 ] CVE-2010-4454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454 [ 35 ] CVE-2010-4462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462 [ 36 ] CVE-2010-4463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463 [ 37 ] CVE-2010-4465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465 [ 38 ] CVE-2010-4466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466 [ 39 ] CVE-2010-4467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467 [ 40 ] CVE-2010-4468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468 [ 41 ] CVE-2010-4469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469 [ 42 ] CVE-2010-4470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470 [ 43 ] CVE-2010-4471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471 [ 44 ] CVE-2010-4472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472 [ 45 ] CVE-2010-4473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473 [ 46 ] CVE-2010-4474 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474 [ 47 ] CVE-2010-4475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475 [ 48 ] CVE-2010-4476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476 [ 49 ] CVE-2011-0802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802 [ 50 ] CVE-2011-0814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814 [ 51 ] CVE-2011-0815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815 [ 52 ] CVE-2011-0862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862 [ 53 ] CVE-2011-0863 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863 [ 54 ] CVE-2011-0864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864 [ 55 ] CVE-2011-0865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865 [ 56 ] CVE-2011-0867 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867 [ 57 ] CVE-2011-0868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868 [ 58 ] CVE-2011-0869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869 [ 59 ] CVE-2011-0871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871 [ 60 ] CVE-2011-0872 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872 [ 61 ] CVE-2011-0873 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873 [ 62 ] CVE-2011-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389 [ 63 ] CVE-2011-3516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516 [ 64 ] CVE-2011-3521 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521 [ 65 ] CVE-2011-3544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544 [ 66 ] CVE-2011-3545 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545 [ 67 ] CVE-2011-3546 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546 [ 68 ] CVE-2011-3547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547 [ 69 ] CVE-2011-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548 [ 70 ] CVE-2011-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549 [ 71 ] CVE-2011-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550 [ 72 ] CVE-2011-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551 [ 73 ] CVE-2011-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552 [ 74 ] CVE-2011-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553 [ 75 ] CVE-2011-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554 [ 76 ] CVE-2011-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555 [ 77 ] CVE-2011-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556 [ 78 ] CVE-2011-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557 [ 79 ] CVE-2011-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558 [ 80 ] CVE-2011-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560 [ 81 ] CVE-2011-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201111-02.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Hitachi Cosminexus Products Java Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA46694
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46694/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46694
RELEASE DATE: 2011-11-08
DISCUSS ADVISORY: http://secunia.com/advisories/46694/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46694/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46694
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Hitachi has acknowledged multiple vulnerabilities in Hitachi Cosminexus products, which can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
The vulnerabilities are caused due to vulnerabilities in the bundled version of Cosminexus Developer's Kit for Java.
For more information: SA46512
Please see the vendor's advisory for a list of affected products. Please see the vendor's advisory for details.
ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-024/index.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
.
Background
IcedTea is a distribution of the Java OpenJDK source code built with free build tools. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets.
CVE-2011-3521 The CORBA implementation contains a deserialization vulnerability in the IIOP implementation, allowing untrusted Java code (such as applets) to elevate its privileges.
CVE-2011-3544 The Java scripting engine lacks necessary security manager checks, allowing untrusted Java code (such as applets) to elevate its privileges.
CVE-2011-3547 The skip() method in java.io.InputStream uses a shared buffer, allowing untrusted Java code (such as applets) to access data that is skipped by other code.
CVE-2011-3548 The java.awt.AWTKeyStroke class contains a flaw which allows untrusted Java code (such as applets) to elevate its privileges.
CVE-2011-3551 The Java2D C code contains an integer overflow which results in a heap-based buffer overflow, potentially allowing untrusted Java code (such as applets) to elevate its privileges.
CVE-2011-3552 Malicous Java code can use up an excessive amount of UDP ports, leading to a denial of service.
CVE-2011-3553 JAX-WS enables stack traces for certain server responses by default, potentially leaking sensitive information.
CVE-2011-3554 JAR files in pack200 format are not properly checked for errors, potentially leading to arbitrary code execution when unpacking crafted pack200 files.
CVE-2011-3556 The RMI Registry server lacks access restrictions on certain methods, allowing a remote client to execute arbitary code.
CVE-2011-3557 The RMI Registry server fails to properly restrict privileges of untrusted Java code, allowing RMI clients to elevate their privileges on the RMI Registry server.
CVE-2011-3560 The com.sun.net.ssl.HttpsURLConnection class does not perform proper security manager checks in the setSSLSocketFactory() method, allowing untrusted Java code to bypass security policy restrictions.
For the stable distribution (squeeze), this problem has been fixed in version 6b18-1.8.10-0+squeeze1.
For the testing distribution (wheezy) and the unstable distribution (sid), this problem has been fixed in version 6b23~pre11-1.
We recommend that you upgrade your openjdk-6 packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: java-1.6.0-sun security update Advisory ID: RHSA-2011:1384-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1384.html Issue date: 2011-10-19 CVE Names: CVE-2011-3389 CVE-2011-3516 CVE-2011-3521 CVE-2011-3544 CVE-2011-3545 CVE-2011-3546 CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 CVE-2011-3550 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3555 CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 CVE-2011-3560 CVE-2011-3561 =====================================================================
- Summary:
Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
-
Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section. All running instances of Sun Java must be restarted for the update to take effect.
-
Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
- Bugs fixed (http://bugzilla.redhat.com/):
737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) 745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936) 745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600) 745391 - CVE-2011-3551 OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640) 745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417) 745399 - CVE-2011-3544 OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823) 745442 - CVE-2011-3521 OpenJDK: IIOP deserialization code execution (Deserialization, 7055902) 745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857) 745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466) 745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012) 745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773) 745476 - CVE-2011-3553 OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794) 745492 - CVE-2011-3558 OpenJDK: Hotspot unspecified issue (Hotspot, 7070134) 747191 - CVE-2011-3545 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Sound) 747198 - CVE-2011-3549 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Swing) 747200 - CVE-2011-3550 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (AWT) 747203 - CVE-2011-3516 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment) 747205 - CVE-2011-3546 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment) 747206 - CVE-2011-3555 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (JRE) 747208 - CVE-2011-3561 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)
- Package List:
Red Hat Enterprise Linux AS version 4 Extras:
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm
Red Hat Desktop version 4 Extras:
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm
Red Hat Enterprise Linux ES version 4 Extras:
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm
Red Hat Enterprise Linux WS version 4 Extras:
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.x86_64.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node Supplementary (v. 6):
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-3389.html https://www.redhat.com/security/data/cve/CVE-2011-3516.html https://www.redhat.com/security/data/cve/CVE-2011-3521.html https://www.redhat.com/security/data/cve/CVE-2011-3544.html https://www.redhat.com/security/data/cve/CVE-2011-3545.html https://www.redhat.com/security/data/cve/CVE-2011-3546.html https://www.redhat.com/security/data/cve/CVE-2011-3547.html https://www.redhat.com/security/data/cve/CVE-2011-3548.html https://www.redhat.com/security/data/cve/CVE-2011-3549.html https://www.redhat.com/security/data/cve/CVE-2011-3550.html https://www.redhat.com/security/data/cve/CVE-2011-3551.html https://www.redhat.com/security/data/cve/CVE-2011-3552.html https://www.redhat.com/security/data/cve/CVE-2011-3553.html https://www.redhat.com/security/data/cve/CVE-2011-3554.html https://www.redhat.com/security/data/cve/CVE-2011-3555.html https://www.redhat.com/security/data/cve/CVE-2011-3556.html https://www.redhat.com/security/data/cve/CVE-2011-3557.html https://www.redhat.com/security/data/cve/CVE-2011-3558.html https://www.redhat.com/security/data/cve/CVE-2011-3560.html https://www.redhat.com/security/data/cve/CVE-2011-3561.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFOnw+BXlSAg2UNWIIRArM2AJwNT0vxdrXLgkZjOCwP8LkDemBYzQCbBrE3 0MJzQCB587rTzSRSo+gGytc= =809z -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6
Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 are now available and address the following:
Java Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, Mac OS X v10.7.2, Mac OS X Server v10.7.2 Impact: Multiple vulnerabilities in Java 1.6.0_26 Description: Multiple vulnerabilities exist in Java 1.6.0_26, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_29. Further information is available via the Java website at http://java.sun.com/javase/6/webnotes/ReleaseNotes.html CVE-ID CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3545 CVE-2011-3546 CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 CVE-2011-3560 CVE-2011-3561
Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
For Mac OS X v10.6 systems The download file is named: JavaForMacOSX10.6.dmg Its SHA-1 digest is: be0ac75b8bac967f1d39a94ebf9482a61fb7d70b
For Mac OS X v10.7 systems The download file is named: JavaForMacOSX10.7.dmg Its SHA-1 digest is: 7768e6aeb5adaa638c74d4c04150517ed99fed20
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iQEcBAEBAgAGBQJOuZNKAAoJEGnF2JsdZQeece8H/1I98YQ1LF4iDD442zB+WjZP 2Vxd3euXYwySD6qDCYNLJ0hUKu90c/4nr5d5rRH3xYdBzAHuZG39m069lpN1UZIW t5ube+j9zjiejnXlPbAgq+vIAg22nu0EdxhOOZZeQOoEYqyoKhXNCt3fR+tzo3o4 mN/LWMO1NwrM0sGDPuUGs2TWdPZbC4QJJz4Z4S+FsTlujYh9MRd3dyxLBIg7BKCL wgnFdpFW8bPmVdiTj91pC0Gb3XtolQxexXGHsdI15KeFMbQ06nKV/AyvxMF8O5jS D089GEHE52NAQCZ0YJ6TJsisrGqTZZ77js55cPU259FogxEKKBuwfdFbn4qVeD8= =4KBF -----END PGP SIGNATURE----- .
Release Date: 2012-01-23 Last Updated: 2012-01-23
Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.12 or earlier
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-3516 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2011-3521 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3544 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3545 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3546 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8 CVE-2011-3547 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3548 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3549 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3550 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2011-3551 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2011-3552 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2011-3553 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2011-3554 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3556 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-3557 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2011-3558 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3560 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2011-3561 (AV:A/AC:H/Au:N/C:P/I:N/A:N) 1.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following Java version upgrades to resolve these vulnerabilities. This bulletin will be revised as other upgrades for additional supported Java versions become available. The upgrades are available from the following location
http://www.hp.com/go/java
HP-UX B.11.11, B.11.23, B.11.31 JDK and JRE v6.0.13 or subsequent
MANUAL ACTIONS: Yes - Update For Java v6.0.12 and earlier, update to Java v6.0.13 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 =========== Jre60.JRE60-COM Jre60.JRE60-IPF32 Jre60.JRE60-IPF32-HS Jre60.JRE60-IPF64 Jre60.JRE60-IPF64-HS Jre60.JRE60-PA20 Jre60.JRE60-PA20-HS Jre60.JRE60-PA20W Jre60.JRE60-PA20W-HS Jdk60.JDK60-COM Jdk60.JDK60-IPF32 Jdk60.JDK60-IPF64 Jdk60.JDK60-PA20 Jdk60.JDK60-PA20W action: install revision 1.6.0.13.00 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) 23 January 2012 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201110-0352", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jre", "scope": "eq", "trust": 1.6, "vendor": "sun", "version": "1.5.0" }, { "model": "jdk", "scope": "eq", "trust": 1.6, "vendor": "sun", "version": "1.5.0" }, { "model": "esx", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "3.5" }, { "model": "esx", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "4.0" }, { "model": "esx", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "4.1" }, { "model": "jre", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "jdk", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "jre", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jdk", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.7.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.7.0" }, { "model": "jre 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.5.0 32", "scope": "ne", "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 28", "scope": "ne", "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0 17", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 16", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 32", "scope": "ne", "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.5.0 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 27", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 23", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 18", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.5.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 12", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 27", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 16", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 12", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.5.0 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.7" }, { "model": "jre 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 01", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 28", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 22", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.5.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 28", "scope": "ne", "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0 23", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 10", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 28", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 26", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 30", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 26", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 24", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.5.0 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 22", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 11", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 18", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.7" }, { "model": "jdk 1.5.0 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 24", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 30", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk .0 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 0 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 24", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "vcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "4.0 (windows)" }, { "model": "vcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "4.1 (windows)" }, { "model": "vcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "5.0 (windows)" }, { "model": "virtualcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "2.5 (windows)" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6.8" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.7.2" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6.8" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.7.2" }, { "model": "jdk", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "5.0 update 31" }, { "model": "jdk", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "6 update 27" }, { "model": "jdk", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "7" }, { "model": "jre", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "5.0 update 31" }, { "model": "jre", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "6 update 27" }, { "model": "jre", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "7" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 extras" }, { "model": "enterprise linux hpc node supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux server supplementary eus", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6.1.z" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "enterprise version 6" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard version 6" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "cosminexus client", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "cosminexus developer\u0027s kit for java", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base" }, { "model": "cosminexus server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard edition version 4" }, { "model": "cosminexus server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "web edition version 4" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard edition version 4" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "web edition version 4" }, { "model": "hirdb for java /xml", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "developer\u0027s kit for java", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "processing kit for xml", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "enterprise" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "express" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "smart edition" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard-r" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "for plug-in" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "01" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional for plug-in" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard" }, { "model": "ucosminexus operator", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus portal framework", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "entry set" }, { "model": "ucosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "architect" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "platform" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "platform - messaging" }, { "model": "java runtime", "scope": null, "trust": 0.7, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0.0 11", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.5.0.0 09", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 11-b03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0 12", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk .0 04", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 01-b06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.6" }, { "model": "jdk .0 03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0.0 08", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0.0 09", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.5.0.0 07", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 2", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 01", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 07-b03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0.0 08", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 20", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0.0 12", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "cosminexus server web edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "java se sr8 fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8" }, { "model": "linux enterprise sdk sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "trio tview software", "scope": "eq", "trust": 0.3, "vendor": "schneider electric", "version": "3.27.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.1" }, { "model": "processing kit for xml", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.16.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.19.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "enterprise linux as extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.10" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "jdk 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6" }, { "model": "nonstop server j06.08.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus studio web edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "nonstop server h06.15.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "trio tview software", "scope": "ne", "trust": 0.3, "vendor": "schneider electric", "version": "3.29.0" }, { "model": "nonstop server j06.06.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "15.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1" }, { "model": "nonstop server j06.14", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "ucosminexus application server express", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-70" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.8" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server j06.09.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.26", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.04.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system platform sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.2" }, { "model": "nonstop server j06.13", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "linux enterprise server sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "nonstop server j06.09.04", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.2" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0.0.52" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "cosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "nonstop server h06.18.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.15.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.22.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server j06.12.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ir", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server j06.05.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.08.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus server standard edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server j06.09.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "nonstop server j06.16", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "ucosminexus client for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "java se sr6", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "nonstop server j6.0.14.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "freeflow print server 73.c0.41", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.2" }, { "model": "enterprise linux desktop supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "010" }, { "model": "enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "jdk 1.5.0 11", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "ucosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "ucosminexus service platform messaging", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0" }, { "model": "nonstop server j06.07.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2011" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "nonstop server j06.09.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk 1.5.0.0 04", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "nonstop server j06.10.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "nonstop server j06.06.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "nonstop server h06.24.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "jdk 1.5.0.0 06", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.0" }, { "model": "nonstop server h06.25", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "messaging storage server sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "ucosminexus application server light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.15.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "freeflow print server 73.b3.61", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "linux enterprise software development kit sp1 for sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "virtualcenter update 6b", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "2.5" }, { "model": "openjdk", "scope": "eq", "trust": 0.3, "vendor": "openjdk", "version": "6" }, { "model": "security appscan standard", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "jre 1.5.0 09", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "enterprise linux ws extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "java se sr9", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "nonstop server j06.07.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "enterprise linux es extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "jre beta", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "message networking sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux enterprise server for vmware sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "openjdk", "scope": "eq", "trust": 0.3, "vendor": "openjdk", "version": "1.6" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "nonstop server j06.08.04", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "nonstop server j06.08.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura system manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "messaging storage server sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "enterprise server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "jdk 07", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "nonstop server h06.15.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.24", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus primary server base", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "java se sr10", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "nonstop server h06.16.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus developer professional for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.18.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.20.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "enterprise linux hpc node optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.6" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "nonstop server j06.13.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "nonstop server h06.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "enterprise server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "jdk 1.5.0 11-b03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "nonstop server h06.19.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "java se sr7", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "nonstop server h06.22.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "enterprise linux workstation optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "cosminexus studio standard edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "nonstop server h06.19.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "linux enterprise server sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.7" }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.1" }, { "model": "interactive response", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.1" }, { "model": "nonstop server j06.11.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr9-fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0" }, { "model": "nonstop server j06.15", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2011" }, { "model": "messaging application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "update manager update", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "5.01" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.21.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "virtualcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "nonstop server h06.20.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-80" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "cosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0" }, { "model": "messaging storage server sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "nonstop server j06.05.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "jre 07", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "nonstop server j06.07.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cms server aux", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "15.0" }, { "model": "nonstop server h06.21.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server h06.19.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk 0 09", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "linux enterprise java sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "jre 1.5.0 08", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "hirdb for java", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.2" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.10" }, { "model": "ucosminexus application server smart edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.7" }, { "model": "nonstop server j06.11.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "nonstop server h06.26.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "cosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "linux enterprise server sp1 for sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "enterprise linux server optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "desktop extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "nonstop server j06.04.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "nonstop server j06.04.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "nonstop server j06.06.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus primary server base", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "nonstop server h06.21.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.06.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.17.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk 1.5.0 07-b03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "network node manager i", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.1" }, { "model": "update manager", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura system platform sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "jdk 1.6.0 01-b06", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "cosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.20.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "nonstop server j06.10.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "enterprise linux desktop optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server h06.17.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "enterprise linux hpc node supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "ucosminexus application server standard-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "nonstop server h06.16.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk 1.5.0.0 03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.4" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.2" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "nonstop server j06.05.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "linux enterprise java sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "java se sr1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "nonstop server h06.20.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus developer no version", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5" }, { "model": "jdk 0 03", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "nonstop server j06.09.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0.1" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "nonstop server h06.17.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.08.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura conferencing standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server j06.10.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "nonstop server h06.25.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.18.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus application server no version", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.27", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.17.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.14.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.2" } ], "sources": [ { "db": "ZDI", "id": "ZDI-11-306" }, { "db": "BID", "id": "50215" }, { "db": "JVNDB", "id": "JVNDB-2011-002577" }, { "db": "CNNVD", "id": "CNNVD-201110-489" }, { "db": "NVD", "id": "CVE-2011-3521" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:vmware:esx", "vulnerable": true }, { "cpe22Uri": "cpe:/a:vmware:vcenter", "vulnerable": true }, { "cpe22Uri": "cpe:/a:vmware:virtualcenter", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:sun:jdk", "vulnerable": true }, { "cpe22Uri": "cpe:/a:sun:jre", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:enterprise_linux", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:enterprise_linux_hpc_node_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_server_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_server_supplementary_eus", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_workstation_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_desktop_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_client", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developers_kit_for_java", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_primary_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:hirdb_for_java_xml", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:hitachi_developers_kit_for_java", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:processing_kit_for_xml", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_client", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_operator", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_portal_framework", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_primary_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_service", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-002577" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Oracle", "sources": [ { "db": "BID", "id": "50215" }, { "db": "CNNVD", "id": "CNNVD-201110-489" } ], "trust": 0.9 }, "cve": "CVE-2011-3521", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CVE-2011-3521", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2011-3521", "impactScore": 8.5, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2011-3521", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2011-3521", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2011-3521", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201110-489", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULMON", "id": "CVE-2011-3521", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-11-306" }, { "db": "VULMON", "id": "CVE-2011-3521" }, { "db": "JVNDB", "id": "JVNDB-2011-002577" }, { "db": "CNNVD", "id": "CNNVD-201110-489" }, { "db": "NVD", "id": "CVE-2011-3521" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deserialization. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the way Java handles IIOP deserialization. Due to insufficient type checking it is possible to trick java into allowing access to otherwise protected and private fields in built-in objects. This could be used, for example, to disable to security manager normally in place for applets. This leads to remote code execution under the context of the current user. \nThe vulnerability can be exploited over multiple protocols. This issue affects the \u0027Deserialization\u0027 sub-component. \nThis vulnerability affects the following supported versions:\nJDK and JRE 7, 6 Update 27, 5.0 Update 31. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201111-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Oracle JRE/JDK: Multiple vulnerabilities\n Date: November 05, 2011\n Bugs: #340421, #354213, #370559, #387851\n ID: 201111-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in the Oracle JRE/JDK,\nallowing attackers to cause unspecified impact. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-java/sun-jre-bin \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n 2 app-emulation/emul-linux-x86-java\n \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n 3 dev-java/sun-jdk \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n -------------------------------------------------------------------\n NOTE: Packages marked with asterisks require manual intervention!\n -------------------------------------------------------------------\n 3 affected packages\n -------------------------------------------------------------------\n\nDescription\n===========\n\nMultiple vulnerabilities have been reported in the Oracle Java\nimplementation. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Oracle JDK 1.6 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-java/sun-jdk-1.6.0.29\"\n\nAll Oracle JRE 1.6 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-java/sun-jre-bin-1.6.0.29\"\n\nAll users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to\nthe latest version:\n\n # emerge --sync\n # emerge -a -1 -v \"\u003e=app-emulation/emul-linux-x86-java-1.6.0.29\"\n\nNOTE: As Oracle has revoked the DLJ license for its Java\nimplementation, the packages can no longer be updated automatically. \nThis limitation is not present on a non-fetch restricted implementation\nsuch as dev-java/icedtea-bin. \n\nReferences\n==========\n\n[ 1 ] CVE-2010-3541\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541\n[ 2 ] CVE-2010-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548\n[ 3 ] CVE-2010-3549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549\n[ 4 ] CVE-2010-3550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550\n[ 5 ] CVE-2010-3551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551\n[ 6 ] CVE-2010-3552\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552\n[ 7 ] CVE-2010-3553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553\n[ 8 ] CVE-2010-3554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554\n[ 9 ] CVE-2010-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555\n[ 10 ] CVE-2010-3556\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556\n[ 11 ] CVE-2010-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557\n[ 12 ] CVE-2010-3558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558\n[ 13 ] CVE-2010-3559\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559\n[ 14 ] CVE-2010-3560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560\n[ 15 ] CVE-2010-3561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561\n[ 16 ] CVE-2010-3562\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562\n[ 17 ] CVE-2010-3563\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563\n[ 18 ] CVE-2010-3565\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565\n[ 19 ] CVE-2010-3566\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566\n[ 20 ] CVE-2010-3567\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567\n[ 21 ] CVE-2010-3568\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568\n[ 22 ] CVE-2010-3569\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569\n[ 23 ] CVE-2010-3570\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570\n[ 24 ] CVE-2010-3571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571\n[ 25 ] CVE-2010-3572\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572\n[ 26 ] CVE-2010-3573\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573\n[ 27 ] CVE-2010-3574\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574\n[ 28 ] CVE-2010-4422\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422\n[ 29 ] CVE-2010-4447\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447\n[ 30 ] CVE-2010-4448\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448\n[ 31 ] CVE-2010-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450\n[ 32 ] CVE-2010-4451\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451\n[ 33 ] CVE-2010-4452\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452\n[ 34 ] CVE-2010-4454\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454\n[ 35 ] CVE-2010-4462\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462\n[ 36 ] CVE-2010-4463\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463\n[ 37 ] CVE-2010-4465\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465\n[ 38 ] CVE-2010-4466\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466\n[ 39 ] CVE-2010-4467\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467\n[ 40 ] CVE-2010-4468\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468\n[ 41 ] CVE-2010-4469\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469\n[ 42 ] CVE-2010-4470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470\n[ 43 ] CVE-2010-4471\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471\n[ 44 ] CVE-2010-4472\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472\n[ 45 ] CVE-2010-4473\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473\n[ 46 ] CVE-2010-4474\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474\n[ 47 ] CVE-2010-4475\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475\n[ 48 ] CVE-2010-4476\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476\n[ 49 ] CVE-2011-0802\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802\n[ 50 ] CVE-2011-0814\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814\n[ 51 ] CVE-2011-0815\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815\n[ 52 ] CVE-2011-0862\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862\n[ 53 ] CVE-2011-0863\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863\n[ 54 ] CVE-2011-0864\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864\n[ 55 ] CVE-2011-0865\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865\n[ 56 ] CVE-2011-0867\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867\n[ 57 ] CVE-2011-0868\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868\n[ 58 ] CVE-2011-0869\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869\n[ 59 ] CVE-2011-0871\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871\n[ 60 ] CVE-2011-0872\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872\n[ 61 ] CVE-2011-0873\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873\n[ 62 ] CVE-2011-3389\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389\n[ 63 ] CVE-2011-3516\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516\n[ 64 ] CVE-2011-3521\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521\n[ 65 ] CVE-2011-3544\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544\n[ 66 ] CVE-2011-3545\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545\n[ 67 ] CVE-2011-3546\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546\n[ 68 ] CVE-2011-3547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547\n[ 69 ] CVE-2011-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548\n[ 70 ] CVE-2011-3549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549\n[ 71 ] CVE-2011-3550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550\n[ 72 ] CVE-2011-3551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551\n[ 73 ] CVE-2011-3552\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552\n[ 74 ] CVE-2011-3553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553\n[ 75 ] CVE-2011-3554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554\n[ 76 ] CVE-2011-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555\n[ 77 ] CVE-2011-3556\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556\n[ 78 ] CVE-2011-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557\n[ 79 ] CVE-2011-3558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558\n[ 80 ] CVE-2011-3560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560\n[ 81 ] CVE-2011-3561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201111-02.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nHitachi Cosminexus Products Java Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA46694\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46694/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46694\n\nRELEASE DATE:\n2011-11-08\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46694/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46694/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46694\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nHitachi has acknowledged multiple vulnerabilities in Hitachi\nCosminexus products, which can be exploited by malicious users to\ndisclose certain information and by malicious people to disclose\npotentially sensitive information, hijack a user\u0027s session, conduct\nDNS cache poisoning attacks, manipulate certain data, cause a DoS\n(Denial of Service), and compromise a vulnerable system. \n\nThe vulnerabilities are caused due to vulnerabilities in the bundled\nversion of Cosminexus Developer\u0027s Kit for Java. \n\nFor more information:\nSA46512\n\nPlease see the vendor\u0027s advisory for a list of affected products. Please see the vendor\u0027s advisory for\ndetails. \n\nORIGINAL ADVISORY:\nhttp://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-024/index.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\nBackground\n==========\n\nIcedTea is a distribution of the Java OpenJDK source code built with\nfree build tools. In a typical operating environment, these are of low security risk as\nthe runtime is not used on untrusted applets. \n\nCVE-2011-3521\n\tThe CORBA implementation contains a deserialization\n\tvulnerability in the IIOP implementation, allowing untrusted\n\tJava code (such as applets) to elevate its privileges. \n\nCVE-2011-3544\n\tThe Java scripting engine lacks necessary security manager\n\tchecks, allowing untrusted Java code (such as applets) to\n\televate its privileges. \n\nCVE-2011-3547\n\tThe skip() method in java.io.InputStream uses a shared buffer,\n\tallowing untrusted Java code (such as applets) to access data\n\tthat is skipped by other code. \n\nCVE-2011-3548\n\tThe java.awt.AWTKeyStroke class contains a flaw which allows\n\tuntrusted Java code (such as applets) to elevate its\n\tprivileges. \n\nCVE-2011-3551\n\tThe Java2D C code contains an integer overflow which results\n\tin a heap-based buffer overflow, potentially allowing\n\tuntrusted Java code (such as applets) to elevate its\n\tprivileges. \n\nCVE-2011-3552\n\tMalicous Java code can use up an excessive amount of UDP\n\tports, leading to a denial of service. \n\nCVE-2011-3553\n\tJAX-WS enables stack traces for certain server responses by\n\tdefault, potentially leaking sensitive information. \n\nCVE-2011-3554\n\tJAR files in pack200 format are not properly checked for\n\terrors, potentially leading to arbitrary code execution when\n\tunpacking crafted pack200 files. \n\nCVE-2011-3556\n\tThe RMI Registry server lacks access restrictions on certain\n\tmethods, allowing a remote client to execute arbitary code. \n\nCVE-2011-3557\n\tThe RMI Registry server fails to properly restrict privileges\n\tof untrusted Java code, allowing RMI clients to elevate their\n\tprivileges on the RMI Registry server. \n\nCVE-2011-3560\n\tThe com.sun.net.ssl.HttpsURLConnection class does not perform\n\tproper security manager checks in the setSSLSocketFactory()\n\tmethod, allowing untrusted Java code to bypass security policy\n\trestrictions. \n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 6b18-1.8.10-0+squeeze1. \n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 6b23~pre11-1. \n\nWe recommend that you upgrade your openjdk-6 packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: java-1.6.0-sun security update\nAdvisory ID: RHSA-2011:1384-01\nProduct: Red Hat Enterprise Linux Extras\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2011-1384.html\nIssue date: 2011-10-19\nCVE Names: CVE-2011-3389 CVE-2011-3516 CVE-2011-3521 \n CVE-2011-3544 CVE-2011-3545 CVE-2011-3546 \n CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 \n CVE-2011-3550 CVE-2011-3551 CVE-2011-3552 \n CVE-2011-3553 CVE-2011-3554 CVE-2011-3555 \n CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 \n CVE-2011-3560 CVE-2011-3561 \n=====================================================================\n\n1. Summary:\n\nUpdated java-1.6.0-sun packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise\nLinux 5 and 6 Supplementary. \n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Desktop version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux AS version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux ES version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux WS version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. Further\ninformation about these flaws can be found on the Oracle Java SE Critical\nPatch page, listed in the References section. \nAll running instances of Sun Java must be restarted for the update to take\neffect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)\n745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936)\n745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600)\n745391 - CVE-2011-3551 OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640)\n745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417)\n745399 - CVE-2011-3544 OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823)\n745442 - CVE-2011-3521 OpenJDK: IIOP deserialization code execution (Deserialization, 7055902)\n745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857)\n745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466)\n745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012)\n745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773)\n745476 - CVE-2011-3553 OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794)\n745492 - CVE-2011-3558 OpenJDK: Hotspot unspecified issue (Hotspot, 7070134)\n747191 - CVE-2011-3545 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Sound)\n747198 - CVE-2011-3549 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Swing)\n747200 - CVE-2011-3550 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (AWT)\n747203 - CVE-2011-3516 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)\n747205 - CVE-2011-3546 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)\n747206 - CVE-2011-3555 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (JRE)\n747208 - CVE-2011-3561 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)\n\n6. Package List:\n\nRed Hat Enterprise Linux AS version 4 Extras:\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm\n\nRed Hat Desktop version 4 Extras:\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm\n\nRed Hat Enterprise Linux ES version 4 Extras:\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm\n\nRed Hat Enterprise Linux WS version 4 Extras:\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5):\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 5):\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6):\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3389.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3516.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3521.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3544.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3545.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3546.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3547.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3548.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3549.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3550.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3551.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3552.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3553.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3554.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3555.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3556.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3557.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3558.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3560.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3561.html\nhttps://access.redhat.com/security/updates/classification/#critical\nhttp://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2011 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFOnw+BXlSAg2UNWIIRArM2AJwNT0vxdrXLgkZjOCwP8LkDemBYzQCbBrE3\n0MJzQCB587rTzSRSo+gGytc=\n=809z\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac\nOS X 10.6 Update 6\n\nJava for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6\nare now available and address the following:\n\nJava\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nMac OS X v10.7.2, Mac OS X Server v10.7.2\nImpact: Multiple vulnerabilities in Java 1.6.0_26\nDescription: Multiple vulnerabilities exist in Java 1.6.0_26, the\nmost serious of which may allow an untrusted Java applet to execute\narbitrary code outside the Java sandbox. Visiting a web page\ncontaining a maliciously crafted untrusted Java applet may lead to\narbitrary code execution with the privileges of the current user. \nThese issues are addressed by updating to Java version 1.6.0_29. \nFurther information is available via the Java website at\nhttp://java.sun.com/javase/6/webnotes/ReleaseNotes.html\nCVE-ID\nCVE-2011-3389\nCVE-2011-3521\nCVE-2011-3544\nCVE-2011-3545\nCVE-2011-3546\nCVE-2011-3547\nCVE-2011-3548\nCVE-2011-3549\nCVE-2011-3551\nCVE-2011-3552\nCVE-2011-3553\nCVE-2011-3554\nCVE-2011-3556\nCVE-2011-3557\nCVE-2011-3558\nCVE-2011-3560\nCVE-2011-3561\n\nJava for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6\nmay be obtained from the Software Update pane in System Preferences,\nor Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nFor Mac OS X v10.6 systems\nThe download file is named: JavaForMacOSX10.6.dmg\nIts SHA-1 digest is: be0ac75b8bac967f1d39a94ebf9482a61fb7d70b\n\nFor Mac OS X v10.7 systems\nThe download file is named: JavaForMacOSX10.7.dmg\nIts SHA-1 digest is: 7768e6aeb5adaa638c74d4c04150517ed99fed20\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.16 (Darwin)\n\niQEcBAEBAgAGBQJOuZNKAAoJEGnF2JsdZQeece8H/1I98YQ1LF4iDD442zB+WjZP\n2Vxd3euXYwySD6qDCYNLJ0hUKu90c/4nr5d5rRH3xYdBzAHuZG39m069lpN1UZIW\nt5ube+j9zjiejnXlPbAgq+vIAg22nu0EdxhOOZZeQOoEYqyoKhXNCt3fR+tzo3o4\nmN/LWMO1NwrM0sGDPuUGs2TWdPZbC4QJJz4Z4S+FsTlujYh9MRd3dyxLBIg7BKCL\nwgnFdpFW8bPmVdiTj91pC0Gb3XtolQxexXGHsdI15KeFMbQ06nKV/AyvxMF8O5jS\nD089GEHE52NAQCZ0YJ6TJsisrGqTZZ77js55cPU259FogxEKKBuwfdFbn4qVeD8=\n=4KBF\n-----END PGP SIGNATURE-----\n. \n\nRelease Date: 2012-01-23\nLast Updated: 2012-01-23\n\n ------------------------------------------------------------------------------\n\nPotential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.12 or earlier\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2011-3516 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6\nCVE-2011-3521 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3544 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3545 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3546 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8\nCVE-2011-3547 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2011-3548 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3549 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3550 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6\nCVE-2011-3551 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\nCVE-2011-3552 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6\nCVE-2011-3553 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\nCVE-2011-3554 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3556 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2011-3557 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2011-3558 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2011-3560 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2011-3561 (AV:A/AC:H/Au:N/C:P/I:N/A:N) 1.8\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following Java version upgrades to resolve these vulnerabilities. This bulletin will be revised as other upgrades for additional supported Java versions become available. \nThe upgrades are available from the following location\n\nhttp://www.hp.com/go/java\n\nHP-UX B.11.11, B.11.23, B.11.31\n JDK and JRE v6.0.13 or subsequent\n\nMANUAL ACTIONS: Yes - Update\nFor Java v6.0.12 and earlier, update to Java v6.0.13 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\nHP-UX B.11.23\nHP-UX B.11.31\n===========\nJre60.JRE60-COM\nJre60.JRE60-IPF32\nJre60.JRE60-IPF32-HS\nJre60.JRE60-IPF64\nJre60.JRE60-IPF64-HS\nJre60.JRE60-PA20\nJre60.JRE60-PA20-HS\nJre60.JRE60-PA20W\nJre60.JRE60-PA20W-HS\nJdk60.JDK60-COM\nJdk60.JDK60-IPF32\nJdk60.JDK60-IPF64\nJdk60.JDK60-PA20\nJdk60.JDK60-PA20W\naction: install revision 1.6.0.13.00 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) 23 January 2012 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in the title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners", "sources": [ { "db": "NVD", "id": "CVE-2011-3521" }, { "db": "JVNDB", "id": "JVNDB-2011-002577" }, { "db": "ZDI", "id": "ZDI-11-306" }, { "db": "BID", "id": "50215" }, { "db": "VULMON", "id": "CVE-2011-3521" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "127267" }, { "db": "PACKETSTORM", "id": "123734" }, { "db": "PACKETSTORM", "id": "107455" }, { "db": "PACKETSTORM", "id": "111633" }, { "db": "PACKETSTORM", "id": "105998" }, { "db": "PACKETSTORM", "id": "106792" }, { "db": "PACKETSTORM", "id": "109072" } ], "trust": 3.42 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-3521", "trust": 4.3 }, { "db": "BID", "id": "50215", "trust": 2.0 }, { "db": "SECUNIA", "id": "48308", "trust": 1.1 }, { "db": "SECUNIA", "id": "48692", "trust": 1.1 }, { "db": "ZDI", "id": "ZDI-11-306", "trust": 1.0 }, { "db": "SECTRACK", "id": "1026215", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2011-002577", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-1253", "trust": 0.7 }, { "db": "NSFOCUS", "id": "19032", "trust": 0.6 }, { "db": "NSFOCUS", "id": "17991", "trust": 0.6 }, { "db": "NSFOCUS", "id": "19819", "trust": 0.6 }, { "db": "NSFOCUS", "id": "19096", "trust": 0.6 }, { "db": "NSFOCUS", "id": "20539", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201110-489", "trust": 0.6 }, { "db": "HITACHI", "id": "HS11-024", "trust": 0.4 }, { "db": "ICS CERT", "id": "ICSA-17-213-02", "trust": 0.3 }, { "db": "SECUNIA", "id": "46694", "trust": 0.2 }, { "db": "VULMON", "id": "CVE-2011-3521", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106640", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106747", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127267", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "123734", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "107455", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "111633", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "105998", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106792", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "109072", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-11-306" }, { "db": "VULMON", "id": "CVE-2011-3521" }, { "db": "BID", "id": "50215" }, { "db": "JVNDB", "id": "JVNDB-2011-002577" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "127267" }, { "db": "PACKETSTORM", "id": "123734" }, { "db": "PACKETSTORM", "id": "107455" }, { "db": "PACKETSTORM", "id": "111633" }, { "db": "PACKETSTORM", "id": "105998" }, { "db": "PACKETSTORM", "id": "106792" }, { "db": "PACKETSTORM", "id": "109072" }, { "db": "CNNVD", "id": "CNNVD-201110-489" }, { "db": "NVD", "id": "CVE-2011-3521" } ] }, "id": "VAR-201110-0352", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 1.0 }, "last_update_date": "2024-09-15T21:02:26.480000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Oracle Java SE Critical Patch Update Advisory - October 2011", "trust": 1.5, "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" }, { "title": "HT5045", "trust": 0.8, "url": "http://support.apple.com/kb/HT5045" }, { "title": "HS11-024", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-024/index.html" }, { "title": "RHSA-2013:1455", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2013-1455.html" }, { "title": "RHSA-2011:1384", "trust": 0.8, "url": "http://rhn.redhat.com/errata/RHSA-2011-1384.html" }, { "title": "October 2011 Critical Patch Updates Released", "trust": 0.8, "url": "http://blogs.oracle.com/security/entry/october_2011_critical_patch_updates" }, { "title": "VMSA-2012-0003", "trust": 0.8, "url": "http://www.vmware.com/jp/support/support-resources/advisories/VMSA-2012-0003.html" }, { "title": "HS11-024", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-024/index.html" }, { "title": "Red Hat: Critical: java-1.6.0-ibm security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120034 - Security Advisory" }, { "title": "Ubuntu Security Notice: openjdk-6, openjdk-6b18 regression", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1263-2" }, { "title": "Ubuntu Security Notice: icedtea-web, openjdk-6, openjdk-6b18 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1263-1" }, { "title": "Debian Security Advisories: DSA-2356-1 openjdk-6 -- several vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a48d7ee302b835c97c950b74a371fcfe" }, { "title": "Amazon Linux AMI: ALAS-2011-010", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2011-010" }, { "title": "Red Hat: Low: Red Hat Network Satellite server IBM Java Runtime security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20131455 - Security Advisory" }, { "title": "Java-Deserialization-CVEs", "trust": 0.1, "url": "https://github.com/PalindromeLabs/Java-Deserialization-CVEs " } ], "sources": [ { "db": "ZDI", "id": "ZDI-11-306" }, { "db": "VULMON", "id": "CVE-2011-3521" }, { "db": "JVNDB", "id": "JVNDB-2011-002577" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2011-3521" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.8, "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" }, { "trust": 1.8, "url": "http://www.securityfocus.com/bid/50215" }, { "trust": 1.4, "url": "http://www.ibm.com/developerworks/java/jdk/alerts/" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2013-1455.html" }, { "trust": 1.2, "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2011-1384.html" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id?1026215" }, { "trust": 1.1, "url": "http://secunia.com/advisories/48692" }, { "trust": 1.1, "url": "http://www.ubuntu.com/usn/usn-1263-1" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2" }, { "trust": 1.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70850" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a13662" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2" }, { "trust": 1.1, "url": "http://secunia.com/advisories/48308" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3521" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3521" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3521" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3554" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3389" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3548" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3547" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3556" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3560" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3552" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3557" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/17991" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/19096" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/19032" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/19819" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/20539" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3549" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3553" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3551" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3545" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3544" }, { "trust": 0.4, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs11-024/index.html" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3546" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3561" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-213-02" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100151219" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100150852" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100154049" }, { "trust": 0.3, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03358587" }, { "trust": 0.3, "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?docid=emr_na-c03909126-1\u0026ac.admitted=1378134276525.876444892.492883150" }, { "trust": 0.3, "url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03266681\u0026ac.admitted=1333452464452.876444892.492883150" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21609004" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21609022" }, { "trust": 0.3, "url": "http://lists.vmware.com/pipermail/security-announce/2012/000162.html" }, { "trust": 0.3, "url": "http://www.vmware.com/security/advisories/vmsa-2012-0005.html" }, { "trust": 0.3, "url": "http://www.xerox.com/download/security/security-bulletin/1284333-14afb-4baadb5bccb00/cert_xrx12-002_v1.1.pdf" }, { "trust": 0.3, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-306/" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3516" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3550" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3558" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3574" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3548" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3565" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0864" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3553" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3557" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4450" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0865" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4471" }, { "trust": 0.2, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3557" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3562" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3567" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4476" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3554" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0862" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3568" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3561" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4467" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3567" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4465" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4472" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3556" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3568" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3548" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3541" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3566" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3549" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3562" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3573" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3552" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4469" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4448" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3521" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3569" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0871" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0815" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3554" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3569" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3573" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3548" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3541" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3549" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3565" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0872" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3554" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3574" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4470" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3553" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3551" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3544" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3547" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3560" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0869" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3566" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3551" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3553" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3558" }, { "trust": 0.2, "url": "http://security.gentoo.org/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3561" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0868" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3389" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3551" }, { "trust": 0.2, "url": "https://bugs.gentoo.org." }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3557" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3548.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3556.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3551.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3389.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3561.html" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3552.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3547.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3554.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3549.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3516.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3521.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3553.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3545.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3544.html" }, { "trust": 0.2, "url": "http://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3560.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3557.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3546.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3550.html" }, { "trust": 0.2, "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.2, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.2, "url": "http://www.hp.com/go/java" }, { "trust": 0.2, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430" }, { "trust": 0.2, "url": "https://www.hp.com/go/swa" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2012:0034" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/1263-2/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4474" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0814" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3563" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3570" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4451" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3516" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3550" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3550" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3556" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3550" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4447" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3549" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3563" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4466" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0863" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3556" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4462" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3546" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3559" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4475" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3559" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3552" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3552" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4422" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0867" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4468" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4463" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3560" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3570" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3545" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4452" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0802" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4422" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4473" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201111-02.xml" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0873" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4454" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46694/#comments" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/products/corporate/vim/ovum_2011_request/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46694" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46694/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4470" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3423" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2469" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2443" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1717" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2412" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1716" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0505" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1518" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2419" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2414" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3829" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5829" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5804" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1485" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5806" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5087" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2422" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5075" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2426" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4002" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5084" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1711" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1478" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2461" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5820" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5979" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6954" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2470" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0547" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4540" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0429" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0441" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2451" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2459" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5823" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2421" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0870" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2460" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1713" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0706" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0434" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5784" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5830" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5800" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2456" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5803" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5086" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0425" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2383" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2423" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2447" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2452" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2445" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5778" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5780" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5073" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1493" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2446" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5069" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-5035" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1500" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0426" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0457" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5850" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2783" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0451" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0459" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2423" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1876" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2384" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0431" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1557" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0458" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2453" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0401" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5085" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2407" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2421" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3564" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2429" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4465" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2403" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5068" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5071" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2398" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0432" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0444" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1475" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0497" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5774" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5782" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4469" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1725" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5790" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5805" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3564" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5802" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5849" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1719" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0461" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0442" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2448" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2458" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0427" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2427" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5825" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0506" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1484" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2430" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2415" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3216" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0429" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1718" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5772" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3860" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3422" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0433" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5074" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2454" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2444" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5072" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2436" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4416" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0822" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1537" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2449" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0503" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0025" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2457" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1476" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0169" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0424" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3563" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0809" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5077" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0435" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0456" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1723" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1726" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1571" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4467" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0460" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5081" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5840" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5851" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2465" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2431" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2473" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6629" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5783" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4448" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2783" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2463" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2412" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5809" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1480" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4351" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2420" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0501" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0428" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2417" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2471" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2424" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5076" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5842" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2397" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0452" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1569" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1724" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5797" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5070" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1486" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2472" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0446" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0453" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3860" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1488" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0502" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0440" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0443" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5814" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5817" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4351" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2455" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5089" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2468.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0873.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1540.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1476.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2463.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2446.html" }, { "trust": 0.1, "url": "https://access.redhat.com/site/articles/11258" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1500.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0428.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1480.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2419.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3563.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0401.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2444.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0425.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2454.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5089.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1722.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5079.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0497.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0500.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0419.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2422.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1721.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5081.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0409.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5071.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0863.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0423.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1532.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3216.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5069.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0499.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0862" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0867.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5084.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0443.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0507.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2451.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0809.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1487.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0351.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0814.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-4820.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0503.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0427.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0433.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1493.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1569.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5073.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-4823.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2435.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2456.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-3743.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#low" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2407.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0871.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2470.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5068.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1541.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0868.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-4822.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0873" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3159.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1557.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5075.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2471.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2429.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2443.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1713.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3213.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0441.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2457.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2412.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5072.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1718.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0432.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0446.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1481.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1537.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1717.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1531.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2432.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2447.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0802.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2452.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0865.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0450.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1491.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2464.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0862.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1571.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2383.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2418.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1473.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0547.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1563.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2465.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2472.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2466.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2424.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2453.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0867" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2473.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2433.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2437.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1716.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0506.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5083.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0501.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1533.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3342.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0869" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0426.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2450.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3143.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0440.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1725.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0865" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0502.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2417.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0445.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2394.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2455.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0498.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1682.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2442.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2459.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2430.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0442.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0551.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0424.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0869.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2448.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0863" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1719.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1486.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-5035.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2384.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0169.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0505.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2469.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0438.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0871" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0868" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1478.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0435.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0434.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0802" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0814" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2420.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2440.html" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "http://www.debian.org/security/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0507" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0503" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3563" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0499" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0501" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0498" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0502" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0505" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0506" }, { "trust": 0.1, "url": "https://access.redhat.com/kb/docs/doc-11259" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3555" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2011-1384.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3558.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3555.html" }, { "trust": 0.1, "url": "http://support.apple.com/kb/ht1222" }, { "trust": 0.1, "url": "http://www.apple.com/support/downloads/" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "http://java.sun.com/javase/6/webnotes/releasenotes.html" } ], "sources": [ { "db": "ZDI", "id": "ZDI-11-306" }, { "db": "VULMON", "id": "CVE-2011-3521" }, { "db": "BID", "id": "50215" }, { "db": "JVNDB", "id": "JVNDB-2011-002577" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "127267" }, { "db": "PACKETSTORM", "id": "123734" }, { "db": "PACKETSTORM", "id": "107455" }, { "db": "PACKETSTORM", "id": "111633" }, { "db": "PACKETSTORM", "id": "105998" }, { "db": "PACKETSTORM", "id": "106792" }, { "db": "PACKETSTORM", "id": "109072" }, { "db": "CNNVD", "id": "CNNVD-201110-489" }, { "db": "NVD", "id": "CVE-2011-3521" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-11-306" }, { "db": "VULMON", "id": "CVE-2011-3521" }, { "db": "BID", "id": "50215" }, { "db": "JVNDB", "id": "JVNDB-2011-002577" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "127267" }, { "db": "PACKETSTORM", "id": "123734" }, { "db": "PACKETSTORM", "id": "107455" }, { "db": "PACKETSTORM", "id": "111633" }, { "db": "PACKETSTORM", "id": "105998" }, { "db": "PACKETSTORM", "id": "106792" }, { "db": "PACKETSTORM", "id": "109072" }, { "db": "CNNVD", "id": "CNNVD-201110-489" }, { "db": "NVD", "id": "CVE-2011-3521" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-10-26T00:00:00", "db": "ZDI", "id": "ZDI-11-306" }, { "date": "2011-10-19T00:00:00", "db": "VULMON", "id": "CVE-2011-3521" }, { "date": "2011-10-18T00:00:00", "db": "BID", "id": "50215" }, { "date": "2011-10-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-002577" }, { "date": "2011-11-06T01:01:42", "db": "PACKETSTORM", "id": "106640" }, { "date": "2011-11-08T04:55:18", "db": "PACKETSTORM", "id": "106747" }, { "date": "2014-06-30T23:39:28", "db": "PACKETSTORM", "id": "127267" }, { "date": "2013-10-23T22:57:57", "db": "PACKETSTORM", "id": "123734" }, { "date": "2011-12-01T21:42:10", "db": "PACKETSTORM", "id": "107455" }, { "date": "2012-04-06T02:42:03", "db": "PACKETSTORM", "id": "111633" }, { "date": "2011-10-19T22:54:10", "db": "PACKETSTORM", "id": "105998" }, { "date": "2011-11-09T18:31:22", "db": "PACKETSTORM", "id": "106792" }, { "date": "2012-01-25T16:35:02", "db": "PACKETSTORM", "id": "109072" }, { "date": "1900-01-01T00:00:00", "db": "CNNVD", "id": "CNNVD-201110-489" }, { "date": "2011-10-19T21:55:01.050000", "db": "NVD", "id": "CVE-2011-3521" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-10-26T00:00:00", "db": "ZDI", "id": "ZDI-11-306" }, { "date": "2018-01-06T00:00:00", "db": "VULMON", "id": "CVE-2011-3521" }, { "date": "2017-08-02T18:09:00", "db": "BID", "id": "50215" }, { "date": "2015-08-11T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-002577" }, { "date": "2011-10-20T00:00:00", "db": "CNNVD", "id": "CNNVD-201110-489" }, { "date": "2018-01-06T02:29:19.317000", "db": "NVD", "id": "CVE-2011-3521" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "111633" }, { "db": "PACKETSTORM", "id": "109072" }, { "db": "CNNVD", "id": "CNNVD-201110-489" } ], "trust": 0.8 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Oracle Java SE of Java Runtime Environment (JRE) Component vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-002577" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-201110-489" } ], "trust": 0.6 } }
var-201109-0130
Vulnerability from variot
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. A vulnerability in the specification of the SSL 3.0 and TLS 1.0 protocols could allow an attacker to decrypt encrypted traffic. SSL Protocol and TLS The protocol includes CBC There are vulnerabilities that are subject to selective plaintext attacks in mode. SSL Protocol and TLS Protocol is CBC Initialization vector when operating in mode (IV) There is a problem in the determination method, and there is a vulnerability that is subject to selective plaintext attacks. Attack methods using this vulnerability have been released.Encrypted communication is a man-in-the-middle attack (man-in-the-middle attack) If they are intercepted by you, their content may be decrypted. This will result in a false sense of security, and potentially result in the disclosure of sensitive information. ----------------------------------------------------------------------
SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs:
http://secunia.com/resources/events/sc_2011/
TITLE: IBM Lotus Domino SSL/TLS Initialization Vector Selection Weakness
SECUNIA ADVISORY ID: SA46791
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46791/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46791
RELEASE DATE: 2011-11-11
DISCUSS ADVISORY: http://secunia.com/advisories/46791/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46791/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46791
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A weakness has been reported in IBM Lotus Domino, which can be exploited by malicious people to disclose potentially sensitive information and hijack a user's session.
For more information: SA46168
The vulnerability is reported in versions 8.0, 8.5, 8.5.1, 8.5.2, and 8.5.3.
SOLUTION: As a workaround enable RC4 encryption (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY: Thai Duong and Juliano Rizzo
ORIGINAL ADVISORY: IBM: http://www.ibm.com/support/docview.wss?uid=swg21568229
IBM ISS X-Force: http://xforce.iss.net/xforce/xfdb/70069
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
.
A flaw was found in the way the Python SimpleHTTPServer module generated directory listings. An attacker able to upload a file with a specially-crafted name to a server could possibly perform a cross-site scripting (XSS) attack against victims visiting a listing page generated by SimpleHTTPServer, for a directory containing the crafted file (if the victims were using certain web browsers) (CVE-2011-4940).
A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. If a local user had access to the home directory of another user who is running distutils, they could use this flaw to gain access to that user's .pypirc file, which can contain usernames and passwords for code repositories (CVE-2011-4944).
A flaw was found in the way the Python SimpleXMLRPCServer module handled clients disconnecting prematurely. A remote attacker could use this flaw to cause excessive CPU consumption on a server using SimpleXMLRPCServer (CVE-2012-0845).
Hash table collisions CPU usage DoS for the embedded copy of expat (CVE-2012-0876).
A denial of service flaw was found in the implementation of associative arrays (dictionaries) in Python. An attacker able to supply a large number of inputs to a Python application (such as HTTP POST request parameters sent to a web application) that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions (CVE-2012-1150).
The updated packages have been patched to correct these issues. The verification of md5 checksums and GPG signatures is performed automatically for you.
CVE-2011-3521 The CORBA implementation contains a deserialization vulnerability in the IIOP implementation, allowing untrusted Java code (such as applets) to elevate its privileges.
CVE-2011-3544 The Java scripting engine lacks necessary security manager checks, allowing untrusted Java code (such as applets) to elevate its privileges.
CVE-2011-3547 The skip() method in java.io.InputStream uses a shared buffer, allowing untrusted Java code (such as applets) to access data that is skipped by other code.
CVE-2011-3548 The java.awt.AWTKeyStroke class contains a flaw which allows untrusted Java code (such as applets) to elevate its privileges.
CVE-2011-3551 The Java2D C code contains an integer overflow which results in a heap-based buffer overflow, potentially allowing untrusted Java code (such as applets) to elevate its privileges.
CVE-2011-3552 Malicous Java code can use up an excessive amount of UDP ports, leading to a denial of service.
CVE-2011-3553 JAX-WS enables stack traces for certain server responses by default, potentially leaking sensitive information.
CVE-2011-3554 JAR files in pack200 format are not properly checked for errors, potentially leading to arbitrary code execution when unpacking crafted pack200 files.
CVE-2011-3556 The RMI Registry server lacks access restrictions on certain methods, allowing a remote client to execute arbitary code.
CVE-2011-3557 The RMI Registry server fails to properly restrict privileges of untrusted Java code, allowing RMI clients to elevate their privileges on the RMI Registry server.
CVE-2011-3560 The com.sun.net.ssl.HttpsURLConnection class does not perform proper security manager checks in the setSSLSocketFactory() method, allowing untrusted Java code to bypass security policy restrictions.
For the stable distribution (squeeze), this problem has been fixed in version 6b18-1.8.10-0+squeeze1.
For the testing distribution (wheezy) and the unstable distribution (sid), this problem has been fixed in version 6b23~pre11-1.
Details:
\x95Multiple Vulnerabilities affecting the VPLEX Web GUI. Please refer to the NVD website (http://web.nvd.nist.gov/) for more details on the below CVEs
Path Traversal vulnerability in VPLEX GUI \x96 CVE-2014-0632 CVSS v2 Base Score: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
VPLEX GUI Session Timeout validity vulnerability \x96 CVE-2014-0633 CVSS v2 Base Score: 7.7 (AV:A/AC:L/Au:S/C:C/I:C/A:C)
Missing HttpOnly attribute vulnerability \x96 CVE-2014-0634 CVSS v2 Base Score: 6 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
Session Fixation vulnerability \x96 CVE-2014-0635 CVSS v2 Base Score: 7.5 (AV:N/AC:M/Au:S/C:C/I:P/A:P)
BEAST Attack \x96 CVE-2011-3389 CVSS v2 Base Score: See NVD advisory for the CVSS score.
\x95Multiple Embedded Component Vulnerabilities
Multiple vulnerabilities in the following embedded components of the SLES Operating System have been fixed: Kernel: CVE-2011-1044, CVE-2011-4110, CVE-2012-2136 perl: CVE-2002-2443 krb5: CVE-2013-1667 bind packages: CVE-2012-5166 CVSS v2 Base Score: See NVD advisory for the individual CVSS scores.
Remote Information Disclosure vulnerability in OpenSSH - CVE-2012-0814 CVSS v2 Base Score: See NVD advisory for the CVSS score.
Multiple vulnerabilities in Oracle Java and Apache Tomcat: This release also contains critical security updates for Oracle Java and Apache Tomcat. Oracle Java has been upgraded to 1.6.0_45 and Apache tomcat has been upgraded to 6.0.36. Please refer the following links for more information: Java: http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html Tomcat: https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.36 CVSS v2 Base Score: See vendor advisory for the individual CVSS scores.
Resolution:
EMC recommends all customers to upgrade to VPLEX GeoSynchrony version 5.3 at their earliest opportunity.
Link to remedies:
Customers can download the software from Support Zone.
Read and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-877-534-2867. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201301-01
http://security.gentoo.org/
Severity: High Title: Mozilla Products: Multiple vulnerabilities Date: January 08, 2013 Bugs: #180159, #181361, #207261, #238535, #246602, #251322, #255221, #255234, #255687, #257577, #260062, #261386, #262704, #267234, #273918, #277752, #280226, #280234, #280393, #282549, #284439, #286721, #290892, #292034, #297532, #305689, #307045, #311021, #312361, #312645, #312651, #312675, #312679, #312763, #313003, #324735, #326341, #329279, #336396, #341821, #342847, #348316, #357057, #360055, #360315, #365323, #373595, #379549, #381245, #388045, #390771, #395431, #401701, #403183, #404437, #408161, #413657, #419917, #427224, #433383, #437780, #439586, #439960, #444318 ID: 201301-01
Synopsis
Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation.
Background
Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the 'Mozilla Application Suite'. XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XPCOM applications such as Firefox and Thunderbird. NSS is Mozilla's Network Security Services library that implements PKI support. IceCat is the GNU version of Firefox.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/firefox < 10.0.11 >= 10.0.11 2 www-client/firefox-bin < 10.0.11 >= 10.0.11 3 mail-client/thunderbird < 10.0.11 >= 10.0.11 4 mail-client/thunderbird-bin < 10.0.11 >= 10.0.11 5 www-client/seamonkey < 2.14-r1 >= 2.14-r1 6 www-client/seamonkey-bin < 2.14 >= 2.14 7 dev-libs/nss < 3.14 >= 3.14 8 www-client/mozilla-firefox <= 3.6.8 Vulnerable! 9 www-client/mozilla-firefox-bin <= 3.5.6 Vulnerable! 10 mail-client/mozilla-thunderbird <= 3.0.4-r1 Vulnerable! 11 mail-client/mozilla-thunderbird-bin <= 3.0 Vulnerable! 12 www-client/icecat <= 10.0-r1 Vulnerable! 13 net-libs/xulrunner <= 2.0-r1 Vulnerable! 14 net-libs/xulrunner-bin <= 1.8.1.19 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 14 affected packages
Description
Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner.
Impact
A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL's for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser's font, conduct clickjacking attacks, or have other unspecified impact.
A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file.
Workaround
There is no known workaround at this time.
Resolution
All Mozilla Firefox users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-10.0.11"
All users of the Mozilla Firefox binary package should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-10.0.11"=
All Mozilla Thunderbird users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=mail-client/thunderbird-10.0.11"
All users of the Mozilla Thunderbird binary package should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-10.0.11"
All Mozilla SeaMonkey users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.14-r1"
All users of the Mozilla SeaMonkey binary package should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-2.14"
All NSS users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.14"
The "www-client/mozilla-firefox" package has been merged into the "www-client/firefox" package. To upgrade, please unmerge "www-client/mozilla-firefox" and then emerge the latest "www-client/firefox" package:
# emerge --sync # emerge --unmerge "www-client/mozilla-firefox" # emerge --ask --oneshot --verbose ">=www-client/firefox-10.0.11"
The "www-client/mozilla-firefox-bin" package has been merged into the "www-client/firefox-bin" package. To upgrade, please unmerge "www-client/mozilla-firefox-bin" and then emerge the latest "www-client/firefox-bin" package:
# emerge --sync # emerge --unmerge "www-client/mozilla-firefox-bin" # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-10.0.11"=
The "mail-client/mozilla-thunderbird" package has been merged into the "mail-client/thunderbird" package. To upgrade, please unmerge "mail-client/mozilla-thunderbird" and then emerge the latest "mail-client/thunderbird" package:
# emerge --sync # emerge --unmerge "mail-client/mozilla-thunderbird" # emerge --ask --oneshot -v ">=mail-client/thunderbird-10.0.11"
The "mail-client/mozilla-thunderbird-bin" package has been merged into the "mail-client/thunderbird-bin" package. To upgrade, please unmerge "mail-client/mozilla-thunderbird-bin" and then emerge the latest "mail-client/thunderbird-bin" package:
# emerge --sync # emerge --unmerge "mail-client/mozilla-thunderbird-bin" # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-10.0.11"
Gentoo discontinued support for GNU IceCat. We recommend that users unmerge GNU IceCat:
# emerge --unmerge "www-client/icecat"
Gentoo discontinued support for XULRunner. We recommend that users unmerge XULRunner:
# emerge --unmerge "net-libs/xulrunner"
Gentoo discontinued support for the XULRunner binary package. We recommend that users unmerge XULRunner:
# emerge --unmerge "net-libs/xulrunner-bin"
References
[ 1 ] CVE-2011-3101 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3101 [ 2 ] CVE-2007-2436 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2436 [ 3 ] CVE-2007-2437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2437 [ 4 ] CVE-2007-2671 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2671 [ 5 ] CVE-2007-3073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3073 [ 6 ] CVE-2008-0016 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0016 [ 7 ] CVE-2008-0017 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0017 [ 8 ] CVE-2008-0367 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0367 [ 9 ] CVE-2008-3835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3835 [ 10 ] CVE-2008-3836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3836 [ 11 ] CVE-2008-3837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3837 [ 12 ] CVE-2008-4058 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4058 [ 13 ] CVE-2008-4059 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4059 [ 14 ] CVE-2008-4060 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4060 [ 15 ] CVE-2008-4061 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4061 [ 16 ] CVE-2008-4062 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4062 [ 17 ] CVE-2008-4063 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4063 [ 18 ] CVE-2008-4064 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4064 [ 19 ] CVE-2008-4065 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4065 [ 20 ] CVE-2008-4066 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4066 [ 21 ] CVE-2008-4067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4067 [ 22 ] CVE-2008-4068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4068 [ 23 ] CVE-2008-4069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4069 [ 24 ] CVE-2008-4070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4070 [ 25 ] CVE-2008-4582 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4582 [ 26 ] CVE-2008-5012 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5012 [ 27 ] CVE-2008-5013 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5013 [ 28 ] CVE-2008-5014 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5014 [ 29 ] CVE-2008-5015 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5015 [ 30 ] CVE-2008-5016 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5016 [ 31 ] CVE-2008-5017 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5017 [ 32 ] CVE-2008-5018 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5018 [ 33 ] CVE-2008-5019 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5019 [ 34 ] CVE-2008-5021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5021 [ 35 ] CVE-2008-5022 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5022 [ 36 ] CVE-2008-5023 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5023 [ 37 ] CVE-2008-5024 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5024 [ 38 ] CVE-2008-5052 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5052 [ 39 ] CVE-2008-5500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5500 [ 40 ] CVE-2008-5501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5501 [ 41 ] CVE-2008-5502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5502 [ 42 ] CVE-2008-5503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5503 [ 43 ] CVE-2008-5504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5504 [ 44 ] CVE-2008-5505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5505 [ 45 ] CVE-2008-5506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5506 [ 46 ] CVE-2008-5507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5507 [ 47 ] CVE-2008-5508 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5508 [ 48 ] CVE-2008-5510 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5510 [ 49 ] CVE-2008-5511 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5511 [ 50 ] CVE-2008-5512 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5512 [ 51 ] CVE-2008-5513 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5513 [ 52 ] CVE-2008-5822 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5822 [ 53 ] CVE-2008-5913 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5913 [ 54 ] CVE-2008-6961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6961 [ 55 ] CVE-2009-0071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0071 [ 56 ] CVE-2009-0071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0071 [ 57 ] CVE-2009-0352 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0352 [ 58 ] CVE-2009-0353 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0353 [ 59 ] CVE-2009-0354 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0354 [ 60 ] CVE-2009-0355 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0355 [ 61 ] CVE-2009-0356 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0356 [ 62 ] CVE-2009-0357 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0357 [ 63 ] CVE-2009-0358 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0358 [ 64 ] CVE-2009-0652 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0652 [ 65 ] CVE-2009-0771 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0771 [ 66 ] CVE-2009-0772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0772 [ 67 ] CVE-2009-0773 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0773 [ 68 ] CVE-2009-0774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0774 [ 69 ] CVE-2009-0775 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0775 [ 70 ] CVE-2009-0776 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0776 [ 71 ] CVE-2009-0777 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0777 [ 72 ] CVE-2009-1044 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1044 [ 73 ] CVE-2009-1169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1169 [ 74 ] CVE-2009-1302 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1302 [ 75 ] CVE-2009-1303 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1303 [ 76 ] CVE-2009-1304 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1304 [ 77 ] CVE-2009-1305 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1305 [ 78 ] CVE-2009-1306 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1306 [ 79 ] CVE-2009-1307 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1307 [ 80 ] CVE-2009-1308 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1308 [ 81 ] CVE-2009-1309 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1309 [ 82 ] CVE-2009-1310 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1310 [ 83 ] CVE-2009-1311 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1311 [ 84 ] CVE-2009-1312 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1312 [ 85 ] CVE-2009-1313 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1313 [ 86 ] CVE-2009-1392 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1392 [ 87 ] CVE-2009-1563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1563 [ 88 ] CVE-2009-1571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1571 [ 89 ] CVE-2009-1828 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1828 [ 90 ] CVE-2009-1832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1832 [ 91 ] CVE-2009-1833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1833 [ 92 ] CVE-2009-1834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1834 [ 93 ] CVE-2009-1835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1835 [ 94 ] CVE-2009-1836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1836 [ 95 ] CVE-2009-1837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1837 [ 96 ] CVE-2009-1838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1838 [ 97 ] CVE-2009-1839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1839 [ 98 ] CVE-2009-1840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1840 [ 99 ] CVE-2009-1841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1841 [ 100 ] CVE-2009-2043 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2043 [ 101 ] CVE-2009-2044 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2044 [ 102 ] CVE-2009-2061 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2061 [ 103 ] CVE-2009-2065 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2065 [ 104 ] CVE-2009-2210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2210 [ 105 ] CVE-2009-2404 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2404 [ 106 ] CVE-2009-2408 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2408 [ 107 ] CVE-2009-2462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2462 [ 108 ] CVE-2009-2463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2463 [ 109 ] CVE-2009-2464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2464 [ 110 ] CVE-2009-2465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2465 [ 111 ] CVE-2009-2466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2466 [ 112 ] CVE-2009-2467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2467 [ 113 ] CVE-2009-2469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2469 [ 114 ] CVE-2009-2470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2470 [ 115 ] CVE-2009-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2471 [ 116 ] CVE-2009-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2472 [ 117 ] CVE-2009-2477 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2477 [ 118 ] CVE-2009-2478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2478 [ 119 ] CVE-2009-2479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2479 [ 120 ] CVE-2009-2535 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2535 [ 121 ] CVE-2009-2654 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2654 [ 122 ] CVE-2009-2662 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2662 [ 123 ] CVE-2009-2664 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2664 [ 124 ] CVE-2009-2665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2665 [ 125 ] CVE-2009-3069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3069 [ 126 ] CVE-2009-3070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3070 [ 127 ] CVE-2009-3071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3071 [ 128 ] CVE-2009-3072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3072 [ 129 ] CVE-2009-3074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3074 [ 130 ] CVE-2009-3075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3075 [ 131 ] CVE-2009-3076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3076 [ 132 ] CVE-2009-3077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3077 [ 133 ] CVE-2009-3078 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3078 [ 134 ] CVE-2009-3079 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3079 [ 135 ] CVE-2009-3274 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3274 [ 136 ] CVE-2009-3371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3371 [ 137 ] CVE-2009-3372 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3372 [ 138 ] CVE-2009-3373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3373 [ 139 ] CVE-2009-3374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3374 [ 140 ] CVE-2009-3375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3375 [ 141 ] CVE-2009-3376 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3376 [ 142 ] CVE-2009-3377 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3377 [ 143 ] CVE-2009-3378 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3378 [ 144 ] CVE-2009-3379 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3379 [ 145 ] CVE-2009-3380 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3380 [ 146 ] CVE-2009-3381 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3381 [ 147 ] CVE-2009-3382 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3382 [ 148 ] CVE-2009-3383 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3383 [ 149 ] CVE-2009-3388 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3388 [ 150 ] CVE-2009-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3389 [ 151 ] CVE-2009-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555 [ 152 ] CVE-2009-3978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3978 [ 153 ] CVE-2009-3979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3979 [ 154 ] CVE-2009-3980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3980 [ 155 ] CVE-2009-3981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3981 [ 156 ] CVE-2009-3982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3982 [ 157 ] CVE-2009-3983 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3983 [ 158 ] CVE-2009-3984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3984 [ 159 ] CVE-2009-3985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3985 [ 160 ] CVE-2009-3986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3986 [ 161 ] CVE-2009-3987 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3987 [ 162 ] CVE-2009-3988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3988 [ 163 ] CVE-2010-0159 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0159 [ 164 ] CVE-2010-0160 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0160 [ 165 ] CVE-2010-0162 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0162 [ 166 ] CVE-2010-0163 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0163 [ 167 ] CVE-2010-0164 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0164 [ 168 ] CVE-2010-0165 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0165 [ 169 ] CVE-2010-0166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0166 [ 170 ] CVE-2010-0167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0167 [ 171 ] CVE-2010-0167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0167 [ 172 ] CVE-2010-0168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0168 [ 173 ] CVE-2010-0169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0169 [ 174 ] CVE-2010-0169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0169 [ 175 ] CVE-2010-0170 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0170 [ 176 ] CVE-2010-0171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0171 [ 177 ] CVE-2010-0171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0171 [ 178 ] CVE-2010-0172 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0172 [ 179 ] CVE-2010-0173 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0173 [ 180 ] CVE-2010-0174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0174 [ 181 ] CVE-2010-0174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0174 [ 182 ] CVE-2010-0175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0175 [ 183 ] CVE-2010-0175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0175 [ 184 ] CVE-2010-0176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0176 [ 185 ] CVE-2010-0176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0176 [ 186 ] CVE-2010-0177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0177 [ 187 ] CVE-2010-0178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0178 [ 188 ] CVE-2010-0179 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0179 [ 189 ] CVE-2010-0181 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0181 [ 190 ] CVE-2010-0182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0182 [ 191 ] CVE-2010-0183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0183 [ 192 ] CVE-2010-0220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0220 [ 193 ] CVE-2010-0648 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0648 [ 194 ] CVE-2010-0654 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0654 [ 195 ] CVE-2010-1028 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1028 [ 196 ] CVE-2010-1121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1121 [ 197 ] CVE-2010-1125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1125 [ 198 ] CVE-2010-1196 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1196 [ 199 ] CVE-2010-1197 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1197 [ 200 ] CVE-2010-1198 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1198 [ 201 ] CVE-2010-1199 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1199 [ 202 ] CVE-2010-1200 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1200 [ 203 ] CVE-2010-1201 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1201 [ 204 ] CVE-2010-1202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1202 [ 205 ] CVE-2010-1203 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1203 [ 206 ] CVE-2010-1205 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1205 [ 207 ] CVE-2010-1206 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1206 [ 208 ] CVE-2010-1207 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1207 [ 209 ] CVE-2010-1208 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1208 [ 210 ] CVE-2010-1209 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1209 [ 211 ] CVE-2010-1210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1210 [ 212 ] CVE-2010-1211 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1211 [ 213 ] CVE-2010-1212 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1212 [ 214 ] CVE-2010-1213 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1213 [ 215 ] CVE-2010-1214 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1214 [ 216 ] CVE-2010-1215 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1215 [ 217 ] CVE-2010-1585 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1585 [ 218 ] CVE-2010-2751 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2751 [ 219 ] CVE-2010-2752 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2752 [ 220 ] CVE-2010-2753 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2753 [ 221 ] CVE-2010-2754 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2754 [ 222 ] CVE-2010-2755 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2755 [ 223 ] CVE-2010-2760 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2760 [ 224 ] CVE-2010-2762 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2762 [ 225 ] CVE-2010-2763 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2763 [ 226 ] CVE-2010-2764 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2764 [ 227 ] CVE-2010-2765 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2765 [ 228 ] CVE-2010-2766 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2766 [ 229 ] CVE-2010-2767 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2767 [ 230 ] CVE-2010-2768 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2768 [ 231 ] CVE-2010-2769 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2769 [ 232 ] CVE-2010-2770 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2770 [ 233 ] CVE-2010-3131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3131 [ 234 ] CVE-2010-3166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3166 [ 235 ] CVE-2010-3167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3167 [ 236 ] CVE-2010-3168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3168 [ 237 ] CVE-2010-3169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3169 [ 238 ] CVE-2010-3170 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3170 [ 239 ] CVE-2010-3171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3171 [ 240 ] CVE-2010-3173 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3173 [ 241 ] CVE-2010-3174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3174 [ 242 ] CVE-2010-3175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3175 [ 243 ] CVE-2010-3176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3176 [ 244 ] CVE-2010-3177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3177 [ 245 ] CVE-2010-3178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3178 [ 246 ] CVE-2010-3179 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3179 [ 247 ] CVE-2010-3180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3180 [ 248 ] CVE-2010-3182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3182 [ 249 ] CVE-2010-3183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3183 [ 250 ] CVE-2010-3399 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3399 [ 251 ] CVE-2010-3400 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3400 [ 252 ] CVE-2010-3765 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3765 [ 253 ] CVE-2010-3766 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3766 [ 254 ] CVE-2010-3767 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3767 [ 255 ] CVE-2010-3768 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3768 [ 256 ] CVE-2010-3769 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3769 [ 257 ] CVE-2010-3770 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3770 [ 258 ] CVE-2010-3771 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3771 [ 259 ] CVE-2010-3772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3772 [ 260 ] CVE-2010-3773 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3773 [ 261 ] CVE-2010-3774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3774 [ 262 ] CVE-2010-3775 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3775 [ 263 ] CVE-2010-3776 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3776 [ 264 ] CVE-2010-3777 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3777 [ 265 ] CVE-2010-3778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3778 [ 266 ] CVE-2010-4508 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4508 [ 267 ] CVE-2010-5074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5074 [ 268 ] CVE-2011-0051 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0051 [ 269 ] CVE-2011-0053 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0053 [ 270 ] CVE-2011-0054 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0054 [ 271 ] CVE-2011-0055 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0055 [ 272 ] CVE-2011-0056 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0056 [ 273 ] CVE-2011-0057 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0057 [ 274 ] CVE-2011-0058 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0058 [ 275 ] CVE-2011-0059 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0059 [ 276 ] CVE-2011-0061 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0061 [ 277 ] CVE-2011-0062 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0062 [ 278 ] CVE-2011-0065 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0065 [ 279 ] CVE-2011-0066 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0066 [ 280 ] CVE-2011-0067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0067 [ 281 ] CVE-2011-0068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0068 [ 282 ] CVE-2011-0069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0069 [ 283 ] CVE-2011-0070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0070 [ 284 ] CVE-2011-0071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0071 [ 285 ] CVE-2011-0072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0072 [ 286 ] CVE-2011-0073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0073 [ 287 ] CVE-2011-0074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0074 [ 288 ] CVE-2011-0075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0075 [ 289 ] CVE-2011-0076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0076 [ 290 ] CVE-2011-0077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0077 [ 291 ] CVE-2011-0078 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0078 [ 292 ] CVE-2011-0079 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0079 [ 293 ] CVE-2011-0080 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0080 [ 294 ] CVE-2011-0081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0081 [ 295 ] CVE-2011-0082 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0082 [ 296 ] CVE-2011-0083 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0083 [ 297 ] CVE-2011-0084 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0084 [ 298 ] CVE-2011-0085 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0085 [ 299 ] CVE-2011-1187 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1187 [ 300 ] CVE-2011-1202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1202 [ 301 ] CVE-2011-1712 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1712 [ 302 ] CVE-2011-2362 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2362 [ 303 ] CVE-2011-2363 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2363 [ 304 ] CVE-2011-2364 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2364 [ 305 ] CVE-2011-2365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2365 [ 306 ] CVE-2011-2369 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2369 [ 307 ] CVE-2011-2370 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2370 [ 308 ] CVE-2011-2371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2371 [ 309 ] CVE-2011-2372 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2372 [ 310 ] CVE-2011-2373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2373 [ 311 ] CVE-2011-2374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2374 [ 312 ] CVE-2011-2375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2375 [ 313 ] CVE-2011-2376 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2376 [ 314 ] CVE-2011-2377 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2377 [ 315 ] CVE-2011-2378 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2378 [ 316 ] CVE-2011-2605 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2605 [ 317 ] CVE-2011-2980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2980 [ 318 ] CVE-2011-2981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2981 [ 319 ] CVE-2011-2982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2982 [ 320 ] CVE-2011-2983 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2983 [ 321 ] CVE-2011-2984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2984 [ 322 ] CVE-2011-2985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2985 [ 323 ] CVE-2011-2986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2986 [ 324 ] CVE-2011-2987 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2987 [ 325 ] CVE-2011-2988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2988 [ 326 ] CVE-2011-2989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2989 [ 327 ] CVE-2011-2990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2990 [ 328 ] CVE-2011-2991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2991 [ 329 ] CVE-2011-2993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2993 [ 330 ] CVE-2011-2995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2995 [ 331 ] CVE-2011-2996 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2996 [ 332 ] CVE-2011-2997 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2997 [ 333 ] CVE-2011-2998 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2998 [ 334 ] CVE-2011-2999 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2999 [ 335 ] CVE-2011-3000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3000 [ 336 ] CVE-2011-3001 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3001 [ 337 ] CVE-2011-3002 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3002 [ 338 ] CVE-2011-3003 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3003 [ 339 ] CVE-2011-3004 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3004 [ 340 ] CVE-2011-3005 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3005 [ 341 ] CVE-2011-3026 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3026 [ 342 ] CVE-2011-3062 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3062 [ 343 ] CVE-2011-3232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3232 [ 344 ] CVE-2011-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389 [ 345 ] CVE-2011-3640 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3640 [ 346 ] CVE-2011-3647 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3647 [ 347 ] CVE-2011-3648 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3648 [ 348 ] CVE-2011-3649 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3649 [ 349 ] CVE-2011-3650 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3650 [ 350 ] CVE-2011-3651 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3651 [ 351 ] CVE-2011-3652 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3652 [ 352 ] CVE-2011-3653 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3653 [ 353 ] CVE-2011-3654 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3654 [ 354 ] CVE-2011-3655 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3655 [ 355 ] CVE-2011-3658 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3658 [ 356 ] CVE-2011-3659 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3659 [ 357 ] CVE-2011-3660 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3660 [ 358 ] CVE-2011-3661 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3661 [ 359 ] CVE-2011-3663 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3663 [ 360 ] CVE-2011-3665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3665 [ 361 ] CVE-2011-3670 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3670 [ 362 ] CVE-2011-3866 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3866 [ 363 ] CVE-2011-4688 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4688 [ 364 ] CVE-2012-0441 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0441 [ 365 ] CVE-2012-0442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0442 [ 366 ] CVE-2012-0443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0443 [ 367 ] CVE-2012-0444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0444 [ 368 ] CVE-2012-0445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0445 [ 369 ] CVE-2012-0446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0446 [ 370 ] CVE-2012-0447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0447 [ 371 ] CVE-2012-0449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0449 [ 372 ] CVE-2012-0450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0450 [ 373 ] CVE-2012-0451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0451 [ 374 ] CVE-2012-0452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0452 [ 375 ] CVE-2012-0455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0455 [ 376 ] CVE-2012-0456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0456 [ 377 ] CVE-2012-0457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0457 [ 378 ] CVE-2012-0458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0458 [ 379 ] CVE-2012-0459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0459 [ 380 ] CVE-2012-0460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0460 [ 381 ] CVE-2012-0461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0461 [ 382 ] CVE-2012-0462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0462 [ 383 ] CVE-2012-0463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0463 [ 384 ] CVE-2012-0464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0464 [ 385 ] CVE-2012-0467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0467 [ 386 ] CVE-2012-0468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0468 [ 387 ] CVE-2012-0469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0469 [ 388 ] CVE-2012-0470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0470 [ 389 ] CVE-2012-0471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0471 [ 390 ] CVE-2012-0473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0473 [ 391 ] CVE-2012-0474 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0474 [ 392 ] CVE-2012-0475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0475 [ 393 ] CVE-2012-0477 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0477 [ 394 ] CVE-2012-0478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0478 [ 395 ] CVE-2012-0479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0479 [ 396 ] CVE-2012-1937 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1937 [ 397 ] CVE-2012-1938 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1938 [ 398 ] CVE-2012-1939 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1939 [ 399 ] CVE-2012-1940 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1940 [ 400 ] CVE-2012-1941 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1941 [ 401 ] CVE-2012-1945 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1945 [ 402 ] CVE-2012-1946 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1946 [ 403 ] CVE-2012-1947 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1947 [ 404 ] CVE-2012-1948 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1948 [ 405 ] CVE-2012-1949 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1949 [ 406 ] CVE-2012-1950 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1950 [ 407 ] CVE-2012-1951 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1951 [ 408 ] CVE-2012-1952 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1952 [ 409 ] CVE-2012-1953 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1953 [ 410 ] CVE-2012-1954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1954 [ 411 ] CVE-2012-1955 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1955 [ 412 ] CVE-2012-1956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1956 [ 413 ] CVE-2012-1957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1957 [ 414 ] CVE-2012-1958 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1958 [ 415 ] CVE-2012-1959 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1959 [ 416 ] CVE-2012-1960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1960 [ 417 ] CVE-2012-1961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1961 [ 418 ] CVE-2012-1962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1962 [ 419 ] CVE-2012-1963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1963 [ 420 ] CVE-2012-1964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1964 [ 421 ] CVE-2012-1965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1965 [ 422 ] CVE-2012-1966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1966 [ 423 ] CVE-2012-1967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1967 [ 424 ] CVE-2012-1970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1970 [ 425 ] CVE-2012-1971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1971 [ 426 ] CVE-2012-1972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1972 [ 427 ] CVE-2012-1973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1973 [ 428 ] CVE-2012-1974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1974 [ 429 ] CVE-2012-1975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1975 [ 430 ] CVE-2012-1976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1976 [ 431 ] CVE-2012-1994 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1994 [ 432 ] CVE-2012-3956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3956 [ 433 ] CVE-2012-3957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3957 [ 434 ] CVE-2012-3958 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3958 [ 435 ] CVE-2012-3959 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3959 [ 436 ] CVE-2012-3960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3960 [ 437 ] CVE-2012-3961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3961 [ 438 ] CVE-2012-3962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3962 [ 439 ] CVE-2012-3963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3963 [ 440 ] CVE-2012-3964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3964 [ 441 ] CVE-2012-3965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3965 [ 442 ] CVE-2012-3966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3966 [ 443 ] CVE-2012-3967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3967 [ 444 ] CVE-2012-3968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3968 [ 445 ] CVE-2012-3969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3969 [ 446 ] CVE-2012-3970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3970 [ 447 ] CVE-2012-3971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3971 [ 448 ] CVE-2012-3972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3972 [ 449 ] CVE-2012-3973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3973 [ 450 ] CVE-2012-3975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3975 [ 451 ] CVE-2012-3976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3976 [ 452 ] CVE-2012-3977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3977 [ 453 ] CVE-2012-3978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3978 [ 454 ] CVE-2012-3980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3980 [ 455 ] CVE-2012-3982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3982 [ 456 ] CVE-2012-3984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3984 [ 457 ] CVE-2012-3985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3985 [ 458 ] CVE-2012-3986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3986 [ 459 ] CVE-2012-3988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3988 [ 460 ] CVE-2012-3989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3989 [ 461 ] CVE-2012-3990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3990 [ 462 ] CVE-2012-3991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3991 [ 463 ] CVE-2012-3992 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3992 [ 464 ] CVE-2012-3993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3993 [ 465 ] CVE-2012-3994 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3994 [ 466 ] CVE-2012-3995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3995 [ 467 ] CVE-2012-4179 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4179 [ 468 ] CVE-2012-4180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4180 [ 469 ] CVE-2012-4181 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4181 [ 470 ] CVE-2012-4182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4182 [ 471 ] CVE-2012-4183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4183 [ 472 ] CVE-2012-4184 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4184 [ 473 ] CVE-2012-4185 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4185 [ 474 ] CVE-2012-4186 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4186 [ 475 ] CVE-2012-4187 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4187 [ 476 ] CVE-2012-4188 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4188 [ 477 ] CVE-2012-4190 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4190 [ 478 ] CVE-2012-4191 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4191 [ 479 ] CVE-2012-4192 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4192 [ 480 ] CVE-2012-4193 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4193 [ 481 ] CVE-2012-4194 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4194 [ 482 ] CVE-2012-4195 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4195 [ 483 ] CVE-2012-4196 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4196 [ 484 ] CVE-2012-4201 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4201 [ 485 ] CVE-2012-4202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4202 [ 486 ] CVE-2012-4204 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4204 [ 487 ] CVE-2012-4205 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4205 [ 488 ] CVE-2012-4206 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4206 [ 489 ] CVE-2012-4207 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4207 [ 490 ] CVE-2012-4208 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4208 [ 491 ] CVE-2012-4209 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4209 [ 492 ] CVE-2012-4210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4210 [ 493 ] CVE-2012-4212 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4212 [ 494 ] CVE-2012-4215 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4215 [ 495 ] CVE-2012-4216 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4216 [ 496 ] CVE-2012-5354 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5354 [ 497 ] CVE-2012-5829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5829 [ 498 ] CVE-2012-5830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5830 [ 499 ] CVE-2012-5833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5833 [ 500 ] CVE-2012-5835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5835 [ 501 ] CVE-2012-5836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5836 [ 502 ] CVE-2012-5838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5838 [ 503 ] CVE-2012-5839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5839 [ 504 ] CVE-2012-5840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5840 [ 505 ] CVE-2012-5841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5841 [ 506 ] CVE-2012-5842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5842 [ 507 ] CVE-2012-5843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5843 [ 508 ] Firefox Blocking Fraudulent Certificates
http://blog.mozilla.org/security/2011/03/22/firefox-blocking-fraudulent-c= ertificates/ [ 509 ] Mozilla Foundation Security Advisory 2011-11 http://www.mozilla.org/security/announce/2011/mfsa2011-11.html [ 510 ] Mozilla Foundation Security Advisory 2011-34 http://www.mozilla.org/security/announce/2011/mfsa2011-34.html
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201301-01.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: java-1.6.0-sun security update Advisory ID: RHSA-2011:1384-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1384.html Issue date: 2011-10-19 CVE Names: CVE-2011-3389 CVE-2011-3516 CVE-2011-3521 CVE-2011-3544 CVE-2011-3545 CVE-2011-3546 CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 CVE-2011-3550 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3555 CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 CVE-2011-3560 CVE-2011-3561 =====================================================================
- Summary:
Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical security impact.
- Relevant releases/architectures:
Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
- Description:
The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit.
This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section. (CVE-2011-3389, CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3555, CVE-2011-3556, CVE-2011-3557, CVE-2011-3558, CVE-2011-3560, CVE-2011-3561)
All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide JDK and JRE 6 Update 29 and resolve these issues. All running instances of Sun Java must be restarted for the update to take effect.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
- Bugs fixed (http://bugzilla.redhat.com/):
737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) 745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936) 745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600) 745391 - CVE-2011-3551 OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640) 745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417) 745399 - CVE-2011-3544 OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823) 745442 - CVE-2011-3521 OpenJDK: IIOP deserialization code execution (Deserialization, 7055902) 745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857) 745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466) 745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012) 745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773) 745476 - CVE-2011-3553 OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794) 745492 - CVE-2011-3558 OpenJDK: Hotspot unspecified issue (Hotspot, 7070134) 747191 - CVE-2011-3545 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Sound) 747198 - CVE-2011-3549 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Swing) 747200 - CVE-2011-3550 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (AWT) 747203 - CVE-2011-3516 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment) 747205 - CVE-2011-3546 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment) 747206 - CVE-2011-3555 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (JRE) 747208 - CVE-2011-3561 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)
- Package List:
Red Hat Enterprise Linux AS version 4 Extras:
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm
Red Hat Desktop version 4 Extras:
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm
Red Hat Enterprise Linux ES version 4 Extras:
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm
Red Hat Enterprise Linux WS version 4 Extras:
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.x86_64.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node Supplementary (v. 6):
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-3389.html https://www.redhat.com/security/data/cve/CVE-2011-3516.html https://www.redhat.com/security/data/cve/CVE-2011-3521.html https://www.redhat.com/security/data/cve/CVE-2011-3544.html https://www.redhat.com/security/data/cve/CVE-2011-3545.html https://www.redhat.com/security/data/cve/CVE-2011-3546.html https://www.redhat.com/security/data/cve/CVE-2011-3547.html https://www.redhat.com/security/data/cve/CVE-2011-3548.html https://www.redhat.com/security/data/cve/CVE-2011-3549.html https://www.redhat.com/security/data/cve/CVE-2011-3550.html https://www.redhat.com/security/data/cve/CVE-2011-3551.html https://www.redhat.com/security/data/cve/CVE-2011-3552.html https://www.redhat.com/security/data/cve/CVE-2011-3553.html https://www.redhat.com/security/data/cve/CVE-2011-3554.html https://www.redhat.com/security/data/cve/CVE-2011-3555.html https://www.redhat.com/security/data/cve/CVE-2011-3556.html https://www.redhat.com/security/data/cve/CVE-2011-3557.html https://www.redhat.com/security/data/cve/CVE-2011-3558.html https://www.redhat.com/security/data/cve/CVE-2011-3560.html https://www.redhat.com/security/data/cve/CVE-2011-3561.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2011 Red Hat, Inc. To implement first block splitting in RSA BSAFE Micro Edition Suite 4.0, either for an SSL context or SSL object, call R_SSL_CTX_set_options_by_type() or R_SSL_set_options_by_type() respectively, with the SSL_OP_TYPE_SECURITY option type and the SSL_OP_SPLIT_FIRST_FRAGMENT identifier.
For more information about these functions and identifiers, see the RSA BSAFE Micro Edition Suite API Reference Guide. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
ESA-2013-039: RSA BSAFE\xae SSL-J Multiple Vulnerabilities
EMC Identifier: ESA-2013-039
CVE Identifier: CVE-2011-3389, CVE-2013-0169
Severity Rating: CVSS v2 Base Score: Refer NVD (http://nvd.nist.gov/) for individual scores for each CVE
Affected Products:
All versions of RSA BSAFE SSL-J except for 6.0.1 and 5.1.2
Unaffected Products:
RSA BSAFE SSL-J 6.0.1 and 5.1.2 (newly released)
Summary:
RSA BSAFE SSL-J 6.0.1 and 5.1.2 contain updates designed to prevent BEAST attacks (CVE-2011-3389) and SSL/TLS Plaintext Recovery (aka Lucky Thirteen) attacks (CVE-2013-0169).
Details:
BEAST
There is a known vulnerability in SSLv3 and TLS v1.0 to do with how the Initialization Vector (IV) is generated. For symmetric key algorithms in CBC mode, the IV for the first record is generated using keys and secrets set during the SSL or TLS handshake. All subsequent records are encrypted using the ciphertext block from the previous record as the IV. With symmetric key encryption in CBC mode, plain text encrypted with the same IV and key generates the same cipher text, which is why having a variable IV is important.
The BEAST exploit uses this SSLv3 and TLS v1.0 vulnerability by allowing an attacker to observe the last ciphertext block, which is the IV, then replace this with an IV of their choice, inject some of their own plain text data, and when this new IV is used to encrypt the data, the attacker can guess the plain text data one byte at a time.
Lucky Thirteen
Researchers have discovered a weakness in the handling of CBC cipher suites in SSL, TLS and DTLS. The \x93Lucky Thirteen\x94 attack exploits timing differences arising during MAC processing. Vulnerable implementations do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Details of this attack can be found at: http://www.isg.rhul.ac.uk/tls/TLStiming.pdf
Recommendation:
RSA recommends that customers on RSA BSAFE SSL-J 5.1.x or lower upgrade to RSA BSAFE SSL-J 5.1.2. RSA recommends that customers on RSA BSAFE SSL-J 6.0 upgrade to RSA BSAFE SSL-J 6.0.1.
To address BEAST, RSA introduce a new feature called first block splitting to RSA BSAFE SSL-J 6.0.1 and 5.1.2. First block splitting is designed to prevent the BEAST exploit by introducing unknown data into the encryption scheme prior to the attackers inserted plain text data. This is done as follows:
\x951. The first plain text block to be encrypted is split into two blocks. The first block contains the first byte of the data, the second block contains the rest. \x952. A MAC is generated from the one byte of data, the MAC key, and an increasing counter. This MAC is included in the first block. \x953. The one byte of data, along with the MAC, is encrypted and becomes the IV for the next block. Because the IV is now essentially random data, it is impossible for an attacker to predict it and replace it with one of their own. For RSA BSAFE SSL-J 6.0.1 and 5.1.2, first block splitting is engineered to be enabled by default for vulnerable cipher suites, making the application secure by default. If required, the application can disable first block splitting by setting the system property jsse.enableCBCProtection:
\x95 Using the following Java code:
System.setProperty("jsse.enableCBCProtection", "false");
OR
\x95 On the Java command line, passing the following argument:
-Djsse.enableCBCProtection=\x94false\x94
For more information about setting security properties, see section System and Security Properties in the RSA BSAFE SSL-J Developer Guide.
The best way to help prevent the BEAST attack is to use TLS v1.1 or higher. The vulnerability to do with IV generation was fixed in TLS v1.1 (released in 2006) so implementations using only TLS v1.1 or v1.2 are engineered to be secure against the BEAST exploit. However, support for these higher level protocols is limited to a smaller number of applications, so supporting only TLS v1.1 or v1.2 might cause interoperability issues.
A second solution is to limit the negotiated cipher suites to exclude those that do not require symmetric key algorithms in CBC mode. However, this substantially restricts the number of cipher suites that can be negotiated. That is, only cipher suites with NULL encryption or cipher suites with streaming encryption algorithms (the RC4 algorithm) could be negotiated, which might result in reduced security.
To address Lucky Thirteen, RSA BSAFE SSL-J 6.0.1 and 5.1.2 contain a patch that is designed to help ensure that MAC checking is time invariant in servers.
Customers can also protect against the Lucky Thirteen attack by disabling CBC mode cipher suites on clients and servers. Cipher suites that use RC4 and, if TLS 1.2 is available, AES-GCM can be used.
Obtaining Downloads:
To request your upgrade of the software, please call your local support telephone number (contact phone numbers are available at http://www.rsa.com/node.aspx?id=1356 ) for most expedient service. You may also request your software upgrade online at http://www.rsa.com/go/form_ins.asp .
Obtaining Documentation:
To obtain RSA documentation, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click Products in the top navigation menu. Select the specific product whose documentation you want to obtain. Scroll to the section for the product version that you want and click the set link.
Severity Rating:
For an explanation of Severity Ratings, refer to the Knowledge Base Article, \x93Security Advisories Severity Rating\x94 at https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604. RSA recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.
Obtaining More Information:
For more information about RSA products, visit the RSA web site at http://www.rsa.com.
Getting Support and Service:
For customers with current maintenance contracts, contact your local RSA Customer Support center with any additional questions regarding this RSA SecurCare Note. For contact telephone numbers or e-mail addresses, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com, click Help & Contact, and then click the Contact Us - Phone tab or the Contact Us - Email tab.
General Customer Support Information:
http://www.rsa.com/node.aspx?id=1264
RSA SecurCare Online:
https://knowledge.rsasecurity.com
EOPS Policy:
RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the link below for additional details. http://www.rsa.com/node.aspx?id=2575
SecurCare Online Security Advisories
RSA, The Security Division of EMC, distributes SCOL Security Advisories in order to bring to the attention of users of the affected RSA products important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. RSA disclaim all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall RSA or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
About RSA SecurCare Notes & Security Advisories Subscription
RSA SecurCare Notes & Security Advisories are targeted e-mail messages that RSA sends you based on the RSA product family you currently use. If you\x92d like to stop receiving RSA SecurCare Notes & Security Advisories, or if you\x92d like to change which RSA product family Notes & Security Advisories you currently receive, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com/scolcms/help.aspx?_v=view3. Following the instructions on the page, remove the check mark next to the RSA product family whose Notes & Security Advisories you no longer want to receive. Click the Submit button to save your selection.
Sincerely,
RSA Customer Support
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (Cygwin)
iEYEARECAAYFAlHBwyMACgkQtjd2rKp+ALwI0gCbBNOxiDjCZzTl293lMa53Yy2r pcsAn2UpV1x8Zg4031kyOrW5LfV2vner =W+qW -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201109-0130", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "web server", "scope": "eq", "trust": 1.8, "vendor": "hitachi", "version": "02-03" }, { "model": "web server 02-04-/a", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "web server", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "02-01" }, { "model": "web server", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "02-02" }, { "model": "esx", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "4.0" }, { "model": "esx", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "4.1" }, { "model": "esx", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "3.5" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.2" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "internet explorer", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "curl", "scope": "gte", "trust": 1.0, "vendor": "haxx", "version": "7.10.6" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "5.0" }, { "model": "simatic rf68xr", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.2.1" }, { "model": "firefox", "scope": "eq", "trust": 1.0, "vendor": "mozilla", "version": null }, { "model": "simatic rf615r", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.2.1" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "chrome", "scope": "eq", "trust": 1.0, "vendor": "google", "version": null }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "10.04" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "11.10" }, { "model": "curl", "scope": "lte", "trust": 1.0, "vendor": "haxx", "version": "7.23.1" }, { "model": "enterprise linux eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.2" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "5.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "10.10" }, { "model": "windows", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "browser", "scope": "eq", "trust": 1.0, "vendor": "opera", "version": null }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "11.04" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "6.0" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "5.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "5.0" }, { "model": "jre 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 08", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "web server 01-02-/b", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "09-50" }, { "model": "jre 1.4.2 30", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 16", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "sdk 1.4.2 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "09-00" }, { "model": "jre 1.4.2 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.1" }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "ucosminexus application server-r", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "09-50" }, { "model": "sdk 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.1" }, { "model": "jre 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 12", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 09", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "sdk 24", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.4.2 22", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "sdk 1.4.2 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "sdk 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 1.5.0 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.5.0 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.1" }, { "model": "jre 1.6.0 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.1" }, { "model": "jre 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.5.0 17", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 17", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 24", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.5.0 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "09-50" }, { "model": "sdk 1.4.2 30", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.6.0 26", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "sdk 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.4.2 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 08", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.4.2 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0 23", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.5.0 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.7" }, { "model": "sdk 1.4.2 16", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "09-50" }, { "model": "jdk 1.5.0 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 16", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 32", "scope": "ne", "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 30", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 18", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 11", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk .0 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4" }, { "model": "jre 1.4.2 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 0 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0 10", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 24", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "sdk 1.4.2 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.1" }, { "model": "sdk 1.4.2 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 24", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "web server 01-02-/c", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jre 1.5.0 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 24", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk .0 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.5.0 28", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "ucosminexus operator for service platform", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "09-00" }, { "model": "jdk 1.5.0 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 16", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 17", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.1" }, { "model": "jre 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 33", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "sdk 1.4.2 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 28", "scope": "ne", "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.1" }, { "model": "jre 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk .0 4", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4" }, { "model": "sdk 1.4.2 28", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 27", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk .0 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4" }, { "model": "sdk 1.4.2 12", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "ucosminexus application server-r", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "09-00" }, { "model": "jre 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "09-00" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 1.5.0 28", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.4.2 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "sdk 1.4.2 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 28", "scope": "ne", "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.4.2 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.1" }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 09", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "ucosminexus primary server base", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus primary server base", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "09-50" }, { "model": "jre 1.4.2 32", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 33", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 26", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 30", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 32", "scope": "ne", "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "ucosminexus operator for service platform", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "09-50" }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 18", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "sdk 1.4.2 22", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.7" }, { "model": "jdk 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.6.0 01", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 12", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "web server 01-02-/a", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "sdk 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "sdk 1.4.2 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 12", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4" }, { "model": "jdk 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.5.0 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "sdk 1.4.2 32", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 22", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.4.2 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "sdk 1.4.2 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 27", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 23", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "sdk 1.4.2 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 22", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "google", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "microsoft", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "mozilla", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "opera", "version": null }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "st ard edition version 4" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.7 to v10.7.4 (ruby)" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "st ard" }, { "model": "vcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "5.0 (windows)" }, { "model": "vcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "4.1 (windows)" }, { "model": "firefox", "scope": null, "trust": 0.8, "vendor": "mozilla", "version": null }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "enterprise version 6" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "for service platform" }, { "model": "iplanet web proxy server", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "4.0" }, { "model": "windows 7", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "(x64) sp1 before" }, { "model": "ucosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base(64)" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.7 to v10.7.3 (curl)" }, { "model": "ios", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "3.0 to 4.3.5 (iphone 3gs iphone 4)" }, { "model": "ruggedcom win5100", "scope": "lt", "trust": 0.8, "vendor": "siemens", "version": "all versions" }, { "model": "secureware/pki application development kit", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v2.1" }, { "model": "cosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base version 6" }, { "model": "ucosminexus portal framework", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "entry set" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.7.2 (java)" }, { "model": "windows xp", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "sp3 sp3" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.9" }, { "model": "windows vista", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "(x64) sp2" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "platform" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "smart edition" }, { "model": "windows server 2003", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "sp2" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.8.5 (secure transport)" }, { "model": "tuning manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "software" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional for plug-in" }, { "model": "web server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "opera", "scope": null, "trust": 0.8, "vendor": "opera asa", "version": null }, { "model": "database", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11.2.0.3" }, { "model": "vcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "4.0 (windows)" }, { "model": "websam securemaster", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterpriseaccessmanager version 3.x to 6.x" }, { "model": "cosminexus developer\u0027s kit for java", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "windows server 2008", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "(x86) sp2" }, { "model": "websam securemaster", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprisedirectoryserver/rdb cooperation system all versions" }, { "model": "http server", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "12.1.2.0" }, { "model": "mac os x", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "(cfnetwork ssl python)" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "st ard-r" }, { "model": "cosminexus server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "st ard edition version 4" }, { "model": "hyperion", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "essbase 11.1.2.2" }, { "model": "cosminexus client", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "-r" }, { "model": "windows server 2008", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "r2(itanium) sp2" }, { "model": "infocage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "pc security all versions" }, { "model": "xcode", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "4.4" }, { "model": "ruggedcom win5100", "scope": "eq", "trust": 0.8, "vendor": "siemens", "version": "software v4.4" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6.8 (apache)" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.7 to v10.7.2 (apache)" }, { "model": "cosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "ruggedcom win7200", "scope": "lt", "trust": 0.8, "vendor": "siemens", "version": "all versions" }, { "model": "windows server 2008", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "r2(x64) sp2" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.7.2 (java)" }, { "model": "xcode", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "(os x v10.7.4 and later )" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "(64)" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6.8 (apache)" }, { "model": "ruggedcom win5200", "scope": "lt", "trust": 0.8, "vendor": "siemens", "version": "all versions" }, { "model": "ruggedcom win7200", "scope": "eq", "trust": 0.8, "vendor": "siemens", "version": "software v4.4" }, { "model": "ruggedcom win7000", "scope": "lt", "trust": 0.8, "vendor": "siemens", "version": "all versions" }, { "model": "internet explorer", "scope": null, "trust": 0.8, "vendor": "microsoft", "version": null }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.7 to v10.7.2 (apache)" }, { "model": "websam securemaster", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "accesscontrolserver version 3.x to 6.x" }, { "model": "ucosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional version 6" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.7 to v10.7.4 (ruby)" }, { "model": "cosminexus http server", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base" }, { "model": "iplanet web server", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "7.0" }, { "model": "ruggedcom win7000", "scope": "eq", "trust": 0.8, "vendor": "siemens", "version": "software v4.4" }, { "model": "virtualcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "2.5 (windows)" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "12.1.3" }, { "model": "windows server 2008", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "(x64) sp2" }, { "model": "developer\u0027s kit for java", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "architect" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "for plug-in" }, { "model": "hp system management homepage", "scope": null, "trust": 0.8, "vendor": "hewlett packard", "version": null }, { "model": "device manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "software" }, { "model": "java system web server", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "6.1" }, { "model": "database", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11.1.0.7" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "(64)" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "express" }, { "model": "windows vista", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "sp2" }, { "model": "windows server 2008", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "(itanium) sp2" }, { "model": "web server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- security enhancement" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light" }, { "model": "windows 7", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "(x32) sp1 before" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.7 to v10.7.3 (curl)" }, { "model": "database", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11.2.0.2" }, { "model": "windows server 2003", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "(itanium) sp2" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "enterprise" }, { "model": "cosminexus server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "web edition version 4" }, { "model": "windows xp", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "(x64) sp2" }, { "model": "hyperion", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "essbase 11.1.2.3" }, { "model": "tv", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "4.0 to 4.3" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "01" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "platform - messaging" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "websam securemaster", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "accesscontrolplugin version 3.x to 6.x" }, { "model": "processing kit for xml", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "st ard version 6" }, { "model": "hirdb for java /xml", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light" }, { "model": "ios", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "3.1 to 4.3.5 (ipod touch first 3 after generation )" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "st ard" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light version 6" }, { "model": "ios", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "3.2 to 4.3.5 (ipad)" }, { "model": "ruggedcom win5200", "scope": "eq", "trust": 0.8, "vendor": "siemens", "version": "software v4.4" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "st ard version 6" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "chrome", "scope": null, "trust": 0.8, "vendor": "google", "version": null }, { "model": "windows server 2003", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "(x64) sp2" }, { "model": "ucosminexus client )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus service platform )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-50" }, { "model": "jre .0 01", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.4" }, { "model": "jdk 01-b06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.6" }, { "model": "ucosminexus primary server base )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-50" }, { "model": "project openssl 1.0.0a", "scope": null, "trust": 0.6, "vendor": "openssl", "version": null }, { "model": "ucosminexus operator for service platform )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00" }, { "model": "web server linux", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "03-00" }, { "model": "web server 02-04-/b", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "project openssl 0.9.8m", "scope": null, "trust": 0.6, "vendor": "openssl", "version": null }, { "model": "jre 1.5.0.0 09", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 28", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk .0 04", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "ucosminexus service architect )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus developer )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus service architect )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-50" }, { "model": "jre .0 03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.4" }, { "model": "cosminexus http server windows", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00" }, { "model": "web server hp-ux", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "03-00" }, { "model": "jdk 1.5.0.0 08", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "web server", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "01-02" }, { "model": "ucosminexus primary server base )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00" }, { "model": "project openssl 0.9.8n", "scope": null, "trust": 0.6, "vendor": "openssl", "version": null }, { "model": "ucosminexus application server-r )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00" }, { "model": "jdk .0 03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0 12", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre .0 02", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.4" }, { "model": "cosminexus http server windows", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00-10" }, { "model": "windows server sp1", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "2003x64" }, { "model": "web server linux", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "04-00" }, { "model": "jre 1.6.0 2", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "ucosminexus client )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00" }, { "model": "jre 1.4.2 27", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 07-b03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jre", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.4" }, { "model": "ucosminexus application server-r )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-50" }, { "model": "jre 1.5.0.0 08", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre .0 04", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.4" }, { "model": "web server", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "02-04" }, { "model": "jdk 1.5.0.0 12", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "windows server sp2", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "2003x64" }, { "model": "ucosminexus operator for service platform )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-50" }, { "model": "jdk 1.5.0.0 09", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "project openssl 0.9.8o", "scope": null, "trust": 0.6, "vendor": "openssl", "version": null }, { "model": "jdk 1.5.0.0 11", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 11-b03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus application server )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-50" }, { "model": "jre 1.5.0.0 07", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 01", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 20", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "windows xp home sp1", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "windows vista edition", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "x640" }, { "model": "software opera web browser beta1", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "10.50" }, { "model": "fusion middleware 11g release", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "111.1.17" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.80" }, { "model": "java se sr8 fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "11.11" }, { "model": "mac os server", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.7.3" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.2" }, { "model": "project openssl g", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "nonstop server h06.16.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "software opera web browser b", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "10.53" }, { "model": "enterprise linux as extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "windows xp professional edition", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "x64" }, { "model": "tv", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.1" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.10" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.2" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.14.1" }, { "model": "windows server for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20080" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "11.50" }, { "model": "web server windows", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-10" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "9.63" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.70" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.10" }, { "model": "windows xp tablet pc edition sp3", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "windows vista business 64-bit edition x64-enterprise", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.7" }, { "model": "project openssl b-36.8", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.0-68" }, { "model": "power systems 350.c0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.127" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.225" }, { "model": "nonstop server j06.09.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "10.50" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.219" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "730.30" }, { "model": "web server windows", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-10-03" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.15.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.20" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.2.1" }, { "model": "power systems 350.b1", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "web server windows", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-10-01(x64)" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "java se sr12", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.0" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0.0.52" }, { "model": "windows server standard edition gold itanium", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008-" }, { "model": "flex system imm2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.00" }, { "model": "windows server r2 enterprise", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003" }, { "model": "cosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.12" }, { "model": "nonstop server h06.18.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.15.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.22.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "windows xp media center edition sp3", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2005" }, { "model": "websphere datapower soa appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.8" }, { "model": "websphere datapower soa appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "9.51" }, { "model": "meeting exchange web conferencing server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "-0" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.6" }, { "model": "windows server r2 web edition", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20030" }, { "model": "system management homepage c", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.186" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.2" }, { "model": "nonstop server j06.08.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "windows xp home sp2", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "windows vista home basic sp1", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "nonstop server j06.16", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.200" }, { "model": "ucosminexus client for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "nonstop server j6.0.14.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java sdk sr10", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "vplex geosynchrony sp1", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "5.2" }, { "model": "software opera web browser win32", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "6.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.68" }, { "model": "forms and reports 11g release", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "211.1.2.1" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.00" }, { "model": "windows for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "70" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.22" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "flex system chassis management module", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.303" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "windows server r2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008x640" }, { "model": "jdk 1.5.0 11", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "software opera web browser 1win32", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "7.0" }, { "model": "ucosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "flex system imm2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.00" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.211" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.104" }, { "model": "nonstop server j06.07.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0-95" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "jrockit r28.0.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "8.51" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "web server )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-03" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.21.6" }, { "model": "jdk 1.5.0.0 06", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "cosminexus developer\u0027s kit for java (windows(x8", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "09-50-01" }, { "model": "software opera web browser", "scope": "ne", "trust": 0.3, "vendor": "opera", "version": "11.51" }, { "model": "cosminexus developer\u0027s kit for java", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "09-00-06" }, { "model": "ucosminexus application server light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.15.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.107" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14" }, { "model": "windows server standard edition", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20080" }, { "model": "system management homepage b", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5.146" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "7.54" }, { "model": "windows server sp2 enterprise", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008-x64" }, { "model": "system networking ethernet switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.1" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "7.51" }, { "model": "windows server gold standard", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003" }, { "model": "jrockit r28.1.1", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "773.10" }, { "model": "windows server r2 standard edition", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20080" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "730.40" }, { "model": "system management homepage a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.11.197" }, { "model": "web server hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-10" }, { "model": "firefox beta1", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "4.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.15210" }, { "model": "windows vista business", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "tv", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "1.0" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.17" }, { "model": "project openssl l", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.11.1" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "windows server for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20080" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "7.10" }, { "model": "windows server standard edition gold web", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008-" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "windows server itanium sp2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.3" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "windows xp home sp3", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "software opera web browser win32", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "5.12" }, { "model": "java sdk", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.5" }, { "model": "software opera web browser beta2", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "10.50" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.018" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.019" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.17" }, { "model": "enterprise linux hpc node optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "windows vista ultimate 64-bit edition sp2", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "11.00" }, { "model": "project openssl beta2", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.10" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.6" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.60" }, { "model": "nonstop server j06.13.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "9.25" }, { "model": "windows home premium sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "7-x32" }, { "model": "jdk 1.5.0 11-b03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "windows server gold compute cluster", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "software opera web browser win32", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "5.02" }, { "model": "rsa bsafe micro edition suite", "scope": "ne", "trust": 0.3, "vendor": "emc", "version": "4.0.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.19" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "windows server standard edition gold datacenter", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008-" }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "access manager sp2", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "3.1" }, { "model": "windows vista home premium sp1", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "9.24" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.65" }, { "model": "windows vista home premium 64-bit edition", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "0" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.15" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "10.60" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.12.3" }, { "model": "windows server r2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003" }, { "model": "project openssl 1.0.0c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.19" }, { "model": "windows server sp1 platform sdk", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003" }, { "model": "software opera web browser beta1", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "10.10" }, { "model": "windows server enterprise edition itanium sp1 beta", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20031" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "10.00" }, { "model": "windows server sp2 beta", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.100" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "windows server r2 x64-datacenter", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003" }, { "model": "cosminexus http server hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.7" }, { "model": "windows server enterprise edition itanium sp2 itanium", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003" }, { "model": "windows for 32-bit systems sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "7" }, { "model": "windows vista business 64-bit edition x64-ultimate", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "windows xp professional edition sp3", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "x64" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.1" }, { "model": "nonstop server j06.15", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.9.2" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "windows rc", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "7" }, { "model": "windows server for 32-bit systems sp2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "jre 07", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.1" }, { "model": "callpilot", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "windows vista home premium", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "cosminexus", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "9.0" }, { "model": "vplex geosynchrony", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "4.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "web server windows", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-10-10" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-80" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "control patch", "scope": "eq", "trust": 0.3, "vendor": "kerio", "version": "7.1.01" }, { "model": "project openssl beta3", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "ipad", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.133" }, { "model": "nonstop server h06.21.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.3.132" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.13.2" }, { "model": "access manager sp1", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "3.1" }, { "model": "linux enterprise java sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "jre 1.5.0 08", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "software opera web browser", "scope": "ne", "trust": 0.3, "vendor": "opera", "version": "11.60" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.20" }, { "model": "web server windows", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-00-060" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.101" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "ucosminexus application server smart edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.14" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.8" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "8.52" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0" }, { "model": "meeting exchange recording server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "-0" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.7.4" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "5" }, { "model": "desktop extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "10.52" }, { "model": "nonstop server j06.06.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5" }, { "model": "windows server web edition sp2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "windows server r2 enterprise edition sp2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20030" }, { "model": "rsa bsafe ssl-c", "scope": "ne", "trust": 0.3, "vendor": "emc", "version": "2.8.6" }, { "model": "nonstop server j06.06.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.17.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ios", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "5" }, { "model": "jdk update21", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3.3" }, { "model": "simatic rf68xr", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "3.2.1" }, { "model": "network node manager i", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.1" }, { "model": "windows server standard edition release candidate", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "windows server standard edition sp2 web", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008-" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1.3.0.0" }, { "model": "database 11g release", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "211.2.0.3" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "9.5" }, { "model": "windows server terminal services", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20030" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "8.54" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.9" }, { "model": "nonstop server h06.17.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "software opera web browser beta", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "83" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.84" }, { "model": "jre 21", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "windows server standard edition", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003" }, { "model": "project openssl 0.9.8s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "ios beta", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2" }, { "model": "windows vista home premium 64-bit edition sp1", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0.103" }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.2" }, { "model": "iphone", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "0" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "windows vista business 64-bit edition x86-ultimate", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "linux enterprise java sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "java se sr1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "windows server gold datacenter", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "7.53" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "7.21" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4" }, { "model": "windows server r2 enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20030" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.70" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.1" }, { "model": "tv", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.1" }, { "model": "nonstop server h06.27", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.20.2" }, { "model": "nonstop server j06.14.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.100" }, { "model": "tv", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.186" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8" }, { "model": "windows server datacenter edition sp2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003x64" }, { "model": "jrockit r27.6.0-50", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.5.015" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.105" }, { "model": "windows server r2 datacenter edition", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20030" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "8.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "jdk 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6" }, { "model": "nonstop server j06.08.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.306" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.2" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "9.64" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "windows server sp1 compute cluster", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.13" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "web server hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-10-02" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1" }, { "model": "software opera web browser win32 beta", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "7.01" }, { "model": "jrockit r27.6.5", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "sdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.222" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.18" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.107" }, { "model": "java se sr10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "nonstop server j06.04.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "web server solaris", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-00-01" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.2.77" }, { "model": "software opera web browser linux", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "6.0.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.217" }, { "model": "windows vista business 64-bit edition x86-enterprise", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.40" }, { "model": "linux enterprise server sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "windows server gold x64-datacenter", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "7.22" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.96" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.2" }, { "model": "web server security enhancement", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "java system application server", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "8.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.77" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "project openssl g", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "windows server for itanium-based systems r2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1" }, { "model": "rsa bsafe ssl-j", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.0" }, { "model": "windows server for itanium-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20080" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.112" }, { "model": "websphere datapower soa appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.344" }, { "model": "cosminexus developer\u0027s kit for java (windows(x8", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "09-00-06" }, { "model": "jdk update24", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.215" }, { "model": "meeting exchange client registration server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "-0" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3.1" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.2" }, { "model": "enterprise linux desktop supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0.102" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.57" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "760.31" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.18" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "windows server enterprise edition sp1 beta", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20031" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.0.2" }, { "model": "web server hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-00-05" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.81" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2011" }, { "model": "jdk 1.5.0.0 04", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.1" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.11.2" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.215" }, { "model": "windows server r2 standard edition", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20030" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "windows server r2 for x64-based systems sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.5" }, { "model": "software opera web browser j", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "7.11" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "nonstop server h06.25", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.302" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.19.3" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3.5" }, { "model": "windows vista business 64-bit edition sp1 x86-enterprise", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.04" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.1-73" }, { "model": "power systems 350.b0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.13" }, { "model": "database 11g release", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "211.2.0.2" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.20" }, { "model": "windows vista edition sp2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "x64" }, { "model": "enterprise linux for sap server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "security appscan standard", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.00" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.2" }, { "model": "project openssl beta2", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "system management homepage b", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.2.77" }, { "model": "java se sr9", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.68" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "760.30" }, { "model": "nonstop server j06.07.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "message networking sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux enterprise server for vmware sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.549.0" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.013" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "8.50" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.207" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.1" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.80" }, { "model": "nonstop server j06.08.04", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "flex system cmm 1.40.2q", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "6.06" }, { "model": "enterprise server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "6.0.1" }, { "model": "jdk 07", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "cosminexus developer\u0027s kit for java (windows(x6", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "09-50-01" }, { "model": "tv", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "4.4" }, { "model": "nonstop server h06.24", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "access manager", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "3.1" }, { "model": "windows server datacenter edition", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003x64" }, { "model": "nonstop server h06.16.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus developer professional for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.18.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.223" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "9.23" }, { "model": "windows server sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003" }, { "model": "cosminexus", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0" }, { "model": "jdk update13", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "software opera web browser linux", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "6.0.3" }, { "model": "windows server r2 datacenter edition sp2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20030" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "4.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13" }, { "model": "windows server gold x64-enterprise", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003" }, { "model": "nonstop server h06.19.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "windows for itanium-based systems sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "7" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "project openssl 1.0.0e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "windows server enterprise edition sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "773.00" }, { "model": "project openssl beta1", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.128" }, { "model": "jrockit r28.0.1", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "jdk update19", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "openpages grc platform", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.2.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.3" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.15" }, { "model": "windows server r2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003x64" }, { "model": "software opera web browser beta build", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "7.2012981" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.222" }, { "model": "windows server for x64-based systems r2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "windows server datacenter edition sp1 beta", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20031" }, { "model": "windows server r2 datacenter sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.14.20" }, { "model": "cosminexus studio standard edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "9" }, { "model": "windows xp tablet pc edition sp2", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "project openssl l", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "web server", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-05" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "8.53" }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.1" }, { "model": "windows server r2 itanium", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20080" }, { "model": "windows xp professional sp1", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "windows server for itanium-based systems sp2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "nonstop server j06.11.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr9-fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "collax", "version": "5.5.11" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "730.72" }, { "model": "windows server standard edition sp2 hpc", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008-" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2011" }, { "model": "update manager update", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "5.01" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.551.1" }, { "model": "glassfish enterprise server", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "2.1.1" }, { "model": "windows vista ultimate", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.10" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.20" }, { "model": "virtualcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5" }, { "model": "jrockit r27.6.7", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "10.01" }, { "model": "nonstop server h06.20.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "730.20" }, { "model": "jre 10-b03", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "jrockit r27.6.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.61" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.2" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.90" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "messaging storage server sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "nonstop server j06.05.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jre 07", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "nonstop server j06.07.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "windows server gold", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3.4" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "10.53" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.10.8" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.20.1" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "730.71" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.1.104" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.220" }, { "model": "java ibm 31-bit sdk for z/os", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "windows server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20080" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.16.4" }, { "model": "cosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.10" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.1.73" }, { "model": "project openssl beta3", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "java se sr5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "rsa bsafe ssl-c", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "2.8.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "cosminexus http server windows", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "09-00-11" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "760.00" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.102" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "nonstop server h06.21.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "windows vista business 64-bit edition sp1 x64-enterprise", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "software opera web browser linux", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "6.10" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "9.20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.16" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "software opera web browser beta1", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "10.60" }, { "model": "software opera web browser win32", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "6.0.5" }, { "model": "ucosminexus service platform aix", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00(64)" }, { "model": "web server windows", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-10-03(x64)" }, { "model": "ipod touch", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "0" }, { "model": "linux enterprise software development kit sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8.179" }, { "model": "web server aix", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-00" }, { "model": "software opera web browser beta1", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "10.00" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.20" }, { "model": "power systems 350.d0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.224" }, { "model": "business server", "scope": "ne", "trust": 0.3, "vendor": "collax", "version": "5.5.12" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "9.61" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "enterprise linux desktop optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux hpc node supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.308" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.5" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.10.6" }, { "model": "jdk update17", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "windows server datacenter edition sp2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.4" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "windows server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003x64" }, { "model": "cosminexus http server", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "09-00-13" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.12" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "10.54" }, { "model": "nonstop server j06.05.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "software opera web browser .6win32", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "6.0" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "sdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.221" }, { "model": "sdk 02", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.201" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.672.2" }, { "model": "jdk 0 03", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "jdk update20", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "windows server standard edition r2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "9.62" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0.1" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "730.61" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.237" }, { "model": "linux enterprise desktop sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "windows vista business 64-bit edition sp2", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "nonstop server h06.17.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "773.02" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.31" }, { "model": "nonstop server j06.08.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura conferencing standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server j06.10.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "windows vista home premium 64-bit edition sp2", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "windows xp embedded sp2", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "windows server datacenter edition itanium sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003" }, { "model": "nonstop server h06.17.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "freeflow print server 91.d2.32", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "windows vista business 64-bit edition sp1", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "cosminexus server web edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux enterprise for sap applications sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.6" }, { "model": "rsa bsafe micro edition suite", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "3.1" }, { "model": "windows vista enterprise 64-bit edition sp1", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "windows server sp1 storage", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003" }, { "model": "project openssl 1.0.0d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "meeting exchange streaming server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "-0" }, { "model": "processing kit for xml", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "rsa bsafe micro edition suite", "scope": "ne", "trust": 0.3, "vendor": "emc", "version": "3.2.6" }, { "model": "java se sr11 pf1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "lotus domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.3" }, { "model": "web server hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-00" }, { "model": "groupware suite", "scope": "eq", "trust": 0.3, "vendor": "collax", "version": "5.5.11" }, { "model": "cosminexus studio web edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.213" }, { "model": "nonstop server h06.15.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.06" }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.15" }, { "model": "windows server standard edition itanium", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "nonstop server j06.14", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "sdk 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "760.40" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "730.70" }, { "model": "windows vista ultimate 64-bit edition", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "0" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5" }, { "model": "jre 1.5.0 09-b03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "system integrated management module", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x2" }, { "model": "windows vista enterprise 64-bit edition", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "0" }, { "model": "nonstop server h06.26", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rsa bsafe ssl-j", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "5.1.1" }, { "model": "windows server web edition sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.218" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.2" }, { "model": "nonstop server j06.13", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.14" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.21" }, { "model": "nonstop server j06.09.04", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "web server windows", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-10" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.7.3" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "messaging application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.6.156" }, { "model": "windows for itanium-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "70" }, { "model": "ir", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "730.45" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.7" }, { "model": "software opera web browser mac", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "5.0" }, { "model": "nonstop server j06.05.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus server standard edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.216" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "rsa bsafe micro edition suite", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "4.0" }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "rsa bsafe micro edition suite", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "3.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.19" }, { "model": "project openssl beta5", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.0" }, { "model": "windows server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003" }, { "model": "windows server enterprise edition itanium sp2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003" }, { "model": "windows server gold enterprise", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003" }, { "model": "windows vista sp2", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.6" }, { "model": "websphere datapower soa appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.8.1" }, { "model": "jrockit r27.1.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "fusion middleware 11g release", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "111.1.16" }, { "model": "windows vista business 64-bit edition", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "0" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.23.1" }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "vplex geosynchrony", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "5.2.1" }, { "model": "software opera web browser b", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "7.11" }, { "model": "enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "jrockit r28.1.4", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.9.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0-103" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.12.201" }, { "model": "windows xp media center edition sp3", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.16" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "9.01" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.12" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "nonstop server j06.09.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "windows server enterprise edition sp2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003x64" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "jrockit r27.6.6", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "nonstop server j06.06.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "project openssl 0.9.8q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "windows xp media center edition", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.4" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.012" }, { "model": "software opera web browser beta2", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "10.00" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.17" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.15.3" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "760.11" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "lotus domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2" }, { "model": "bladecenter advanced management module", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.2.127" }, { "model": "java sdk sr13 fp11", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.4.2" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.50" }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.0" }, { "model": "windows server gold storage", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003" }, { "model": "jrockit r27.6.8", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "9.02" }, { "model": "windows xp mode", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "70" }, { "model": "software opera web browser win32", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "7.0" }, { "model": "windows vista home premium sp2", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.310" }, { "model": "cosminexus developer\u0027s kit for java (windows(x6", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "09-00-06" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "10.62" }, { "model": "web server hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-10-01" }, { "model": "software opera web browser win32", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "6.0.1" }, { "model": "windows server r2 sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008x64" }, { "model": "callpilot", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "project openssl 0.9.8g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "linux enterprise software development kit sp1 for sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "7.11" }, { "model": "windows vista home basic 64-bit edition sp1", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "windows server standard edition sp2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "java se sr12-fp5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "openjdk", "scope": "eq", "trust": 0.3, "vendor": "openjdk", "version": "6" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.202" }, { "model": "windows vista business sp1", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "windows server standard edition gold hpc", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008-" }, { "model": "windows server gold x64-standard", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003" }, { "model": "web server windows", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-00-05" }, { "model": "jre beta", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "software opera web browser win32", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "5.10" }, { "model": "java sdk", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.2" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.15.5" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.30" }, { "model": "jrockit r27.6.4", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura system manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.1" }, { "model": "messaging storage server sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.186" }, { "model": "windows server sp2 storage", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.015" }, { "model": "windows vista enterprise sp1", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "5.0" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "sdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.219" }, { "model": "java se sr10", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.94" }, { "model": "cosminexus http server", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00-10" }, { "model": "nonstop server h06.20.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "java se sr11", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "windows server standard edition", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008x64" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.10" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "730.80" }, { "model": "ucosminexus service platform hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "freeflow print server 73.c5.11", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "rsa bsafe ssl-j", "scope": "ne", "trust": 0.3, "vendor": "emc", "version": "6.0.1" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "730.50" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "web server windows", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-00" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "8.02" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "9.52" }, { "model": "windows xp tablet pc edition", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "windows professional", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "70" }, { "model": "ucosminexus developer )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.204" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.551.0" }, { "model": "tls", "scope": "eq", "trust": 0.3, "vendor": "ietf", "version": "1.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.301" }, { "model": "enterprise linux workstation optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "730.90" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "730.00" }, { "model": "rsa bsafe ssl-j", "scope": "ne", "trust": 0.3, "vendor": "emc", "version": "5.1.2" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.4" }, { "model": "jdk update23", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.112" }, { "model": "linux enterprise server sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.03" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "8.0.2" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.10.7" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.6" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.51" }, { "model": "jre 28", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "system management homepage b", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.186" }, { "model": "firefox beta", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.62" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "windows server itanium sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003" }, { "model": "windows server sp2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003" }, { "model": "control", "scope": "eq", "trust": 0.3, "vendor": "kerio", "version": "7.1.0" }, { "model": "windows server datacenter edition", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20080" }, { "model": "web server )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-04" }, { "model": "cosminexus http server linux", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "09-00-12" }, { "model": "mac os server", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.7.4" }, { "model": "flex system cmm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.00" }, { "model": "rsa bsafe micro edition suite", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "4.0.3" }, { "model": "project openssl 1.0.0b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "7.52" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "11.01" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "web server 01-02-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "http server 12c", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1.2" }, { "model": "windows server r2 x64-enterprise", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.11" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.2" }, { "model": "windows server gold", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003x64" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4.143" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.15" }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "java system application server", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "8.1" }, { "model": "windows xp embedded sp3", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "9.60" }, { "model": "windows vista ultimate 64-bit edition sp1", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "windows server datacenter edition release candidate", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "jdk 0 09", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.0-12" }, { "model": "windows server r2 enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20080" }, { "model": "hirdb for java", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.7" }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "jre 04", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.1" }, { "model": "windows xp professional", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.300" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.021" }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "software opera web browser beta", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "9.50" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "10.51" }, { "model": "enterprise linux server optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5.146" }, { "model": "nonstop server j06.04.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "software opera web browser win32", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "6.0.3" }, { "model": "windows home premium", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "70" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "730.46" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "windows vista sp1", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "ucosminexus primary server base", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.15.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.5" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "9.22" }, { "model": "windows server r2 enterprise edition sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20030" }, { "model": "project openssl m", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.205" }, { "model": "windows xp media center edition sp2", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "windows starter", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "70" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.07" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.204" }, { "model": "cosminexus http server hp-ux", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "09-00-13" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "11.10" }, { "model": "lotus domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "jdk update25", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "lotus domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "java se sr13-fp11", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.4.2" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "windows server sp2 datacenter", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003" }, { "model": "windows server standard edition gold standard", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008-" }, { "model": "windows vista home basic sp2", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura system platform sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.103" }, { "model": "windows server standard edition sp2 storage", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008-" }, { "model": "jdk 1.6.0 01-b06", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.18.1" }, { "model": "web server 02-04-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.71" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "windows server standard edition r2 sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "meeting exchange webportal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "-6.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.91" }, { "model": "software opera web browser beta", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "9.601" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "web server solaris", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-00" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.017" }, { "model": "windows server r2 compute cluster", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.210" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "web server hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-00-01" }, { "model": "jdk 1.5.0.0 03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "windows vista ultimate sp1", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "sdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.227" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.309" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.214" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.19.4" }, { "model": "sdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.224" }, { "model": "ucosminexus service platform linux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00(x64)" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.9" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "10" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.11" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "windows server standard edition gold storage", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008-" }, { "model": "windows for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "70" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.52" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "10.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.8" }, { "model": "nonstop server h06.20.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus developer no version", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.0.121" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.163" }, { "model": "jdk update18", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.304" }, { "model": "windows vista enterprise sp2", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.11" }, { "model": "nonstop server j06.09.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.305" }, { "model": "windows xp professional sp2", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "730.60" }, { "model": "windows server r2 datacenter edition sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20030" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "tv", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.0" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.13.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.16" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "7.50" }, { "model": "rsa bsafe micro edition suite", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "3.2.4" }, { "model": "nonstop server h06.18.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus application server no version", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "websphere datapower soa appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.00" }, { "model": "stenberg curl", "scope": "ne", "trust": 0.3, "vendor": "daniel", "version": "7.24.0" }, { "model": "windows server r2 datacenter", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20080" }, { "model": "windows vista home basic 64-bit edition sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "x64" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "760.10" }, { "model": "project openssl 0.9.8f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.50" }, { "model": "linux enterprise sdk sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "4.0.1" }, { "model": "windows vista enterprise 64-bit edition sp2", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.203" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.1" }, { "model": "nonstop server h06.19.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "windows server enterprise edition itanium", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20030" }, { "model": "windows vista home basic", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "windows vista business 64-bit edition sp1 x86-ultimate", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.7" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "web server aix", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-00" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.0.1" }, { "model": "freeflow print server 81.d0.73", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.208" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "windows server enterprise edition itanium sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003" }, { "model": "software opera web browser beta3", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "10.00" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "windows server standard edition sp1 beta", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20031" }, { "model": "nonstop server j06.06.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "15.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.12" }, { "model": "jrockit r27.6.2", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.2-77" }, { "model": "ucosminexus application server express", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-70" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.8" }, { "model": "web server", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-00-01" }, { "model": "aura system platform sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "simatic rf615r", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "3.2.1" }, { "model": "windows vista edition sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "x64" }, { "model": "windows server gold itanium", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003" }, { "model": "windows server datacenter edition", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003" }, { "model": "jre 27", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "windows vista business 64-bit edition sp1 x64-ultimate", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.209" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.226" }, { "model": "windows server standard edition sp2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.014" }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server j06.12.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "windows server enterprise edition sp2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "jrockit r27.6.9", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "project openssl 0.9.8r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "windows server r2 storage", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "power systems 350.a0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "simatic rf68xr", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "3.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.011" }, { "model": "windows vista business 64-bit edition sp1 x64-home premium", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "nonstop server j06.09.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jrockit r27.6.3", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.9" }, { "model": "jdk update14", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "cosminexus", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "8.0" }, { "model": "project openssl beta4", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.0" }, { "model": "java se sr6", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.1" }, { "model": "windows server standard edition gold enterprise", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008-" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "tv", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "project openssl 0.9.8p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "windows server standard edition", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003x64" }, { "model": "rsa bsafe micro edition suite", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "4.0.2" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "010" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.15-210" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "9.27" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "messaging application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5" }, { "model": "windows server r2 sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.95" }, { "model": "windows xp tablet pc edition sp1", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "ucosminexus service platform messaging", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.18" }, { "model": "networks matrixssl", "scope": "ne", "trust": 0.3, "vendor": "peersec", "version": "3.2.2" }, { "model": "windows server standard edition gold", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008-" }, { "model": "windows server r2 platfom sdk", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003" }, { "model": "windows vista ultimate sp2", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "web server", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-00-02" }, { "model": "nonstop server j06.10.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "secure sockets layer", "scope": "eq", "trust": 0.3, "vendor": "ietf", "version": "3.0" }, { "model": "windows ultimate", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "70" }, { "model": "windows server standard edition sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003" }, { "model": "rsa bsafe micro edition suite", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "3.2.5" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "nonstop server h06.24.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "7.23" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "6.0" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "windows server r2 standard", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.60" }, { "model": "messaging storage server sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.0.2" }, { "model": "windows vista home basic 64-bit edition sp2", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "connect build", "scope": "eq", "trust": 0.3, "vendor": "kerio", "version": "7.1.42985" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "10.10" }, { "model": "web server 02-04-/a (windows(ip", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.19.6" }, { "model": "windows server datacenter edition itanium sp1 beta", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20031" }, { "model": "windows server for x64-based systems sp2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.7.5" }, { "model": "virtualcenter update 6b", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "2.5" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "simatic rf68xr", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "3.2" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "jre 1.5.0 09", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "cosminexus http server hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00-10" }, { "model": "enterprise linux ws extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.6" }, { "model": "windows xp home", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "9.10" }, { "model": "windows server web edition", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "software opera web browser 3win32", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "7.0" }, { "model": "enterprise linux es extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "openjdk", "scope": "eq", "trust": 0.3, "vendor": "openjdk", "version": "1.6" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.010" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8" }, { "model": "firefox beta", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.63" }, { "model": "software opera web browser 2win32", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "7.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.64" }, { "model": "windows server itanium", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20030" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "8.01" }, { "model": "windows xp service pack", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "30" }, { "model": "nonstop server j06.08.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "freeflow print server 82.d1.44", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.8" }, { "model": "communication server telephony manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "10003.0" }, { "model": "project openssl 0.9.8l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "web server hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-10-09" }, { "model": "windows server r2 datacenter", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003" }, { "model": "windows server sp2 compute cluster", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "cosminexus developer\u0027s kit for java", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "09-50-01" }, { "model": "software opera web browser win32", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "6.0.4" }, { "model": "nonstop server h06.15.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "cosminexus primary server base", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.21" }, { "model": "sdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.223" }, { "model": "connect", "scope": "ne", "trust": 0.3, "vendor": "kerio", "version": "8.1" }, { "model": "web server hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-00-04" }, { "model": "nonstop server h06.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "enterprise server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "simatic rf615r", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "3.1" }, { "model": "java se sr7", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "7.20" }, { "model": "java se sr13-fp10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.2" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "10.63" }, { "model": "windows xp professional edition sp2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "x64" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1x8664" }, { "model": "jdk update16", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "windows home premium sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "7-x64" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.14" }, { "model": "nonstop server h06.22.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "groupware suite", "scope": "ne", "trust": 0.3, "vendor": "collax", "version": "5.5.12" }, { "model": "windows xp professional sp3", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.2.106" }, { "model": "jrockit r28.1.3", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "sdk .0 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "windows vista home basic 64-bit edition sp2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "x64" }, { "model": "lotus domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "5.12" }, { "model": "windows server enterprise edition release candidate", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.020" }, { "model": "enterprise linux as for sap", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "flex system integrated management module", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2" }, { "model": "nonstop server h06.19.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "760.41" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.12.2" }, { "model": "windows vista home basic 64-bit edition", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "0" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.05" }, { "model": "cosminexus", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0" }, { "model": "networks matrixssl", "scope": "eq", "trust": 0.3, "vendor": "peersec", "version": "3.2.1" }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "interactive response", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "windows for x64-based systems sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "7" }, { "model": "vplex geosynchrony", "scope": "ne", "trust": 0.3, "vendor": "emc", "version": "5.3" }, { "model": "messaging application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.5" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.16.3" }, { "model": "windows server r2 itanium sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "730.51" }, { "model": "nonstop server h06.21.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.3" }, { "model": "software opera web browser win32", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "5.11" }, { "model": "cosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.212" }, { "model": "cosminexus http server", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.206" }, { "model": "cms server aux", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "15.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "cosminexus http server windows", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "09-00-12" }, { "model": "nonstop server h06.19.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "web server windows", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-00" }, { "model": "freeflow print server 93.e0.21c", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.10" }, { "model": "simatic rf615r", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "3.2" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.2" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.10" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.9" }, { "model": "cosminexus http server linux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "windows server r2 x64-standard", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003" }, { "model": "nonstop server j06.11.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.26.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "linux enterprise server sp1 for sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.43" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "9.26" }, { "model": "software opera web browser win32 beta", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "7.02" }, { "model": "access manager sp3", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "3.1" }, { "model": "ucosminexus developer hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "websphere datapower soa appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.8.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.221" }, { "model": "nonstop server j06.04.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.016" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.307" }, { "model": "windows xp", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "0" }, { "model": "jdk 1.5.0 07-b03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "windows server r2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "windows server datacenter edition itanium", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20030" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "5.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.21" }, { "model": "software opera web browser win32", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "6.0.2" }, { "model": "update manager", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.12.1" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "cosminexus http server linux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00-10" }, { "model": "software opera web browser linux", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "5.0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.40" }, { "model": "enterprise linux sap", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "nonstop server h06.20.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.19.5" }, { "model": "software opera web browser beta", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "9.201" }, { "model": "stenberg curl", "scope": "eq", "trust": 0.3, "vendor": "daniel", "version": "7.21.7" }, { "model": "nonstop server j06.10.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "ucosminexus application server standard-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "9.21" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.550.0" }, { "model": "windows vista enterprise", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "ucosminexus service platform windows", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00(x64)" }, { "model": "nonstop server h06.16.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "software opera web browser linux", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "6.0.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.3" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "windows server sp2 enterprise", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "jdk update22", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "10.61" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "10" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "760.20" }, { "model": "windows xp media center edition sp1", "scope": null, "trust": 0.3, "vendor": "microsoft", "version": null }, { "model": "jdk update15", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "project openssl beta1", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "communication server telephony manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "10004.0" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.8.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.2" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "730.91" }, { "model": "xcode", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "4.4" }, { "model": "freeflow print server 73.d2.33", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "project openssl m", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "database 11g release", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "111.1.0.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.205" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.2" }, { "model": "windows server datacenter edition sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2003" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "nonstop server h06.25.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "windows server web edition sp1 beta", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20031" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.2" } ], "sources": [ { "db": "CERT/CC", "id": "VU#864643" }, { "db": "BID", "id": "49778" }, { "db": "JVNDB", "id": "JVNDB-2011-002305" }, { "db": "NVD", "id": "CVE-2011-3389" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:google:chrome", "vulnerable": true }, { "cpe22Uri": "cpe:/a:mozilla:firefox", "vulnerable": true }, { "cpe22Uri": "cpe:/a:opera:opera_browser", "vulnerable": true }, { "cpe22Uri": "cpe:/a:vmware:esx", "vulnerable": true }, { "cpe22Uri": "cpe:/a:vmware:vcenter", "vulnerable": true }, { "cpe22Uri": "cpe:/a:vmware:virtualcenter", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:apple:apple_tv", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:iphone_os", "vulnerable": true }, { "cpe22Uri": "cpe:/a:apple:xcode", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:java_system_web_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:database_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:fusion_middleware", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:http_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:hyperion", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:iplanet_web_proxy_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:iplanet_web_server", "vulnerable": true }, { "cpe22Uri": "cpe:/h:siemens:ruggedcom_win5100", "vulnerable": true }, { "cpe22Uri": "cpe:/h:siemens:ruggedcom_win5200", "vulnerable": true }, { "cpe22Uri": "cpe:/h:siemens:ruggedcom_win7000", "vulnerable": true }, { "cpe22Uri": "cpe:/h:siemens:ruggedcom_win7200", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hp:system_management_homepage", "vulnerable": true }, { "cpe22Uri": "cpe:/a:microsoft:internet_explorer", "vulnerable": true }, { "cpe22Uri": "cpe:/o:microsoft:windows_7", "vulnerable": true }, { "cpe22Uri": "cpe:/o:microsoft:windows_server_2003", "vulnerable": true }, { "cpe22Uri": "cpe:/o:microsoft:windows_server_2008", "vulnerable": true }, { "cpe22Uri": "cpe:/o:microsoft:windows_vista", "vulnerable": true }, { "cpe22Uri": "cpe:/o:microsoft:windows_xp", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:infocage", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:secureware_pki_application_development_kit", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:websam_assetsuite", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:websam_securemaster", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_client", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developers_kit_for_java", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_http_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_primary_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:hirdb_for_java_xml", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:hitachi_developers_kit_for_java", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:device_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:tuning_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:hitachi_web_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:processing_kit_for_xml", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_client", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_operator", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_portal_framework", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_primary_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_service", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_service_platform", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-002305" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Thai Duong and Juliano Rizzo, Wendy Parrington from United Utilities.", "sources": [ { "db": "BID", "id": "49778" } ], "trust": 0.3 }, "cve": "CVE-2011-3389", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2011-3389", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2011-3389", "trust": 1.0, "value": "MEDIUM" }, { "author": "CARNEGIE MELLON", "id": "VU#864643", "trust": 0.8, "value": "3.38" }, { "author": "NVD", "id": "CVE-2011-3389", "trust": 0.8, "value": "Medium" }, { "author": "VULMON", "id": "CVE-2011-3389", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#864643" }, { "db": "VULMON", "id": "CVE-2011-3389" }, { "db": "JVNDB", "id": "JVNDB-2011-002305" }, { "db": "NVD", "id": "CVE-2011-3389" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack. A vulnerability in the specification of the SSL 3.0 and TLS 1.0 protocols could allow an attacker to decrypt encrypted traffic. SSL Protocol and TLS The protocol includes CBC There are vulnerabilities that are subject to selective plaintext attacks in mode. SSL Protocol and TLS Protocol is CBC Initialization vector when operating in mode (IV) There is a problem in the determination method, and there is a vulnerability that is subject to selective plaintext attacks. Attack methods using this vulnerability have been released.Encrypted communication is a man-in-the-middle attack (man-in-the-middle attack) If they are intercepted by you, their content may be decrypted. This will result in a false sense of security, and potentially result in the disclosure of sensitive information. ----------------------------------------------------------------------\n\nSC World Congress, New York, USA, 16 November 2011\nVisit the Secunia booth (#203) and discover how you can improve your handling of third party programs:\n\nhttp://secunia.com/resources/events/sc_2011/ \n\n----------------------------------------------------------------------\n\nTITLE:\nIBM Lotus Domino SSL/TLS Initialization Vector Selection Weakness\n\nSECUNIA ADVISORY ID:\nSA46791\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46791/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46791\n\nRELEASE DATE:\n2011-11-11\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46791/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46791/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46791\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA weakness has been reported in IBM Lotus Domino, which can be\nexploited by malicious people to disclose potentially sensitive\ninformation and hijack a user\u0027s session. \n\nFor more information:\nSA46168\n\nThe vulnerability is reported in versions 8.0, 8.5, 8.5.1, 8.5.2, and\n8.5.3. \n\nSOLUTION:\nAs a workaround enable RC4 encryption (please see the vendor\u0027s\nadvisory for details). \n\nPROVIDED AND/OR DISCOVERED BY:\nThai Duong and Juliano Rizzo\n\nORIGINAL ADVISORY:\nIBM:\nhttp://www.ibm.com/support/docview.wss?uid=swg21568229\n\nIBM ISS X-Force:\nhttp://xforce.iss.net/xforce/xfdb/70069\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n \n A flaw was found in the way the Python SimpleHTTPServer module\n generated directory listings. An attacker able to upload a file\n with a specially-crafted name to a server could possibly perform a\n cross-site scripting (XSS) attack against victims visiting a listing\n page generated by SimpleHTTPServer, for a directory containing\n the crafted file (if the victims were using certain web browsers)\n (CVE-2011-4940). \n \n A race condition was found in the way the Python distutils module\n set file permissions during the creation of the .pypirc file. If a\n local user had access to the home directory of another user who is\n running distutils, they could use this flaw to gain access to that\n user\u0026#039;s .pypirc file, which can contain usernames and passwords for\n code repositories (CVE-2011-4944). \n \n A flaw was found in the way the Python SimpleXMLRPCServer module\n handled clients disconnecting prematurely. A remote attacker could\n use this flaw to cause excessive CPU consumption on a server using\n SimpleXMLRPCServer (CVE-2012-0845). \n \n Hash table collisions CPU usage DoS for the embedded copy of expat\n (CVE-2012-0876). \n \n A denial of service flaw was found in the implementation of associative\n arrays (dictionaries) in Python. An attacker able to supply a large\n number of inputs to a Python application (such as HTTP POST request\n parameters sent to a web application) that are used as keys when\n inserting data into an array could trigger multiple hash function\n collisions, making array operations take an excessive amount of\n CPU time. To mitigate this issue, randomization has been added to\n the hash function to reduce the chance of an attacker successfully\n causing intentional collisions (CVE-2012-1150). \n \n The updated packages have been patched to correct these issues. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\nCVE-2011-3521\n\tThe CORBA implementation contains a deserialization\n\tvulnerability in the IIOP implementation, allowing untrusted\n\tJava code (such as applets) to elevate its privileges. \n\nCVE-2011-3544\n\tThe Java scripting engine lacks necessary security manager\n\tchecks, allowing untrusted Java code (such as applets) to\n\televate its privileges. \n\nCVE-2011-3547\n\tThe skip() method in java.io.InputStream uses a shared buffer,\n\tallowing untrusted Java code (such as applets) to access data\n\tthat is skipped by other code. \n\nCVE-2011-3548\n\tThe java.awt.AWTKeyStroke class contains a flaw which allows\n\tuntrusted Java code (such as applets) to elevate its\n\tprivileges. \n\nCVE-2011-3551\n\tThe Java2D C code contains an integer overflow which results\n\tin a heap-based buffer overflow, potentially allowing\n\tuntrusted Java code (such as applets) to elevate its\n\tprivileges. \n\nCVE-2011-3552\n\tMalicous Java code can use up an excessive amount of UDP\n\tports, leading to a denial of service. \n\nCVE-2011-3553\n\tJAX-WS enables stack traces for certain server responses by\n\tdefault, potentially leaking sensitive information. \n\nCVE-2011-3554\n\tJAR files in pack200 format are not properly checked for\n\terrors, potentially leading to arbitrary code execution when\n\tunpacking crafted pack200 files. \n\nCVE-2011-3556\n\tThe RMI Registry server lacks access restrictions on certain\n\tmethods, allowing a remote client to execute arbitary code. \n\nCVE-2011-3557\n\tThe RMI Registry server fails to properly restrict privileges\n\tof untrusted Java code, allowing RMI clients to elevate their\n\tprivileges on the RMI Registry server. \n\nCVE-2011-3560\n\tThe com.sun.net.ssl.HttpsURLConnection class does not perform\n\tproper security manager checks in the setSSLSocketFactory()\n\tmethod, allowing untrusted Java code to bypass security policy\n\trestrictions. \n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 6b18-1.8.10-0+squeeze1. \n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 6b23~pre11-1. \n\nDetails: \n\n\\x95Multiple Vulnerabilities affecting the VPLEX Web GUI. Please refer to the NVD website (http://web.nvd.nist.gov/) for more details on the below CVEs\n\nPath Traversal vulnerability in VPLEX GUI \\x96 CVE-2014-0632\nCVSS v2 Base Score: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C) \n\nVPLEX GUI Session Timeout validity vulnerability \\x96 CVE-2014-0633 \nCVSS v2 Base Score: 7.7 (AV:A/AC:L/Au:S/C:C/I:C/A:C)\n\nMissing HttpOnly attribute vulnerability \\x96 CVE-2014-0634\nCVSS v2 Base Score: 6 (AV:N/AC:M/Au:S/C:P/I:P/A:P)\n\nSession Fixation vulnerability \\x96 CVE-2014-0635\nCVSS v2 Base Score: 7.5 (AV:N/AC:M/Au:S/C:C/I:P/A:P)\n\nBEAST Attack \\x96 CVE-2011-3389\nCVSS v2 Base Score: See NVD advisory for the CVSS score. \n\n\\x95Multiple Embedded Component Vulnerabilities\n\nMultiple vulnerabilities in the following embedded components of the SLES Operating System have been fixed:\n\tKernel: CVE-2011-1044, CVE-2011-4110, CVE-2012-2136\n\tperl: CVE-2002-2443\n\tkrb5: CVE-2013-1667\n\tbind packages: CVE-2012-5166\nCVSS v2 Base Score: See NVD advisory for the individual CVSS scores. \n\nRemote Information Disclosure vulnerability in OpenSSH - CVE-2012-0814\nCVSS v2 Base Score: See NVD advisory for the CVSS score. \n\nMultiple vulnerabilities in Oracle Java and Apache Tomcat: This release also contains critical security updates for Oracle Java and Apache Tomcat. Oracle Java has been upgraded to 1.6.0_45 and Apache tomcat has been upgraded to 6.0.36. Please refer the following links for more information:\n\tJava: http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html \n\tTomcat: https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.36 \nCVSS v2 Base Score: See vendor advisory for the individual CVSS scores. \n\nResolution:\n \nEMC recommends all customers to upgrade to VPLEX GeoSynchrony version 5.3 at their earliest opportunity. \n\nLink to remedies:\n\nCustomers can download the software from Support Zone. \n\n\nRead and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-877-534-2867. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201301-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Mozilla Products: Multiple vulnerabilities\n Date: January 08, 2013\n Bugs: #180159, #181361, #207261, #238535, #246602, #251322,\n #255221, #255234, #255687, #257577, #260062, #261386,\n #262704, #267234, #273918, #277752, #280226, #280234,\n #280393, #282549, #284439, #286721, #290892, #292034,\n #297532, #305689, #307045, #311021, #312361, #312645,\n #312651, #312675, #312679, #312763, #313003, #324735,\n #326341, #329279, #336396, #341821, #342847, #348316,\n #357057, #360055, #360315, #365323, #373595, #379549,\n #381245, #388045, #390771, #395431, #401701, #403183,\n #404437, #408161, #413657, #419917, #427224, #433383,\n #437780, #439586, #439960, #444318\n ID: 201301-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Mozilla Firefox,\nThunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which\nmay allow execution of arbitrary code or local privilege escalation. \n\nBackground\n==========\n\nMozilla Firefox is an open-source web browser and Mozilla Thunderbird\nan open-source email client, both from the Mozilla Project. The\nSeaMonkey project is a community effort to deliver production-quality\nreleases of code derived from the application formerly known as the\n\u0027Mozilla Application Suite\u0027. XULRunner is a Mozilla runtime package\nthat can be used to bootstrap XUL+XPCOM applications such as Firefox\nand Thunderbird. NSS is Mozilla\u0027s Network Security Services library\nthat implements PKI support. IceCat is the GNU version of Firefox. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-client/firefox \u003c 10.0.11 \u003e= 10.0.11\n 2 www-client/firefox-bin \u003c 10.0.11 \u003e= 10.0.11\n 3 mail-client/thunderbird \u003c 10.0.11 \u003e= 10.0.11\n 4 mail-client/thunderbird-bin\n \u003c 10.0.11 \u003e= 10.0.11\n 5 www-client/seamonkey \u003c 2.14-r1 \u003e= 2.14-r1\n 6 www-client/seamonkey-bin\n \u003c 2.14 \u003e= 2.14\n 7 dev-libs/nss \u003c 3.14 \u003e= 3.14\n 8 www-client/mozilla-firefox\n \u003c= 3.6.8 Vulnerable!\n 9 www-client/mozilla-firefox-bin\n \u003c= 3.5.6 Vulnerable!\n 10 mail-client/mozilla-thunderbird\n \u003c= 3.0.4-r1 Vulnerable!\n 11 mail-client/mozilla-thunderbird-bin\n \u003c= 3.0 Vulnerable!\n 12 www-client/icecat \u003c= 10.0-r1 Vulnerable!\n 13 net-libs/xulrunner \u003c= 2.0-r1 Vulnerable!\n 14 net-libs/xulrunner-bin \u003c= 1.8.1.19 Vulnerable!\n -------------------------------------------------------------------\n NOTE: Certain packages are still vulnerable. Users should migrate\n to another package if one is available or wait for the\n existing packages to be marked stable by their\n architecture maintainers. \n -------------------------------------------------------------------\n 14 affected packages\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Mozilla Firefox,\nThunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. \n\nImpact\n======\n\nA remote attacker could entice a user to view a specially crafted web\npage or email, possibly resulting in execution of arbitrary code or a\nDenial of Service condition. Furthermore, a remote attacker may be able\nto perform Man-in-the-Middle attacks, obtain sensitive information,\nbypass restrictions and protection mechanisms, force file downloads,\nconduct XML injection attacks, conduct XSS attacks, bypass the Same\nOrigin Policy, spoof URL\u0027s for phishing attacks, trigger a vertical\nscroll, spoof the location bar, spoof an SSL indicator, modify the\nbrowser\u0027s font, conduct clickjacking attacks, or have other unspecified\nimpact. \n\nA local attacker could gain escalated privileges, obtain sensitive\ninformation, or replace an arbitrary downloaded file. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Mozilla Firefox users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/firefox-10.0.11\"\n\nAll users of the Mozilla Firefox binary package should upgrade to the\nlatest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/firefox-bin-10.0.11\"=\n\n\nAll Mozilla Thunderbird users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=mail-client/thunderbird-10.0.11\"\n\nAll users of the Mozilla Thunderbird binary package should upgrade to\nthe latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=mail-client/thunderbird-bin-10.0.11\"\n\nAll Mozilla SeaMonkey users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/seamonkey-2.14-r1\"\n\nAll users of the Mozilla SeaMonkey binary package should upgrade to the\nlatest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/seamonkey-bin-2.14\"\n\nAll NSS users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/nss-3.14\"\n\nThe \"www-client/mozilla-firefox\" package has been merged into the\n\"www-client/firefox\" package. To upgrade, please unmerge\n\"www-client/mozilla-firefox\" and then emerge the latest\n\"www-client/firefox\" package:\n\n # emerge --sync\n # emerge --unmerge \"www-client/mozilla-firefox\"\n # emerge --ask --oneshot --verbose \"\u003e=www-client/firefox-10.0.11\"\n\nThe \"www-client/mozilla-firefox-bin\" package has been merged into the\n\"www-client/firefox-bin\" package. To upgrade, please unmerge\n\"www-client/mozilla-firefox-bin\" and then emerge the latest\n\"www-client/firefox-bin\" package:\n\n # emerge --sync\n # emerge --unmerge \"www-client/mozilla-firefox-bin\"\n # emerge --ask --oneshot --verbose \"\u003e=www-client/firefox-bin-10.0.11\"=\n\n\nThe \"mail-client/mozilla-thunderbird\" package has been merged into the\n\"mail-client/thunderbird\" package. To upgrade, please unmerge\n\"mail-client/mozilla-thunderbird\" and then emerge the latest\n\"mail-client/thunderbird\" package:\n\n # emerge --sync\n # emerge --unmerge \"mail-client/mozilla-thunderbird\"\n # emerge --ask --oneshot -v \"\u003e=mail-client/thunderbird-10.0.11\"\n\nThe \"mail-client/mozilla-thunderbird-bin\" package has been merged into\nthe \"mail-client/thunderbird-bin\" package. To upgrade, please unmerge\n\"mail-client/mozilla-thunderbird-bin\" and then emerge the latest\n\"mail-client/thunderbird-bin\" package:\n\n # emerge --sync\n # emerge --unmerge \"mail-client/mozilla-thunderbird-bin\"\n # emerge --ask --oneshot -v \"\u003e=mail-client/thunderbird-bin-10.0.11\"\n\nGentoo discontinued support for GNU IceCat. We recommend that users\nunmerge GNU IceCat:\n\n # emerge --unmerge \"www-client/icecat\"\n\nGentoo discontinued support for XULRunner. We recommend that users\nunmerge XULRunner:\n\n # emerge --unmerge \"net-libs/xulrunner\"\n\nGentoo discontinued support for the XULRunner binary package. We\nrecommend that users unmerge XULRunner:\n\n # emerge --unmerge \"net-libs/xulrunner-bin\"\n\nReferences\n==========\n\n[ 1 ] CVE-2011-3101\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3101\n[ 2 ] CVE-2007-2436\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2436\n[ 3 ] CVE-2007-2437\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2437\n[ 4 ] CVE-2007-2671\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2671\n[ 5 ] CVE-2007-3073\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3073\n[ 6 ] CVE-2008-0016\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0016\n[ 7 ] CVE-2008-0017\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0017\n[ 8 ] CVE-2008-0367\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0367\n[ 9 ] CVE-2008-3835\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3835\n[ 10 ] CVE-2008-3836\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3836\n[ 11 ] CVE-2008-3837\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3837\n[ 12 ] CVE-2008-4058\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4058\n[ 13 ] CVE-2008-4059\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4059\n[ 14 ] CVE-2008-4060\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4060\n[ 15 ] CVE-2008-4061\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4061\n[ 16 ] CVE-2008-4062\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4062\n[ 17 ] CVE-2008-4063\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4063\n[ 18 ] CVE-2008-4064\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4064\n[ 19 ] CVE-2008-4065\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4065\n[ 20 ] CVE-2008-4066\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4066\n[ 21 ] CVE-2008-4067\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4067\n[ 22 ] CVE-2008-4068\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4068\n[ 23 ] CVE-2008-4069\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4069\n[ 24 ] CVE-2008-4070\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4070\n[ 25 ] CVE-2008-4582\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4582\n[ 26 ] CVE-2008-5012\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5012\n[ 27 ] CVE-2008-5013\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5013\n[ 28 ] CVE-2008-5014\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5014\n[ 29 ] CVE-2008-5015\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5015\n[ 30 ] CVE-2008-5016\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5016\n[ 31 ] CVE-2008-5017\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5017\n[ 32 ] CVE-2008-5018\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5018\n[ 33 ] CVE-2008-5019\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5019\n[ 34 ] CVE-2008-5021\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5021\n[ 35 ] CVE-2008-5022\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5022\n[ 36 ] CVE-2008-5023\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5023\n[ 37 ] CVE-2008-5024\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5024\n[ 38 ] CVE-2008-5052\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5052\n[ 39 ] CVE-2008-5500\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5500\n[ 40 ] CVE-2008-5501\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5501\n[ 41 ] CVE-2008-5502\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5502\n[ 42 ] CVE-2008-5503\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5503\n[ 43 ] CVE-2008-5504\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5504\n[ 44 ] CVE-2008-5505\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5505\n[ 45 ] CVE-2008-5506\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5506\n[ 46 ] CVE-2008-5507\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5507\n[ 47 ] CVE-2008-5508\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5508\n[ 48 ] CVE-2008-5510\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5510\n[ 49 ] CVE-2008-5511\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5511\n[ 50 ] CVE-2008-5512\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5512\n[ 51 ] CVE-2008-5513\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5513\n[ 52 ] CVE-2008-5822\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5822\n[ 53 ] CVE-2008-5913\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5913\n[ 54 ] CVE-2008-6961\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6961\n[ 55 ] CVE-2009-0071\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0071\n[ 56 ] CVE-2009-0071\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0071\n[ 57 ] CVE-2009-0352\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0352\n[ 58 ] CVE-2009-0353\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0353\n[ 59 ] CVE-2009-0354\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0354\n[ 60 ] CVE-2009-0355\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0355\n[ 61 ] CVE-2009-0356\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0356\n[ 62 ] CVE-2009-0357\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0357\n[ 63 ] CVE-2009-0358\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0358\n[ 64 ] CVE-2009-0652\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0652\n[ 65 ] CVE-2009-0771\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0771\n[ 66 ] CVE-2009-0772\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0772\n[ 67 ] CVE-2009-0773\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0773\n[ 68 ] CVE-2009-0774\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0774\n[ 69 ] CVE-2009-0775\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0775\n[ 70 ] CVE-2009-0776\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0776\n[ 71 ] CVE-2009-0777\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0777\n[ 72 ] CVE-2009-1044\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1044\n[ 73 ] CVE-2009-1169\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1169\n[ 74 ] CVE-2009-1302\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1302\n[ 75 ] CVE-2009-1303\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1303\n[ 76 ] CVE-2009-1304\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1304\n[ 77 ] CVE-2009-1305\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1305\n[ 78 ] CVE-2009-1306\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1306\n[ 79 ] CVE-2009-1307\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1307\n[ 80 ] CVE-2009-1308\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1308\n[ 81 ] CVE-2009-1309\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1309\n[ 82 ] CVE-2009-1310\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1310\n[ 83 ] CVE-2009-1311\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1311\n[ 84 ] CVE-2009-1312\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1312\n[ 85 ] CVE-2009-1313\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1313\n[ 86 ] CVE-2009-1392\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1392\n[ 87 ] CVE-2009-1563\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1563\n[ 88 ] CVE-2009-1571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1571\n[ 89 ] CVE-2009-1828\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1828\n[ 90 ] CVE-2009-1832\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1832\n[ 91 ] CVE-2009-1833\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1833\n[ 92 ] CVE-2009-1834\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1834\n[ 93 ] CVE-2009-1835\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1835\n[ 94 ] CVE-2009-1836\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1836\n[ 95 ] CVE-2009-1837\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1837\n[ 96 ] CVE-2009-1838\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1838\n[ 97 ] CVE-2009-1839\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1839\n[ 98 ] CVE-2009-1840\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1840\n[ 99 ] CVE-2009-1841\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1841\n[ 100 ] CVE-2009-2043\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2043\n[ 101 ] CVE-2009-2044\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2044\n[ 102 ] CVE-2009-2061\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2061\n[ 103 ] CVE-2009-2065\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2065\n[ 104 ] CVE-2009-2210\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2210\n[ 105 ] CVE-2009-2404\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2404\n[ 106 ] CVE-2009-2408\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2408\n[ 107 ] CVE-2009-2462\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2462\n[ 108 ] CVE-2009-2463\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2463\n[ 109 ] CVE-2009-2464\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2464\n[ 110 ] CVE-2009-2465\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2465\n[ 111 ] CVE-2009-2466\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2466\n[ 112 ] CVE-2009-2467\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2467\n[ 113 ] CVE-2009-2469\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2469\n[ 114 ] CVE-2009-2470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2470\n[ 115 ] CVE-2009-2471\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2471\n[ 116 ] CVE-2009-2472\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2472\n[ 117 ] CVE-2009-2477\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2477\n[ 118 ] CVE-2009-2478\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2478\n[ 119 ] CVE-2009-2479\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2479\n[ 120 ] CVE-2009-2535\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2535\n[ 121 ] CVE-2009-2654\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2654\n[ 122 ] CVE-2009-2662\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2662\n[ 123 ] CVE-2009-2664\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2664\n[ 124 ] CVE-2009-2665\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2665\n[ 125 ] CVE-2009-3069\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3069\n[ 126 ] CVE-2009-3070\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3070\n[ 127 ] CVE-2009-3071\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3071\n[ 128 ] CVE-2009-3072\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3072\n[ 129 ] CVE-2009-3074\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3074\n[ 130 ] CVE-2009-3075\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3075\n[ 131 ] CVE-2009-3076\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3076\n[ 132 ] CVE-2009-3077\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3077\n[ 133 ] CVE-2009-3078\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3078\n[ 134 ] CVE-2009-3079\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3079\n[ 135 ] CVE-2009-3274\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3274\n[ 136 ] CVE-2009-3371\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3371\n[ 137 ] CVE-2009-3372\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3372\n[ 138 ] CVE-2009-3373\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3373\n[ 139 ] CVE-2009-3374\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3374\n[ 140 ] CVE-2009-3375\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3375\n[ 141 ] CVE-2009-3376\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3376\n[ 142 ] CVE-2009-3377\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3377\n[ 143 ] CVE-2009-3378\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3378\n[ 144 ] CVE-2009-3379\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3379\n[ 145 ] CVE-2009-3380\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3380\n[ 146 ] CVE-2009-3381\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3381\n[ 147 ] CVE-2009-3382\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3382\n[ 148 ] CVE-2009-3383\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3383\n[ 149 ] CVE-2009-3388\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3388\n[ 150 ] CVE-2009-3389\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3389\n[ 151 ] CVE-2009-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555\n[ 152 ] CVE-2009-3978\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3978\n[ 153 ] CVE-2009-3979\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3979\n[ 154 ] CVE-2009-3980\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3980\n[ 155 ] CVE-2009-3981\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3981\n[ 156 ] CVE-2009-3982\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3982\n[ 157 ] CVE-2009-3983\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3983\n[ 158 ] CVE-2009-3984\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3984\n[ 159 ] CVE-2009-3985\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3985\n[ 160 ] CVE-2009-3986\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3986\n[ 161 ] CVE-2009-3987\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3987\n[ 162 ] CVE-2009-3988\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3988\n[ 163 ] CVE-2010-0159\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0159\n[ 164 ] CVE-2010-0160\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0160\n[ 165 ] CVE-2010-0162\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0162\n[ 166 ] CVE-2010-0163\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0163\n[ 167 ] CVE-2010-0164\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0164\n[ 168 ] CVE-2010-0165\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0165\n[ 169 ] CVE-2010-0166\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0166\n[ 170 ] CVE-2010-0167\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0167\n[ 171 ] CVE-2010-0167\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0167\n[ 172 ] CVE-2010-0168\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0168\n[ 173 ] CVE-2010-0169\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0169\n[ 174 ] CVE-2010-0169\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0169\n[ 175 ] CVE-2010-0170\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0170\n[ 176 ] CVE-2010-0171\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0171\n[ 177 ] CVE-2010-0171\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0171\n[ 178 ] CVE-2010-0172\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0172\n[ 179 ] CVE-2010-0173\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0173\n[ 180 ] CVE-2010-0174\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0174\n[ 181 ] CVE-2010-0174\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0174\n[ 182 ] CVE-2010-0175\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0175\n[ 183 ] CVE-2010-0175\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0175\n[ 184 ] CVE-2010-0176\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0176\n[ 185 ] CVE-2010-0176\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0176\n[ 186 ] CVE-2010-0177\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0177\n[ 187 ] CVE-2010-0178\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0178\n[ 188 ] CVE-2010-0179\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0179\n[ 189 ] CVE-2010-0181\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0181\n[ 190 ] CVE-2010-0182\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0182\n[ 191 ] CVE-2010-0183\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0183\n[ 192 ] CVE-2010-0220\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0220\n[ 193 ] CVE-2010-0648\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0648\n[ 194 ] CVE-2010-0654\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0654\n[ 195 ] CVE-2010-1028\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1028\n[ 196 ] CVE-2010-1121\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1121\n[ 197 ] CVE-2010-1125\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1125\n[ 198 ] CVE-2010-1196\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1196\n[ 199 ] CVE-2010-1197\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1197\n[ 200 ] CVE-2010-1198\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1198\n[ 201 ] CVE-2010-1199\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1199\n[ 202 ] CVE-2010-1200\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1200\n[ 203 ] CVE-2010-1201\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1201\n[ 204 ] CVE-2010-1202\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1202\n[ 205 ] CVE-2010-1203\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1203\n[ 206 ] CVE-2010-1205\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1205\n[ 207 ] CVE-2010-1206\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1206\n[ 208 ] CVE-2010-1207\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1207\n[ 209 ] CVE-2010-1208\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1208\n[ 210 ] CVE-2010-1209\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1209\n[ 211 ] CVE-2010-1210\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1210\n[ 212 ] CVE-2010-1211\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1211\n[ 213 ] CVE-2010-1212\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1212\n[ 214 ] CVE-2010-1213\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1213\n[ 215 ] CVE-2010-1214\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1214\n[ 216 ] CVE-2010-1215\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1215\n[ 217 ] CVE-2010-1585\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1585\n[ 218 ] CVE-2010-2751\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2751\n[ 219 ] CVE-2010-2752\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2752\n[ 220 ] CVE-2010-2753\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2753\n[ 221 ] CVE-2010-2754\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2754\n[ 222 ] CVE-2010-2755\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2755\n[ 223 ] CVE-2010-2760\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2760\n[ 224 ] CVE-2010-2762\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2762\n[ 225 ] CVE-2010-2763\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2763\n[ 226 ] CVE-2010-2764\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2764\n[ 227 ] CVE-2010-2765\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2765\n[ 228 ] CVE-2010-2766\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2766\n[ 229 ] CVE-2010-2767\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2767\n[ 230 ] CVE-2010-2768\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2768\n[ 231 ] CVE-2010-2769\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2769\n[ 232 ] CVE-2010-2770\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2770\n[ 233 ] CVE-2010-3131\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3131\n[ 234 ] CVE-2010-3166\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3166\n[ 235 ] CVE-2010-3167\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3167\n[ 236 ] CVE-2010-3168\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3168\n[ 237 ] CVE-2010-3169\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3169\n[ 238 ] CVE-2010-3170\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3170\n[ 239 ] CVE-2010-3171\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3171\n[ 240 ] CVE-2010-3173\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3173\n[ 241 ] CVE-2010-3174\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3174\n[ 242 ] CVE-2010-3175\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3175\n[ 243 ] CVE-2010-3176\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3176\n[ 244 ] CVE-2010-3177\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3177\n[ 245 ] CVE-2010-3178\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3178\n[ 246 ] CVE-2010-3179\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3179\n[ 247 ] CVE-2010-3180\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3180\n[ 248 ] CVE-2010-3182\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3182\n[ 249 ] CVE-2010-3183\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3183\n[ 250 ] CVE-2010-3399\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3399\n[ 251 ] CVE-2010-3400\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3400\n[ 252 ] CVE-2010-3765\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3765\n[ 253 ] CVE-2010-3766\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3766\n[ 254 ] CVE-2010-3767\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3767\n[ 255 ] CVE-2010-3768\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3768\n[ 256 ] CVE-2010-3769\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3769\n[ 257 ] CVE-2010-3770\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3770\n[ 258 ] CVE-2010-3771\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3771\n[ 259 ] CVE-2010-3772\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3772\n[ 260 ] CVE-2010-3773\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3773\n[ 261 ] CVE-2010-3774\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3774\n[ 262 ] CVE-2010-3775\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3775\n[ 263 ] CVE-2010-3776\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3776\n[ 264 ] CVE-2010-3777\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3777\n[ 265 ] CVE-2010-3778\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3778\n[ 266 ] CVE-2010-4508\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4508\n[ 267 ] CVE-2010-5074\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5074\n[ 268 ] CVE-2011-0051\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0051\n[ 269 ] CVE-2011-0053\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0053\n[ 270 ] CVE-2011-0054\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0054\n[ 271 ] CVE-2011-0055\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0055\n[ 272 ] CVE-2011-0056\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0056\n[ 273 ] CVE-2011-0057\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0057\n[ 274 ] CVE-2011-0058\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0058\n[ 275 ] CVE-2011-0059\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0059\n[ 276 ] CVE-2011-0061\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0061\n[ 277 ] CVE-2011-0062\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0062\n[ 278 ] CVE-2011-0065\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0065\n[ 279 ] CVE-2011-0066\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0066\n[ 280 ] CVE-2011-0067\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0067\n[ 281 ] CVE-2011-0068\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0068\n[ 282 ] CVE-2011-0069\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0069\n[ 283 ] CVE-2011-0070\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0070\n[ 284 ] CVE-2011-0071\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0071\n[ 285 ] CVE-2011-0072\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0072\n[ 286 ] CVE-2011-0073\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0073\n[ 287 ] CVE-2011-0074\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0074\n[ 288 ] CVE-2011-0075\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0075\n[ 289 ] CVE-2011-0076\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0076\n[ 290 ] CVE-2011-0077\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0077\n[ 291 ] CVE-2011-0078\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0078\n[ 292 ] CVE-2011-0079\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0079\n[ 293 ] CVE-2011-0080\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0080\n[ 294 ] CVE-2011-0081\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0081\n[ 295 ] CVE-2011-0082\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0082\n[ 296 ] CVE-2011-0083\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0083\n[ 297 ] CVE-2011-0084\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0084\n[ 298 ] CVE-2011-0085\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0085\n[ 299 ] CVE-2011-1187\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1187\n[ 300 ] CVE-2011-1202\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1202\n[ 301 ] CVE-2011-1712\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1712\n[ 302 ] CVE-2011-2362\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2362\n[ 303 ] CVE-2011-2363\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2363\n[ 304 ] CVE-2011-2364\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2364\n[ 305 ] CVE-2011-2365\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2365\n[ 306 ] CVE-2011-2369\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2369\n[ 307 ] CVE-2011-2370\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2370\n[ 308 ] CVE-2011-2371\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2371\n[ 309 ] CVE-2011-2372\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2372\n[ 310 ] CVE-2011-2373\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2373\n[ 311 ] CVE-2011-2374\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2374\n[ 312 ] CVE-2011-2375\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2375\n[ 313 ] CVE-2011-2376\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2376\n[ 314 ] CVE-2011-2377\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2377\n[ 315 ] CVE-2011-2378\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2378\n[ 316 ] CVE-2011-2605\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2605\n[ 317 ] CVE-2011-2980\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2980\n[ 318 ] CVE-2011-2981\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2981\n[ 319 ] CVE-2011-2982\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2982\n[ 320 ] CVE-2011-2983\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2983\n[ 321 ] CVE-2011-2984\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2984\n[ 322 ] CVE-2011-2985\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2985\n[ 323 ] CVE-2011-2986\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2986\n[ 324 ] CVE-2011-2987\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2987\n[ 325 ] CVE-2011-2988\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2988\n[ 326 ] CVE-2011-2989\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2989\n[ 327 ] CVE-2011-2990\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2990\n[ 328 ] CVE-2011-2991\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2991\n[ 329 ] CVE-2011-2993\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2993\n[ 330 ] CVE-2011-2995\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2995\n[ 331 ] CVE-2011-2996\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2996\n[ 332 ] CVE-2011-2997\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2997\n[ 333 ] CVE-2011-2998\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2998\n[ 334 ] CVE-2011-2999\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2999\n[ 335 ] CVE-2011-3000\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3000\n[ 336 ] CVE-2011-3001\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3001\n[ 337 ] CVE-2011-3002\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3002\n[ 338 ] CVE-2011-3003\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3003\n[ 339 ] CVE-2011-3004\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3004\n[ 340 ] CVE-2011-3005\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3005\n[ 341 ] CVE-2011-3026\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3026\n[ 342 ] CVE-2011-3062\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3062\n[ 343 ] CVE-2011-3232\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3232\n[ 344 ] CVE-2011-3389\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389\n[ 345 ] CVE-2011-3640\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3640\n[ 346 ] CVE-2011-3647\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3647\n[ 347 ] CVE-2011-3648\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3648\n[ 348 ] CVE-2011-3649\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3649\n[ 349 ] CVE-2011-3650\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3650\n[ 350 ] CVE-2011-3651\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3651\n[ 351 ] CVE-2011-3652\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3652\n[ 352 ] CVE-2011-3653\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3653\n[ 353 ] CVE-2011-3654\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3654\n[ 354 ] CVE-2011-3655\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3655\n[ 355 ] CVE-2011-3658\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3658\n[ 356 ] CVE-2011-3659\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3659\n[ 357 ] CVE-2011-3660\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3660\n[ 358 ] CVE-2011-3661\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3661\n[ 359 ] CVE-2011-3663\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3663\n[ 360 ] CVE-2011-3665\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3665\n[ 361 ] CVE-2011-3670\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3670\n[ 362 ] CVE-2011-3866\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3866\n[ 363 ] CVE-2011-4688\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4688\n[ 364 ] CVE-2012-0441\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0441\n[ 365 ] CVE-2012-0442\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0442\n[ 366 ] CVE-2012-0443\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0443\n[ 367 ] CVE-2012-0444\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0444\n[ 368 ] CVE-2012-0445\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0445\n[ 369 ] CVE-2012-0446\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0446\n[ 370 ] CVE-2012-0447\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0447\n[ 371 ] CVE-2012-0449\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0449\n[ 372 ] CVE-2012-0450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0450\n[ 373 ] CVE-2012-0451\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0451\n[ 374 ] CVE-2012-0452\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0452\n[ 375 ] CVE-2012-0455\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0455\n[ 376 ] CVE-2012-0456\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0456\n[ 377 ] CVE-2012-0457\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0457\n[ 378 ] CVE-2012-0458\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0458\n[ 379 ] CVE-2012-0459\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0459\n[ 380 ] CVE-2012-0460\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0460\n[ 381 ] CVE-2012-0461\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0461\n[ 382 ] CVE-2012-0462\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0462\n[ 383 ] CVE-2012-0463\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0463\n[ 384 ] CVE-2012-0464\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0464\n[ 385 ] CVE-2012-0467\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0467\n[ 386 ] CVE-2012-0468\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0468\n[ 387 ] CVE-2012-0469\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0469\n[ 388 ] CVE-2012-0470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0470\n[ 389 ] CVE-2012-0471\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0471\n[ 390 ] CVE-2012-0473\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0473\n[ 391 ] CVE-2012-0474\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0474\n[ 392 ] CVE-2012-0475\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0475\n[ 393 ] CVE-2012-0477\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0477\n[ 394 ] CVE-2012-0478\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0478\n[ 395 ] CVE-2012-0479\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0479\n[ 396 ] CVE-2012-1937\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1937\n[ 397 ] CVE-2012-1938\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1938\n[ 398 ] CVE-2012-1939\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1939\n[ 399 ] CVE-2012-1940\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1940\n[ 400 ] CVE-2012-1941\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1941\n[ 401 ] CVE-2012-1945\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1945\n[ 402 ] CVE-2012-1946\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1946\n[ 403 ] CVE-2012-1947\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1947\n[ 404 ] CVE-2012-1948\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1948\n[ 405 ] CVE-2012-1949\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1949\n[ 406 ] CVE-2012-1950\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1950\n[ 407 ] CVE-2012-1951\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1951\n[ 408 ] CVE-2012-1952\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1952\n[ 409 ] CVE-2012-1953\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1953\n[ 410 ] CVE-2012-1954\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1954\n[ 411 ] CVE-2012-1955\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1955\n[ 412 ] CVE-2012-1956\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1956\n[ 413 ] CVE-2012-1957\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1957\n[ 414 ] CVE-2012-1958\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1958\n[ 415 ] CVE-2012-1959\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1959\n[ 416 ] CVE-2012-1960\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1960\n[ 417 ] CVE-2012-1961\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1961\n[ 418 ] CVE-2012-1962\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1962\n[ 419 ] CVE-2012-1963\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1963\n[ 420 ] CVE-2012-1964\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1964\n[ 421 ] CVE-2012-1965\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1965\n[ 422 ] CVE-2012-1966\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1966\n[ 423 ] CVE-2012-1967\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1967\n[ 424 ] CVE-2012-1970\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1970\n[ 425 ] CVE-2012-1971\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1971\n[ 426 ] CVE-2012-1972\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1972\n[ 427 ] CVE-2012-1973\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1973\n[ 428 ] CVE-2012-1974\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1974\n[ 429 ] CVE-2012-1975\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1975\n[ 430 ] CVE-2012-1976\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1976\n[ 431 ] CVE-2012-1994\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1994\n[ 432 ] CVE-2012-3956\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3956\n[ 433 ] CVE-2012-3957\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3957\n[ 434 ] CVE-2012-3958\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3958\n[ 435 ] CVE-2012-3959\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3959\n[ 436 ] CVE-2012-3960\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3960\n[ 437 ] CVE-2012-3961\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3961\n[ 438 ] CVE-2012-3962\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3962\n[ 439 ] CVE-2012-3963\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3963\n[ 440 ] CVE-2012-3964\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3964\n[ 441 ] CVE-2012-3965\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3965\n[ 442 ] CVE-2012-3966\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3966\n[ 443 ] CVE-2012-3967\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3967\n[ 444 ] CVE-2012-3968\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3968\n[ 445 ] CVE-2012-3969\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3969\n[ 446 ] CVE-2012-3970\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3970\n[ 447 ] CVE-2012-3971\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3971\n[ 448 ] CVE-2012-3972\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3972\n[ 449 ] CVE-2012-3973\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3973\n[ 450 ] CVE-2012-3975\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3975\n[ 451 ] CVE-2012-3976\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3976\n[ 452 ] CVE-2012-3977\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3977\n[ 453 ] CVE-2012-3978\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3978\n[ 454 ] CVE-2012-3980\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3980\n[ 455 ] CVE-2012-3982\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3982\n[ 456 ] CVE-2012-3984\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3984\n[ 457 ] CVE-2012-3985\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3985\n[ 458 ] CVE-2012-3986\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3986\n[ 459 ] CVE-2012-3988\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3988\n[ 460 ] CVE-2012-3989\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3989\n[ 461 ] CVE-2012-3990\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3990\n[ 462 ] CVE-2012-3991\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3991\n[ 463 ] CVE-2012-3992\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3992\n[ 464 ] CVE-2012-3993\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3993\n[ 465 ] CVE-2012-3994\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3994\n[ 466 ] CVE-2012-3995\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3995\n[ 467 ] CVE-2012-4179\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4179\n[ 468 ] CVE-2012-4180\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4180\n[ 469 ] CVE-2012-4181\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4181\n[ 470 ] CVE-2012-4182\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4182\n[ 471 ] CVE-2012-4183\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4183\n[ 472 ] CVE-2012-4184\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4184\n[ 473 ] CVE-2012-4185\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4185\n[ 474 ] CVE-2012-4186\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4186\n[ 475 ] CVE-2012-4187\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4187\n[ 476 ] CVE-2012-4188\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4188\n[ 477 ] CVE-2012-4190\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4190\n[ 478 ] CVE-2012-4191\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4191\n[ 479 ] CVE-2012-4192\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4192\n[ 480 ] CVE-2012-4193\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4193\n[ 481 ] CVE-2012-4194\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4194\n[ 482 ] CVE-2012-4195\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4195\n[ 483 ] CVE-2012-4196\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4196\n[ 484 ] CVE-2012-4201\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4201\n[ 485 ] CVE-2012-4202\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4202\n[ 486 ] CVE-2012-4204\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4204\n[ 487 ] CVE-2012-4205\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4205\n[ 488 ] CVE-2012-4206\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4206\n[ 489 ] CVE-2012-4207\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4207\n[ 490 ] CVE-2012-4208\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4208\n[ 491 ] CVE-2012-4209\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4209\n[ 492 ] CVE-2012-4210\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4210\n[ 493 ] CVE-2012-4212\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4212\n[ 494 ] CVE-2012-4215\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4215\n[ 495 ] CVE-2012-4216\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4216\n[ 496 ] CVE-2012-5354\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5354\n[ 497 ] CVE-2012-5829\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5829\n[ 498 ] CVE-2012-5830\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5830\n[ 499 ] CVE-2012-5833\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5833\n[ 500 ] CVE-2012-5835\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5835\n[ 501 ] CVE-2012-5836\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5836\n[ 502 ] CVE-2012-5838\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5838\n[ 503 ] CVE-2012-5839\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5839\n[ 504 ] CVE-2012-5840\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5840\n[ 505 ] CVE-2012-5841\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5841\n[ 506 ] CVE-2012-5842\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5842\n[ 507 ] CVE-2012-5843\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5843\n[ 508 ] Firefox Blocking Fraudulent Certificates\n\nhttp://blog.mozilla.org/security/2011/03/22/firefox-blocking-fraudulent-c=\nertificates/\n[ 509 ] Mozilla Foundation Security Advisory 2011-11\n http://www.mozilla.org/security/announce/2011/mfsa2011-11.html\n[ 510 ] Mozilla Foundation Security Advisory 2011-34\n http://www.mozilla.org/security/announce/2011/mfsa2011-34.html\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201301-01.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2013 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: java-1.6.0-sun security update\nAdvisory ID: RHSA-2011:1384-01\nProduct: Red Hat Enterprise Linux Extras\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2011-1384.html\nIssue date: 2011-10-19\nCVE Names: CVE-2011-3389 CVE-2011-3516 CVE-2011-3521 \n CVE-2011-3544 CVE-2011-3545 CVE-2011-3546 \n CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 \n CVE-2011-3550 CVE-2011-3551 CVE-2011-3552 \n CVE-2011-3553 CVE-2011-3554 CVE-2011-3555 \n CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 \n CVE-2011-3560 CVE-2011-3561 \n=====================================================================\n\n1. Summary:\n\nUpdated java-1.6.0-sun packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise\nLinux 5 and 6 Supplementary. \n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. \n\n2. Relevant releases/architectures:\n\nRed Hat Desktop version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux AS version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux ES version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux WS version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. Description:\n\nThe Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and\nthe Sun Java 6 Software Development Kit. \n\nThis update fixes several vulnerabilities in the Sun Java 6 Runtime\nEnvironment and the Sun Java 6 Software Development Kit. Further\ninformation about these flaws can be found on the Oracle Java SE Critical\nPatch page, listed in the References section. (CVE-2011-3389,\nCVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546,\nCVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551,\nCVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3555, CVE-2011-3556,\nCVE-2011-3557, CVE-2011-3558, CVE-2011-3560, CVE-2011-3561)\n\nAll users of java-1.6.0-sun are advised to upgrade to these updated\npackages, which provide JDK and JRE 6 Update 29 and resolve these issues. \nAll running instances of Sun Java must be restarted for the update to take\neffect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)\n745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936)\n745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600)\n745391 - CVE-2011-3551 OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640)\n745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417)\n745399 - CVE-2011-3544 OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823)\n745442 - CVE-2011-3521 OpenJDK: IIOP deserialization code execution (Deserialization, 7055902)\n745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857)\n745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466)\n745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012)\n745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773)\n745476 - CVE-2011-3553 OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794)\n745492 - CVE-2011-3558 OpenJDK: Hotspot unspecified issue (Hotspot, 7070134)\n747191 - CVE-2011-3545 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Sound)\n747198 - CVE-2011-3549 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Swing)\n747200 - CVE-2011-3550 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (AWT)\n747203 - CVE-2011-3516 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)\n747205 - CVE-2011-3546 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)\n747206 - CVE-2011-3555 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (JRE)\n747208 - CVE-2011-3561 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)\n\n6. Package List:\n\nRed Hat Enterprise Linux AS version 4 Extras:\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm\n\nRed Hat Desktop version 4 Extras:\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm\n\nRed Hat Enterprise Linux ES version 4 Extras:\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm\n\nRed Hat Enterprise Linux WS version 4 Extras:\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5):\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 5):\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6):\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3389.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3516.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3521.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3544.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3545.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3546.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3547.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3548.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3549.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3550.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3551.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3552.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3553.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3554.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3555.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3556.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3557.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3558.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3560.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3561.html\nhttps://access.redhat.com/security/updates/classification/#critical\nhttp://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2011 Red Hat, Inc. \nTo implement first block splitting in RSA BSAFE Micro Edition Suite 4.0, either for an SSL context or SSL object, call R_SSL_CTX_set_options_by_type() or R_SSL_set_options_by_type() respectively, with the SSL_OP_TYPE_SECURITY option type and the SSL_OP_SPLIT_FIRST_FRAGMENT identifier. \n\nFor more information about these functions and identifiers, see the RSA BSAFE Micro Edition Suite API Reference Guide. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nESA-2013-039: RSA BSAFE\\xae SSL-J Multiple Vulnerabilities\n\n\nEMC Identifier: ESA-2013-039\n\n\nCVE Identifier: CVE-2011-3389, CVE-2013-0169\n\n\nSeverity Rating: CVSS v2 Base Score: Refer NVD (http://nvd.nist.gov/) for individual scores for each CVE\n\n \n\nAffected Products:\n\nAll versions of RSA BSAFE SSL-J except for 6.0.1 and 5.1.2\n\n \n\nUnaffected Products:\n\nRSA BSAFE SSL-J 6.0.1 and 5.1.2 (newly released)\n\n \n\nSummary: \n\nRSA BSAFE SSL-J 6.0.1 and 5.1.2 contain updates designed to prevent BEAST attacks (CVE-2011-3389) and SSL/TLS Plaintext Recovery (aka Lucky Thirteen) attacks (CVE-2013-0169). \n\n \n\nDetails: \n\nBEAST\n\nThere is a known vulnerability in SSLv3 and TLS v1.0 to do with how the Initialization Vector (IV) is generated. For symmetric key algorithms in CBC mode, the IV for the first record is generated using keys and secrets set during the SSL or TLS handshake. All subsequent records are encrypted using the ciphertext block from the previous record as the IV. With symmetric key encryption in CBC mode, plain text encrypted with the same IV and key generates the same cipher text, which is why having a variable IV is important. \n\nThe BEAST exploit uses this SSLv3 and TLS v1.0 vulnerability by allowing an attacker to observe the last ciphertext block, which is the IV, then replace this with an IV of their choice, inject some of their own plain text data, and when this new IV is used to encrypt the data, the attacker can guess the plain text data one byte at a time. \n\n\nLucky Thirteen\n\nResearchers have discovered a weakness in the handling of CBC cipher suites in SSL, TLS and DTLS. The \\x93Lucky Thirteen\\x94 attack exploits timing differences arising during MAC processing. Vulnerable implementations do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue. \n\n \n\nDetails of this attack can be found at: http://www.isg.rhul.ac.uk/tls/TLStiming.pdf\n \n\n\nRecommendation:\n\n \n\nRSA recommends that customers on RSA BSAFE SSL-J 5.1.x or lower upgrade to RSA BSAFE SSL-J 5.1.2. RSA recommends that customers on RSA BSAFE SSL-J 6.0 upgrade to RSA BSAFE SSL-J 6.0.1. \n\nTo address BEAST, RSA introduce a new feature called first block splitting to RSA BSAFE SSL-J 6.0.1 and 5.1.2. First block splitting is designed to prevent the BEAST exploit by introducing unknown data into the encryption scheme prior to the attackers inserted plain text data. This is done as follows: \n\n\\x951. The first plain text block to be encrypted is split into two blocks. The first block contains the first byte of the data, the second block contains the rest. \n\\x952. A MAC is generated from the one byte of data, the MAC key, and an increasing counter. This MAC is included in the first block. \n\\x953. The one byte of data, along with the MAC, is encrypted and becomes the IV for the next block. Because the IV is now essentially random data, it is impossible for an attacker to predict it and replace it with one of their own. \nFor RSA BSAFE SSL-J 6.0.1 and 5.1.2, first block splitting is engineered to be enabled by default for vulnerable cipher suites, making the application secure by default. If required, the application can disable first block splitting by setting the system property jsse.enableCBCProtection:\n\n \n\n\\x95 Using the following Java code:\n\n System.setProperty(\"jsse.enableCBCProtection\", \"false\");\n\n \n\n OR\n\n \n\n\\x95 On the Java command line, passing the following argument:\n\n -Djsse.enableCBCProtection=\\x94false\\x94\n\n \n\nFor more information about setting security properties, see section System and Security Properties in the RSA BSAFE SSL-J Developer Guide. \n\nThe best way to help prevent the BEAST attack is to use TLS v1.1 or higher. The vulnerability to do with IV generation was fixed in TLS v1.1 (released in 2006) so implementations using only TLS v1.1 or v1.2 are engineered to be secure against the BEAST exploit. However, support for these higher level protocols is limited to a smaller number of applications, so supporting only TLS v1.1 or v1.2 might cause interoperability issues. \n\nA second solution is to limit the negotiated cipher suites to exclude those that do not require symmetric key algorithms in CBC mode. However, this substantially restricts the number of cipher suites that can be negotiated. That is, only cipher suites with NULL encryption or cipher suites with streaming encryption algorithms (the RC4 algorithm) could be negotiated, which might result in reduced security. \n\nTo address Lucky Thirteen, RSA BSAFE SSL-J 6.0.1 and 5.1.2 contain a patch that is designed to help ensure that MAC checking is time invariant in servers. \n\nCustomers can also protect against the Lucky Thirteen attack by disabling CBC mode cipher suites on clients and servers. Cipher suites that use RC4 and, if TLS 1.2 is available, AES-GCM can be used. \n\n\n\nObtaining Downloads:\n\nTo request your upgrade of the software, please call your local support telephone number (contact phone numbers are available at http://www.rsa.com/node.aspx?id=1356 ) for most expedient service. You may also request your software upgrade online at http://www.rsa.com/go/form_ins.asp . \n\n\n\nObtaining Documentation:\n\nTo obtain RSA documentation, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click Products in the top navigation menu. Select the specific product whose documentation you want to obtain. Scroll to the section for the product version that you want and click the set link. \n\n\n\nSeverity Rating:\n\nFor an explanation of Severity Ratings, refer to the Knowledge Base Article, \\x93Security Advisories Severity Rating\\x94 at https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604. RSA recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. \n\n\n\nObtaining More Information:\n\nFor more information about RSA products, visit the RSA web site at http://www.rsa.com. \n\n\n\nGetting Support and Service:\n\nFor customers with current maintenance contracts, contact your local RSA Customer Support center with any additional questions regarding this RSA SecurCare Note. For contact telephone numbers or e-mail addresses, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com, click Help \u0026 Contact, and then click the Contact Us - Phone tab or the Contact Us - Email tab. \n\n\n\nGeneral Customer Support Information:\n\nhttp://www.rsa.com/node.aspx?id=1264\n\n\n\nRSA SecurCare Online:\n\nhttps://knowledge.rsasecurity.com\n\n\n\nEOPS Policy:\n\nRSA has a defined End of Primary Support policy associated with all major versions. Please refer to the link below for additional details. \nhttp://www.rsa.com/node.aspx?id=2575 \n\n\n\nSecurCare Online Security Advisories\n\nRSA, The Security Division of EMC, distributes SCOL Security Advisories in order to bring to the attention of users of the affected RSA products important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided \"as is\" without warranty of any kind. RSA disclaim all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall RSA or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. \n\n\n\nAbout RSA SecurCare Notes \u0026 Security Advisories Subscription\n\nRSA SecurCare Notes \u0026 Security Advisories are targeted e-mail messages that RSA sends you based on the RSA product family you currently use. If you\\x92d like to stop receiving RSA SecurCare Notes \u0026 Security Advisories, or if you\\x92d like to change which RSA product family Notes \u0026 Security Advisories you currently receive, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com/scolcms/help.aspx?_v=view3. Following the instructions on the page, remove the check mark next to the RSA product family whose Notes \u0026 Security Advisories you no longer want to receive. Click the Submit button to save your selection. \n\n\n\nSincerely,\n\nRSA Customer Support\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.13 (Cygwin)\n\niEYEARECAAYFAlHBwyMACgkQtjd2rKp+ALwI0gCbBNOxiDjCZzTl293lMa53Yy2r\npcsAn2UpV1x8Zg4031kyOrW5LfV2vner\n=W+qW\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2011-3389" }, { "db": "CERT/CC", "id": "VU#864643" }, { "db": "JVNDB", "id": "JVNDB-2011-002305" }, { "db": "BID", "id": "49778" }, { "db": "VULMON", "id": "CVE-2011-3389" }, { "db": "PACKETSTORM", "id": "108800" }, { "db": "PACKETSTORM", "id": "106901" }, { "db": "PACKETSTORM", "id": "114005" }, { "db": "PACKETSTORM", "id": "107455" }, { "db": "PACKETSTORM", "id": "125919" }, { "db": "PACKETSTORM", "id": "119293" }, { "db": "PACKETSTORM", "id": "105998" }, { "db": "PACKETSTORM", "id": "116406" }, { "db": "PACKETSTORM", "id": "122091" } ], "trust": 3.51 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-3389", "trust": 3.0 }, { "db": "CERT/CC", "id": "VU#864643", "trust": 2.9 }, { "db": "ICS CERT", "id": "ICSMA-18-058-02", "trust": 1.8 }, { "db": "USCERT", "id": "TA12-010A", "trust": 1.8 }, { "db": "SIEMENS", "id": "SSA-556833", "trust": 1.3 }, { "db": "BID", "id": "49778", "trust": 1.3 }, { "db": "ICS CERT", "id": "ICSA-19-192-04", "trust": 1.1 }, { "db": "SECTRACK", "id": "1029190", "trust": 1.0 }, { "db": "SECTRACK", "id": "1026103", "trust": 1.0 }, { "db": "SECTRACK", "id": "1025997", "trust": 1.0 }, { "db": "SECTRACK", "id": "1026704", "trust": 1.0 }, { "db": "SECUNIA", "id": "55351", "trust": 1.0 }, { "db": "SECUNIA", "id": "48692", "trust": 1.0 }, { "db": "SECUNIA", "id": "48256", "trust": 1.0 }, { "db": "SECUNIA", "id": "45791", "trust": 1.0 }, { "db": "SECUNIA", "id": "55350", "trust": 1.0 }, { "db": "SECUNIA", "id": "49198", "trust": 1.0 }, { "db": "SECUNIA", "id": "48915", "trust": 1.0 }, { "db": "SECUNIA", "id": "48948", "trust": 1.0 }, { "db": "SECUNIA", "id": "47998", "trust": 1.0 }, { "db": "SECUNIA", "id": "55322", "trust": 1.0 }, { "db": "OSVDB", "id": "74829", "trust": 1.0 }, { "db": "BID", "id": "49388", "trust": 1.0 }, { "db": "JVN", "id": "JVNVU95174988", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU95868425", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-14-098-03", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2011-002305", "trust": 0.8 }, { "db": "XF", "id": "70069", "trust": 0.4 }, { "db": "HITACHI", "id": "HS14-011", "trust": 0.3 }, { "db": "HITACHI", "id": "HS11-024", "trust": 0.3 }, { "db": "HITACHI", "id": "HS13-018", "trust": 0.3 }, { "db": "SECUNIA", "id": "46791", "trust": 0.2 }, { "db": "VULMON", "id": "CVE-2011-3389", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "108800", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106901", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "114005", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "107455", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "125919", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "119293", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "105998", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "116406", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "122091", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#864643" }, { "db": "VULMON", "id": "CVE-2011-3389" }, { "db": "BID", "id": "49778" }, { "db": "JVNDB", "id": "JVNDB-2011-002305" }, { "db": "PACKETSTORM", "id": "108800" }, { "db": "PACKETSTORM", "id": "106901" }, { "db": "PACKETSTORM", "id": "114005" }, { "db": "PACKETSTORM", "id": "107455" }, { "db": "PACKETSTORM", "id": "125919" }, { "db": "PACKETSTORM", "id": "119293" }, { "db": "PACKETSTORM", "id": "105998" }, { "db": "PACKETSTORM", "id": "116406" }, { "db": "PACKETSTORM", "id": "122091" }, { "db": "NVD", "id": "CVE-2011-3389" } ] }, "id": "VAR-201109-0130", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.33862434333333336 }, "last_update_date": "2024-09-19T21:24:50.063000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APPLE-SA-2013-10-22-3 ", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html" }, { "title": "APPLE-SA-2012-07-25-2 Xcode 4.4", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html" }, { "title": "APPLE-SA-2012-09-19-2", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html" }, { "title": "APPLE-SA-2012-05-09-1", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html" }, { "title": "APPLE-SA-2012-02-01-1", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" }, { "title": "APPLE-SA-2014-02-25-1", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2014/Feb/msg00000.html" }, { "title": "APPLE-SA-2011-10-12-2", "trust": 0.8, "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html" }, { "title": "APPLE-SA-2011-10-12-1", "trust": 0.8, "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" }, { "title": "HT5281", "trust": 0.8, "url": "http://support.apple.com/kb/HT5281?viewlocale=ja_JP" }, { "title": "HT5416", "trust": 0.8, "url": "http://support.apple.com/kb/HT5416?viewlocale=ja_JP" }, { "title": "HT6011", "trust": 0.8, "url": "http://support.apple.com/kb/HT6011?viewlocale=ja_JP" }, { "title": "HT5130", "trust": 0.8, "url": "http://support.apple.com/kb/HT5130?viewlocale=ja_JP" }, { "title": "HT5501", "trust": 0.8, "url": "http://support.apple.com/kb/HT5501?viewlocale=ja_JP" }, { "title": "HT6150", "trust": 0.8, "url": "http://support.apple.com/kb/HT6150?viewlocale=ja_JP" }, { "title": "HT4999", "trust": 0.8, "url": "http://support.apple.com/kb/HT4999?viewlocale=ja_JP" }, { "title": "HT5001", "trust": 0.8, "url": "http://support.apple.com/kb/HT5001?viewlocale=ja_JP" }, { "title": "HT5045", "trust": 0.8, "url": "http://support.apple.com/kb/HT5045?viewlocale=ja_JP" }, { "title": "chrome-stable-release", "trust": 0.8, "url": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html" }, { "title": "Revision 97269", "trust": 0.8, "url": "https://src.chromium.org/viewvc/chrome?view=rev\u0026revision=97269" }, { "title": "HS14-010", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-010/index.html" }, { "title": "HS15-031", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-031/index.html" }, { "title": "HS13-018", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-018/index.html" }, { "title": "HS14-011", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-011/index.html" }, { "title": "HS11-024", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-024/index.html" }, { "title": "HPSBMU02900", "trust": 0.8, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" }, { "title": "HPSBMU02742 SSRT100740", "trust": 0.8, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03164351" }, { "title": "HPSBUX02730 SSRT100710", "trust": 0.8, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03122753" }, { "title": "Security alerts", "trust": 0.8, "url": "http://www.ibm.com/developerworks/java/jdk/alerts/" }, { "title": "2588513", "trust": 0.8, "url": "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx" }, { "title": "2588513", "trust": 0.8, "url": "http://technet.microsoft.com/en-us/security/advisory/2588513" }, { "title": "MS12-006", "trust": 0.8, "url": "http://technet.microsoft.com/en-us/security/bulletin/ms12-006" }, { "title": "TLS \u6697\u53f7\u5316\u901a\u4fe1\u306b\u5bfe\u3059\u308b\u653b\u6483\u306e Firefox \u3078\u306e\u5f71\u97ff", "trust": 0.8, "url": "http://mozilla.jp/blog/entry/7289/" }, { "title": "attack-against-tls-protected-communications", "trust": 0.8, "url": "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/" }, { "title": "NV12-005", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv12-005.html" }, { "title": "Bug 719047", "trust": 0.8, "url": "https://bugzilla.novell.com/show_bug.cgi?id=719047" }, { "title": "Security of CBC Ciphersuites in SSL/TLS: Problems and Countermeasures", "trust": 0.8, "url": "https://www.openssl.org/~bodo/tls-cbc.txt" }, { "title": "SUSE-SU-2012:0114", "trust": 0.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html" }, { "title": "SUSE-SU-2012:0122", "trust": 0.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html" }, { "title": "openSUSE-SU-2012:0030", "trust": 0.8, "url": "http://lists.opensuse.org/opensuse-updates/2012-01/msg00009.html" }, { "title": "openSUSE-SU-2012:0063", "trust": 0.8, "url": "http://lists.opensuse.org/opensuse-updates/2012-01/msg00021.html" }, { "title": "windows/1160", "trust": 0.8, "url": "http://www.opera.com/docs/changelogs/windows/1160/" }, { "title": "unix/1160", "trust": 0.8, "url": "http://www.opera.com/docs/changelogs/unix/1160/" }, { "title": "mac/1160", "trust": 0.8, "url": "http://www.opera.com/docs/changelogs/mac/1160/" }, { "title": "javacpuoct2011-443431", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" }, { "title": "Oracle Critical Patch Update Advisory - January 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "title": "Text Form of Oracle Critical Patch Update - January 2015 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html" }, { "title": "Oracle Critical Patch Update Advisory - July 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" }, { "title": "Oracle Critical Patch Update Advisory - October 2013", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" }, { "title": "Text Form of Oracle Critical Patch Update - July 2015 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html" }, { "title": "Text Form of Oracle Critical Patch Update - October 2013 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013verbose-1899842.html" }, { "title": "Bug 737506", "trust": 0.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=737506" }, { "title": "RHSA-2011:1384", "trust": 0.8, "url": "http://www.redhat.com/support/errata/RHSA-2011-1384.html" }, { "title": "RHSA-2012:0006", "trust": 0.8, "url": "http://rhn.redhat.com/errata/RHSA-2012-0006.html" }, { "title": "RHSA-2013:1455", "trust": 0.8, "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" }, { "title": "October 2013 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/october_2013_critical_patch_update" }, { "title": "cve_2011_3389_chosen_plaintext1", "trust": 0.8, "url": "http://blogs.oracle.com/sunsecurity/entry/cve_2011_3389_chosen_plaintext1" }, { "title": "CVE-2011-3389 Vulnerability in NSS library affects Oracle iPlanet Web Proxy Server", "trust": 0.8, "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2011_3389_vulnerability_in" }, { "title": "Multiple vulnerabilities in Python", "trust": 0.8, "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_python" }, { "title": "January 2015 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/january_2015_critical_patch_update" }, { "title": "Multiple vulnerabilities in fetchmail", "trust": 0.8, "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail" }, { "title": "July 2015 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/july_2015_critical_patch_update" }, { "title": "cve_2011_3389_chosen_plaintext", "trust": 0.8, "url": "http://blogs.oracle.com/sunsecurity/entry/cve_2011_3389_chosen_plaintext" }, { "title": "2588513", "trust": 0.8, "url": "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx" }, { "title": "VMSA-2012-0003.1", "trust": 0.8, "url": "http://www.vmware.com/security/advisories/VMSA-2012-0003.html" }, { "title": "HS14-010", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS14-010/index.html" }, { "title": "HS15-031", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-031/index.html" }, { "title": "HS13-018", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS13-018/index.html" }, { "title": "HS14-011", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS14-011/index.html" }, { "title": "HS11-024", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-024/index.html" }, { "title": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8 \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30a2\u30c9\u30d0\u30a4\u30b6\u30ea (2588513)", "trust": 0.8, "url": "https://technet.microsoft.com/ja-jp/security/advisory/2588513" }, { "title": "MS12-006", "trust": 0.8, "url": "http://technet.microsoft.com/ja-jp/security/bulletin/ms12-006" }, { "title": "TA12-010A", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta12-010a.html" }, { "title": "Debian CVElist Bug Report Logs: CVE-2011-4362: DoS because of incorrect code in src/http_auth.c:67", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=210cf4b6236578faf8f94374acf42746" }, { "title": "Debian CVElist Bug Report Logs: nss: CVE-2014-1569 information leak", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=ab91355beed7b295ca76667e7725b8ff" }, { "title": "Red Hat: Critical: java-1.4.2-ibm security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120006 - Security Advisory" }, { "title": "Debian Security Advisories: DSA-2398-2 curl -- several vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=aedc7511d582d3d92a5ba7329ed7d34e" }, { "title": "Red Hat: Moderate: java-1.4.2-ibm-sap security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120343 - Security Advisory" }, { "title": "Debian Security Advisories: DSA-2368-1 lighttpd -- multiple vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=013e897d92ab510d8719f5ffc2cb7e80" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=43a9f1e298f8daf772ebfe7187e61853" }, { "title": "Debian CVElist Bug Report Logs: asterisk: CVE-2015-3008: TLS Certificate Common name NULL byte exploit", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=3dcc7cafafedb5ec8b84970acf17457b" }, { "title": "Red Hat: Critical: java-1.6.0-ibm security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120034 - Security Advisory" }, { "title": "Debian CVElist Bug Report Logs: asterisk: chan_sip: File descriptors leak (UDP sockets) / AST-2016-007, CVE-2016-7551", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=84da1980846b47c2025a829646fab2ad" }, { "title": "Red Hat: Critical: thunderbird security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20121089 - Security Advisory" }, { "title": "Ubuntu Security Notice: openjdk-6, openjdk-6b18 regression", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1263-2" }, { "title": "Red Hat: Critical: firefox security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20121088 - Security Advisory" }, { "title": "Ubuntu Security Notice: icedtea-web, openjdk-6, openjdk-6b18 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1263-1" }, { "title": "Debian Security Advisories: DSA-2356-1 openjdk-6 -- several vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a48d7ee302b835c97c950b74a371fcfe" }, { "title": "Amazon Linux AMI: ALAS-2011-010", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2011-010" }, { "title": "IBM: IBM Security Bulletin: IBM Cognos Controller 2019Q2 Security Updater: Multiple vulnerabilities have been identified in IBM Cognos Controller", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=38227211accce022b0a3d9b56a974186" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=459961024c4bdce7bb3a1a40a65a6f2e" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4a692d6d60aa31507cb101702b494c51" }, { "title": "Red Hat: Low: Red Hat Network Satellite server IBM Java Runtime security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20131455 - Security Advisory" }, { "title": "litecoin_demo", "trust": 0.1, "url": "https://github.com/swod00/litecoin_demo " }, { "title": "litecoin", "trust": 0.1, "url": "https://github.com/daniel1302/litecoin " }, { "title": "reg", "trust": 0.1, "url": "https://github.com/genuinetools/reg " }, { "title": "testssl-report", "trust": 0.1, "url": "https://github.com/tzaffi/testssl-report " }, { "title": "", "trust": 0.1, "url": "https://github.com/ricardobranco777/regview " }, { "title": "", "trust": 0.1, "url": "https://github.com/Valdem88/dev-17_ib-yakovlev_vs " } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3389" }, { "db": "JVNDB", "id": "JVNDB-2011-002305" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-326", "trust": 1.0 }, { "problemtype": "CWE-20", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-002305" }, { "db": "NVD", "id": "CVE-2011-3389" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.1, "url": "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx" }, { "trust": 2.1, "url": "http://www.kb.cert.org/vuls/id/864643" }, { "trust": 1.8, "url": "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html" }, { "trust": 1.8, "url": "http://vnhacker.blogspot.com/2011/09/beast.html" }, { "trust": 1.8, "url": "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx" }, { "trust": 1.8, "url": "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html" }, { "trust": 1.8, "url": "http://www.us-cert.gov/cas/techalerts/ta12-010a.html" }, { "trust": 1.7, "url": "http://www.ibm.com/developerworks/java/jdk/alerts/" }, { "trust": 1.6, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03839862" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" }, { "trust": 1.3, "url": "http://www.opera.com/docs/changelogs/windows/1160/" }, { "trust": 1.3, "url": "http://www.opera.com/support/kb/view/1004/" }, { "trust": 1.3, "url": "http://curl.haxx.se/docs/adv_20120124b.html" }, { "trust": 1.3, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "trust": 1.3, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf" }, { "trust": 1.1, "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=665814" }, { "trust": 1.1, "url": "https://www.us-cert.gov/ics/advisories/icsa-19-192-04" }, { "trust": 1.0, "url": "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/" }, { "trust": 1.0, "url": "http://downloads.asterisk.org/pub/security/ast-2016-001.html" }, { "trust": 1.0, "url": "http://ekoparty.org/2011/juliano-rizzo.php" }, { "trust": 1.0, "url": "http://eprint.iacr.org/2004/111" }, { "trust": 1.0, "url": "http://eprint.iacr.org/2006/136" }, { "trust": 1.0, "url": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html" }, { "trust": 1.0, "url": "http://isc.sans.edu/diary/ssl+tls+part+3+/11635" }, { "trust": 1.0, "url": "http://lists.apple.com/archives/security-announce/2011//oct/msg00001.html" }, { "trust": 1.0, "url": "http://lists.apple.com/archives/security-announce/2011//oct/msg00002.html" }, { "trust": 1.0, "url": "http://lists.apple.com/archives/security-announce/2012/feb/msg00000.html" }, { "trust": 1.0, "url": "http://lists.apple.com/archives/security-announce/2012/jul/msg00001.html" }, { "trust": 1.0, "url": "http://lists.apple.com/archives/security-announce/2012/may/msg00001.html" }, { "trust": 1.0, "url": "http://lists.apple.com/archives/security-announce/2012/sep/msg00004.html" }, { "trust": 1.0, "url": "http://lists.apple.com/archives/security-announce/2013/oct/msg00004.html" }, { "trust": 1.0, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html" }, { "trust": 1.0, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html" }, { "trust": 1.0, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html" }, { "trust": 1.0, "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2" }, { "trust": 1.0, "url": "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue" }, { "trust": 1.0, "url": "http://osvdb.org/74829" }, { "trust": 1.0, "url": "http://rhn.redhat.com/errata/rhsa-2012-0508.html" }, { "trust": 1.0, "url": "http://rhn.redhat.com/errata/rhsa-2013-1455.html" }, { "trust": 1.0, "url": "http://secunia.com/advisories/45791" }, { "trust": 1.0, "url": "http://secunia.com/advisories/47998" }, { "trust": 1.0, "url": "http://secunia.com/advisories/48256" }, { "trust": 1.0, "url": "http://secunia.com/advisories/48692" }, { "trust": 1.0, "url": "http://secunia.com/advisories/48915" }, { "trust": 1.0, "url": "http://secunia.com/advisories/48948" }, { "trust": 1.0, "url": "http://secunia.com/advisories/49198" }, { "trust": 1.0, "url": "http://secunia.com/advisories/55322" }, { "trust": 1.0, "url": "http://secunia.com/advisories/55350" }, { "trust": 1.0, "url": "http://secunia.com/advisories/55351" }, { "trust": 1.0, "url": "http://security.gentoo.org/glsa/glsa-201203-02.xml" }, { "trust": 1.0, "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" }, { "trust": 1.0, "url": "http://support.apple.com/kb/ht4999" }, { "trust": 1.0, "url": "http://support.apple.com/kb/ht5001" }, { "trust": 1.0, "url": "http://support.apple.com/kb/ht5130" }, { "trust": 1.0, "url": "http://support.apple.com/kb/ht5281" }, { "trust": 1.0, "url": "http://support.apple.com/kb/ht5501" }, { "trust": 1.0, "url": "http://support.apple.com/kb/ht6150" }, { "trust": 1.0, "url": "http://technet.microsoft.com/security/advisory/2588513" }, { "trust": 1.0, "url": "http://www.apcmedia.com/salestools/sjhn-7rkgnm/sjhn-7rkgnm_r4_en.pdf" }, { "trust": 1.0, "url": "http://www.debian.org/security/2012/dsa-2398" }, { "trust": 1.0, "url": "http://www.insecure.cl/beast-ssl.rar" }, { "trust": 1.0, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:058" }, { "trust": 1.0, "url": "http://www.opera.com/docs/changelogs/mac/1151/" }, { "trust": 1.0, "url": "http://www.opera.com/docs/changelogs/mac/1160/" }, { "trust": 1.0, "url": "http://www.opera.com/docs/changelogs/unix/1151/" }, { "trust": 1.0, "url": "http://www.opera.com/docs/changelogs/unix/1160/" }, { "trust": 1.0, "url": "http://www.opera.com/docs/changelogs/windows/1151/" }, { "trust": 1.0, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" }, { "trust": 1.0, "url": "http://www.redhat.com/support/errata/rhsa-2011-1384.html" }, { "trust": 1.0, "url": "http://www.redhat.com/support/errata/rhsa-2012-0006.html" }, { "trust": 1.0, "url": "http://www.securityfocus.com/bid/49388" }, { "trust": 1.0, "url": "http://www.securityfocus.com/bid/49778" }, { "trust": 1.0, "url": "http://www.securitytracker.com/id/1029190" }, { "trust": 1.0, "url": "http://www.securitytracker.com/id?1025997" }, { "trust": 1.0, "url": "http://www.securitytracker.com/id?1026103" }, { "trust": 1.0, "url": "http://www.securitytracker.com/id?1026704" }, { "trust": 1.0, "url": "http://www.ubuntu.com/usn/usn-1263-1" }, { "trust": 1.0, "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail" }, { "trust": 1.0, "url": "https://bugzilla.novell.com/show_bug.cgi?id=719047" }, { "trust": 1.0, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=737506" }, { "trust": 1.0, "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006" }, { "trust": 1.0, "url": "https://hermes.opensuse.org/messages/13154861" }, { "trust": 1.0, "url": "https://hermes.opensuse.org/messages/13155432" }, { "trust": 1.0, "url": "https://ics-cert.us-cert.gov/advisories/icsma-18-058-02" }, { "trust": 1.0, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14752" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3389" }, { "trust": 0.8, "url": "http://www.openssl.org/~bodo/tls-cbc.txt" }, { "trust": 0.8, "url": "http://www.phonefactor.com/blog/slaying-beast-mitigating-the-latest-ssltls-vulnerability.php" }, { "trust": 0.8, "url": "https://blog.torproject.org/blog/tor-and-beast-ssl-attack" }, { "trust": 0.8, "url": "http://src.chromium.org/viewvc/chrome?view=rev\u0026revision=97269" }, { "trust": 0.8, "url": "http://www.ekoparty.org/2011/juliano-rizzo.php" }, { "trust": 0.8, "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-098-03" }, { "trust": 0.8, "url": "https://www.us-cert.gov/ics/advisories/icsma-18-058-02" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu381963/index.html" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu95174988/" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu864643" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnta12-010a/" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu95868425/" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu700214" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu692779" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3389" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3389" }, { "trust": 0.4, "url": "http://xforce.iss.net/xforce/xfdb/70069" }, { "trust": 0.4, "url": "http://www.ibm.com/support/docview.wss?uid=swg21568229" }, { "trust": 0.3, "url": "http://www.collax.com/download/file/target/frame/file/2926" }, { "trust": 0.3, "url": "http://www.collax.com/produkte/allinone-server-for-small-businesses" }, { "trust": 0.3, "url": "http://www.collax.com/download/file/target/frame/file/2930" }, { "trust": 0.3, "url": "http://www.collax.com/produkte/email-calendar-contacts-in-a-safe-business-server" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21578730" }, { "trust": 0.3, "url": "http://blogs.oracle.com/sunsecurity/entry/cve_2011_3389_chosen_plaintext2" }, { "trust": 0.3, "url": "seclists.org/bugtraq/2014/apr/att-70/esa-2012-032.txt" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2012/sep/att-39/esa-2012-032.txt" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2014/mar/att-156/esa-2014-016.txt" }, { "trust": 0.3, "url": "http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/" }, { "trust": 0.3, "url": "http://www.kerio.com/connect/history" }, { "trust": 0.3, "url": "http://www.matrixssl.org/" }, { "trust": 0.3, "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_python" }, { "trust": 0.3, "url": "http://www.novell.com/support/viewcontent.do?externalid=7009901\u0026sliceid=1" }, { "trust": 0.3, "url": "http://www.opera.com/support/kb/view/1000/" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm60958" }, { "trust": 0.3, "url": "https://www-304.ibm.com/connections/blogs/psirt/entry/security_bulletin_ibm_system_x_and_flex_systems_browser_exploit_against_ssl_tls_beast_mitigations_cve_2011_33891?lang=en_us" }, { "trust": 0.3, "url": "http://tools.ietf.org/html/draft-ietf-tls-ssl-version3-00" }, { "trust": 0.3, "url": "http://www.ietf.org/rfc/rfc2246.txt" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21571596" }, { "trust": 0.3, "url": "/archive/1/524142" }, { "trust": 0.3, "url": "http://support.apple.com/kb/ht5416" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100151219" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100150852" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100154049" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100154899" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2013/jun/att-65/esa-2013-039.txt" }, { "trust": 0.3, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03358587" }, { "trust": 0.3, "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?docid=emr_na-c03909126-1\u0026ac.admitted=1378134276525.876444892.492883150" }, { "trust": 0.3, "url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03266681\u0026ac.admitted=1333452464452.876444892.492883150" }, { "trust": 0.3, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs11-024/index.html" }, { "trust": 0.3, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5093636" }, { "trust": 0.3, "url": "http://technet.microsoft.com/en-us/security/advisory/2588513" }, { "trust": 0.3, "url": "http://technet.microsoft.com/en-us/security/bulletin/ms12-006" }, { "trust": 0.3, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs13-018/index.html" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643845" }, { "trust": 0.3, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5093630" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21641966" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022152" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21609004" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21609022" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1019998" }, { "trust": 0.3, "url": "http://lists.vmware.com/pipermail/security-announce/2012/000162.html" }, { "trust": 0.3, "url": "http://www.vmware.com/security/advisories/vmsa-2012-0005.html" }, { "trust": 0.3, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-011/index.html" }, { "trust": 0.3, "url": "http://www.xerox.com/download/security/security-bulletin/12047-4e4eed8d42ca6/cert_xrx13-007_v1.0.pdf" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3521" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3553" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3560" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3554" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3552" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3544" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3556" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3557" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3548" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3551" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3547" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3560.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3547.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3550" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3548.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3557.html" }, { "trust": 0.2, "url": "https://access.redhat.com/kb/docs/doc-11259" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3549" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3554.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3553.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3556.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3546" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3549.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3545" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3551.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3546.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3516.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3516" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3545.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3389.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3561.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3561" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3550.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3544.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3521.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3552.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.2, "url": "http://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604." }, { "trust": 0.2, "url": "https://knowledge.rsasecurity.com/scolcms/help.aspx?_v=view3." }, { "trust": 0.2, "url": "https://knowledge.rsasecurity.com" }, { "trust": 0.2, "url": "http://www.rsa.com/node.aspx?id=1264" }, { "trust": 0.2, "url": "http://www.rsa.com/node.aspx?id=2575" }, { "trust": 0.2, "url": "https://knowledge.rsasecurity.com," }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2012-0034.html" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46791/#comments" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46791/" }, { "trust": 0.1, "url": "http://secunia.com/resources/events/sc_2011/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46791" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4944" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0845" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4944" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0876" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1150" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4940" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0845" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/advisories" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0876" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4940" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1150" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "http://www.debian.org/security/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0814" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0634" }, { "trust": 0.1, "url": "https://tomcat.apache.org/security-6.html#fixed_in_apache_tomcat_6.0.36" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1667" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2136" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4110" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-5166" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2002-2443" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1044" }, { "trust": 0.1, "url": "http://web.nvd.nist.gov/)" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0632" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0633" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0635" }, { "trust": 0.1, "url": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1965" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3985" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0079" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4688" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4070" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0082" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2371" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0169" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4061" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1210" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4181" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1832" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1994" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4058" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1828" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0353" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1838" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3975" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2766" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1205" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4061" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3767" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0473" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0172" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1971" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0479" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2043" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3175" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3973" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3655" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2760" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1187" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1961" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0447" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2462" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0456" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2770" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1125" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3958" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3777" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3003" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0067" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3174" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0168" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0057" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0443" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2993" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3376" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5017" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1940" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3069" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2989" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5836" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0182" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4179" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2436" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3072" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1208" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3967" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2375" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2376" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3971" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3772" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3977" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3965" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0469" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3978" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4183" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1834" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2472" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3378" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2767" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1952" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0078" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0170" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0164" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0775" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3400" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1211" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3372" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2769" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4188" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5012" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4206" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5354" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5504" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4067" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3648" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0776" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3071" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0477" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2467" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0475" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3962" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2408" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1304" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4201" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4202" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4182" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1206" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3990" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1975" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1392" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4070" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2044" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3183" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-3835" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4068" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5507" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4059" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5023" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1308" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1044" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5508" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0654" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0070" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4065" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1307" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3866" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0080" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2984" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0478" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1213" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0352" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5014" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2664" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0051" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3989" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3984" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3371" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3382" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4180" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4068" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4194" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4582" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5502" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4193" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-2437" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3978" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1835" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3993" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5506" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3375" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3078" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0173" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3075" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3969" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0462" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2605" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1169" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1311" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4066" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3658" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1973" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3004" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1950" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1972" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2369" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1215" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4216" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4062" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0463" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3001" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0167" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3381" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3988" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0452" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-3837" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1837" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2374" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3994" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1960" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1963" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3167" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0774" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4065" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5022" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5024" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0468" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3026" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1203" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0074" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2061" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0085" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3980" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1966" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1945" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4184" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1959" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4060" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0077" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3000" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0071" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0068" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1974" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-0016" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2065" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4066" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0081" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4063" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1955" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1302" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5503" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3374" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3968" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1028" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4059" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3005" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4185" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2986" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0176" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5839" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1121" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3661" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2765" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5913" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3169" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5843" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3663" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3651" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5016" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2372" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1951" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3274" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1197" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3964" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1953" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4067" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2997" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3778" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2996" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3232" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0061" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4063" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-3073" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2654" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0354" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5500" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3380" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1212" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0357" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1976" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0773" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0220" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0071" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0777" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0055" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5052" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0165" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2464" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2378" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3131" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0160" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1836" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5513" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3986" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0367" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2752" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3388" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2469" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2753" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3650" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3002" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2764" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3983" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2751" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4190" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2477" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1833" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3389" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2981" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2768" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2991" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0358" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2373" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3670" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3987" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3976" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4582" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3377" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4208" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1956" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4186" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0441" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0054" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3166" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-5014" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2370" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-2671" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2662" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1309" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1840" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3957" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1585" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5840" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1207" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0445" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2998" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0355" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1200" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2362" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3077" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0056" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2987" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3101" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5501" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4195" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4209" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3985" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1962" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3660" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2762" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5833" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1839" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2988" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0648" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3101" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3168" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0072" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2995" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3399" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0171" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2983" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5841" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5838" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5019" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2985" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0458" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3073" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3659" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-3837" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0066" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-3836" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0174" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5842" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0457" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3176" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5511" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0356" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4205" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0178" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3379" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4064" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4508" }, { "trust": 0.1, "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-34.html" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1310" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0016" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1967" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1306" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3079" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2471" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0073" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0474" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0444" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0455" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1954" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4062" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3647" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4210" }, { "trust": 0.1, "url": "http://blog.mozilla.org/security/2011/03/22/firefox-blocking-fraudulent-c=" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0017" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1305" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0446" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5835" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3966" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0181" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0069" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5013" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3979" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1214" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1196" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0449" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0062" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1841" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3179" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-0367" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3765" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1947" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3070" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4060" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3992" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1563" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0442" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0175" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1712" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1199" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2365" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2404" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3775" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1198" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2535" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1938" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5505" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1946" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5512" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-5074" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4187" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3766" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2437" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1949" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3776" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5830" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0075" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1202" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0652" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1958" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5015" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0163" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4069" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0179" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1313" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0159" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1939" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3972" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3182" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4207" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-6961" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2990" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3970" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3178" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2671" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4069" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3180" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4191" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3956" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4204" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2763" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2982" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3986" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3654" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2364" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3389" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2980" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3963" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0464" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1209" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2754" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2470" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2210" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1202" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5829" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3982" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3173" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3774" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3995" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5510" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4192" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2463" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0467" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1964" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3959" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3770" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3769" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0772" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3665" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4196" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5822" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2466" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3649" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3653" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3768" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2478" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3988" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1312" }, { "trust": 0.1, "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-11.html" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0058" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3771" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2479" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3383" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1303" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2465" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3170" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2377" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3991" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3982" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-5012" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1957" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2755" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1948" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3961" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0470" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3773" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3076" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0166" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3984" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3640" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4064" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-2436" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3981" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1970" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0461" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4215" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5021" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4058" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0451" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0771" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-0017" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-3836" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-5013" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4212" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0459" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0076" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0083" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0460" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0183" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1201" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3960" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0059" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0177" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3062" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5018" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3177" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3980" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2363" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0084" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3652" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1941" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201301-01.xml" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3074" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1937" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-3835" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0053" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3171" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2999" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0471" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0065" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0162" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3373" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2665" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3555" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3558" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2011-1384.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3558.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3555.html" }, { "trust": 0.1, "url": "http://www.emc.com/contact-us/contact/product-security-response-center.html" }, { "trust": 0.1, "url": "http://www.rsa.com/node.aspx?id=1204." }, { "trust": 0.1, "url": "http://www.rsa.com/node.aspx?id=1356" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0169" }, { "trust": 0.1, "url": "http://www.rsa.com." }, { "trust": 0.1, "url": "http://www.rsa.com/go/form_ins.asp" }, { "trust": 0.1, "url": "http://www.isg.rhul.ac.uk/tls/tlstiming.pdf" }, { "trust": 0.1, "url": "http://nvd.nist.gov/)" } ], "sources": [ { "db": "CERT/CC", "id": "VU#864643" }, { "db": "BID", "id": "49778" }, { "db": "JVNDB", "id": "JVNDB-2011-002305" }, { "db": "PACKETSTORM", "id": "108800" }, { "db": "PACKETSTORM", "id": "106901" }, { "db": "PACKETSTORM", "id": "114005" }, { "db": "PACKETSTORM", "id": "107455" }, { "db": "PACKETSTORM", "id": "125919" }, { "db": "PACKETSTORM", "id": "119293" }, { "db": "PACKETSTORM", "id": "105998" }, { "db": "PACKETSTORM", "id": "116406" }, { "db": "PACKETSTORM", "id": "122091" }, { "db": "NVD", "id": "CVE-2011-3389" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#864643" }, { "db": "VULMON", "id": "CVE-2011-3389" }, { "db": "BID", "id": "49778" }, { "db": "JVNDB", "id": "JVNDB-2011-002305" }, { "db": "PACKETSTORM", "id": "108800" }, { "db": "PACKETSTORM", "id": "106901" }, { "db": "PACKETSTORM", "id": "114005" }, { "db": "PACKETSTORM", "id": "107455" }, { "db": "PACKETSTORM", "id": "125919" }, { "db": "PACKETSTORM", "id": "119293" }, { "db": "PACKETSTORM", "id": "105998" }, { "db": "PACKETSTORM", "id": "116406" }, { "db": "PACKETSTORM", "id": "122091" }, { "db": "NVD", "id": "CVE-2011-3389" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-09-27T00:00:00", "db": "CERT/CC", "id": "VU#864643" }, { "date": "2011-09-06T00:00:00", "db": "VULMON", "id": "CVE-2011-3389" }, { "date": "2011-09-19T00:00:00", "db": "BID", "id": "49778" }, { "date": "2011-10-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-002305" }, { "date": "2012-01-18T23:25:42", "db": "PACKETSTORM", "id": "108800" }, { "date": "2011-11-12T02:51:49", "db": "PACKETSTORM", "id": "106901" }, { "date": "2012-06-21T05:28:48", "db": "PACKETSTORM", "id": "114005" }, { "date": "2011-12-01T21:42:10", "db": "PACKETSTORM", "id": "107455" }, { "date": "2014-03-27T22:22:22", "db": "PACKETSTORM", "id": "125919" }, { "date": "2013-01-08T03:21:24", "db": "PACKETSTORM", "id": "119293" }, { "date": "2011-10-19T22:54:10", "db": "PACKETSTORM", "id": "105998" }, { "date": "2012-09-11T16:00:16", "db": "PACKETSTORM", "id": "116406" }, { "date": "2013-06-19T18:23:33", "db": "PACKETSTORM", "id": "122091" }, { "date": "2011-09-06T19:55:03.197000", "db": "NVD", "id": "CVE-2011-3389" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-12-08T00:00:00", "db": "CERT/CC", "id": "VU#864643" }, { "date": "2022-11-29T00:00:00", "db": "VULMON", "id": "CVE-2011-3389" }, { "date": "2019-07-16T13:00:00", "db": "BID", "id": "49778" }, { "date": "2019-07-16T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-002305" }, { "date": "2022-11-29T15:56:08.637000", "db": "NVD", "id": "CVE-2011-3389" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "network", "sources": [ { "db": "BID", "id": "49778" } ], "trust": 0.3 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "SSL 3.0 and TLS 1.0 allow chosen plaintext attack in CBC modes", "sources": [ { "db": "CERT/CC", "id": "VU#864643" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Design Error", "sources": [ { "db": "BID", "id": "49778" } ], "trust": 0.3 } }
var-201110-0379
Vulnerability from variot
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. The vulnerability can be exploited over multiple protocols. This issue affects the 'Deployment' sub-component. This vulnerability affects the following supported versions: JDK and JRE 7, 6 Update 27, JavaFX 2.0. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201111-02
http://security.gentoo.org/
Severity: Normal Title: Oracle JRE/JDK: Multiple vulnerabilities Date: November 05, 2011 Bugs: #340421, #354213, #370559, #387851 ID: 201111-02
Synopsis
Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/sun-jre-bin < 1.6.0.29 >= 1.6.0.29 * 2 app-emulation/emul-linux-x86-java < 1.6.0.29 >= 1.6.0.29 * 3 dev-java/sun-jdk < 1.6.0.29 >= 1.6.0.29 * ------------------------------------------------------------------- NOTE: Packages marked with asterisks require manual intervention! ------------------------------------------------------------------- 3 affected packages -------------------------------------------------------------------
Description
Multiple vulnerabilities have been reported in the Oracle Java implementation.
Impact
A remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code.
Workaround
There is no known workaround at this time.
Resolution
All Oracle JDK 1.6 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.6.0.29"
All Oracle JRE 1.6 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.6.0.29"
All users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to the latest version:
# emerge --sync # emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.6.0.29"
NOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically. This limitation is not present on a non-fetch restricted implementation such as dev-java/icedtea-bin.
References
[ 1 ] CVE-2010-3541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541 [ 2 ] CVE-2010-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548 [ 3 ] CVE-2010-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549 [ 4 ] CVE-2010-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550 [ 5 ] CVE-2010-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551 [ 6 ] CVE-2010-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552 [ 7 ] CVE-2010-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553 [ 8 ] CVE-2010-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554 [ 9 ] CVE-2010-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555 [ 10 ] CVE-2010-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556 [ 11 ] CVE-2010-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557 [ 12 ] CVE-2010-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558 [ 13 ] CVE-2010-3559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559 [ 14 ] CVE-2010-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560 [ 15 ] CVE-2010-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561 [ 16 ] CVE-2010-3562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562 [ 17 ] CVE-2010-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563 [ 18 ] CVE-2010-3565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565 [ 19 ] CVE-2010-3566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566 [ 20 ] CVE-2010-3567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567 [ 21 ] CVE-2010-3568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568 [ 22 ] CVE-2010-3569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569 [ 23 ] CVE-2010-3570 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570 [ 24 ] CVE-2010-3571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571 [ 25 ] CVE-2010-3572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572 [ 26 ] CVE-2010-3573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573 [ 27 ] CVE-2010-3574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574 [ 28 ] CVE-2010-4422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422 [ 29 ] CVE-2010-4447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447 [ 30 ] CVE-2010-4448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448 [ 31 ] CVE-2010-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450 [ 32 ] CVE-2010-4451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451 [ 33 ] CVE-2010-4452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452 [ 34 ] CVE-2010-4454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454 [ 35 ] CVE-2010-4462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462 [ 36 ] CVE-2010-4463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463 [ 37 ] CVE-2010-4465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465 [ 38 ] CVE-2010-4466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466 [ 39 ] CVE-2010-4467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467 [ 40 ] CVE-2010-4468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468 [ 41 ] CVE-2010-4469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469 [ 42 ] CVE-2010-4470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470 [ 43 ] CVE-2010-4471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471 [ 44 ] CVE-2010-4472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472 [ 45 ] CVE-2010-4473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473 [ 46 ] CVE-2010-4474 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474 [ 47 ] CVE-2010-4475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475 [ 48 ] CVE-2010-4476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476 [ 49 ] CVE-2011-0802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802 [ 50 ] CVE-2011-0814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814 [ 51 ] CVE-2011-0815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815 [ 52 ] CVE-2011-0862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862 [ 53 ] CVE-2011-0863 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863 [ 54 ] CVE-2011-0864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864 [ 55 ] CVE-2011-0865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865 [ 56 ] CVE-2011-0867 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867 [ 57 ] CVE-2011-0868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868 [ 58 ] CVE-2011-0869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869 [ 59 ] CVE-2011-0871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871 [ 60 ] CVE-2011-0872 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872 [ 61 ] CVE-2011-0873 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873 [ 62 ] CVE-2011-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389 [ 63 ] CVE-2011-3516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516 [ 64 ] CVE-2011-3521 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521 [ 65 ] CVE-2011-3544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544 [ 66 ] CVE-2011-3545 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545 [ 67 ] CVE-2011-3546 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546 [ 68 ] CVE-2011-3547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547 [ 69 ] CVE-2011-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548 [ 70 ] CVE-2011-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549 [ 71 ] CVE-2011-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550 [ 72 ] CVE-2011-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551 [ 73 ] CVE-2011-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552 [ 74 ] CVE-2011-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553 [ 75 ] CVE-2011-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554 [ 76 ] CVE-2011-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555 [ 77 ] CVE-2011-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556 [ 78 ] CVE-2011-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557 [ 79 ] CVE-2011-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558 [ 80 ] CVE-2011-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560 [ 81 ] CVE-2011-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201111-02.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: java-1.6.0-sun security update Advisory ID: RHSA-2011:1384-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1384.html Issue date: 2011-10-19 CVE Names: CVE-2011-3389 CVE-2011-3516 CVE-2011-3521 CVE-2011-3544 CVE-2011-3545 CVE-2011-3546 CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 CVE-2011-3550 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3555 CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 CVE-2011-3560 CVE-2011-3561 =====================================================================
- Summary:
Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
-
Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section. All running instances of Sun Java must be restarted for the update to take effect.
-
Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
- Bugs fixed (http://bugzilla.redhat.com/):
737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) 745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936) 745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600) 745391 - CVE-2011-3551 OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640) 745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417) 745399 - CVE-2011-3544 OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823) 745442 - CVE-2011-3521 OpenJDK: IIOP deserialization code execution (Deserialization, 7055902) 745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857) 745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466) 745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012) 745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773) 745476 - CVE-2011-3553 OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794) 745492 - CVE-2011-3558 OpenJDK: Hotspot unspecified issue (Hotspot, 7070134) 747191 - CVE-2011-3545 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Sound) 747198 - CVE-2011-3549 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Swing) 747200 - CVE-2011-3550 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (AWT) 747203 - CVE-2011-3516 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment) 747205 - CVE-2011-3546 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment) 747206 - CVE-2011-3555 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (JRE) 747208 - CVE-2011-3561 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)
- Package List:
Red Hat Enterprise Linux AS version 4 Extras:
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm
Red Hat Desktop version 4 Extras:
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm
Red Hat Enterprise Linux ES version 4 Extras:
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm
Red Hat Enterprise Linux WS version 4 Extras:
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.x86_64.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node Supplementary (v. 6):
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-3389.html https://www.redhat.com/security/data/cve/CVE-2011-3516.html https://www.redhat.com/security/data/cve/CVE-2011-3521.html https://www.redhat.com/security/data/cve/CVE-2011-3544.html https://www.redhat.com/security/data/cve/CVE-2011-3545.html https://www.redhat.com/security/data/cve/CVE-2011-3546.html https://www.redhat.com/security/data/cve/CVE-2011-3547.html https://www.redhat.com/security/data/cve/CVE-2011-3548.html https://www.redhat.com/security/data/cve/CVE-2011-3549.html https://www.redhat.com/security/data/cve/CVE-2011-3550.html https://www.redhat.com/security/data/cve/CVE-2011-3551.html https://www.redhat.com/security/data/cve/CVE-2011-3552.html https://www.redhat.com/security/data/cve/CVE-2011-3553.html https://www.redhat.com/security/data/cve/CVE-2011-3554.html https://www.redhat.com/security/data/cve/CVE-2011-3555.html https://www.redhat.com/security/data/cve/CVE-2011-3556.html https://www.redhat.com/security/data/cve/CVE-2011-3557.html https://www.redhat.com/security/data/cve/CVE-2011-3558.html https://www.redhat.com/security/data/cve/CVE-2011-3560.html https://www.redhat.com/security/data/cve/CVE-2011-3561.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFOnw+BXlSAg2UNWIIRArM2AJwNT0vxdrXLgkZjOCwP8LkDemBYzQCbBrE3 0MJzQCB587rTzSRSo+gGytc= =809z -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6
Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 are now available and address the following:
Java Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, Mac OS X v10.7.2, Mac OS X Server v10.7.2 Impact: Multiple vulnerabilities in Java 1.6.0_26 Description: Multiple vulnerabilities exist in Java 1.6.0_26, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_29. Further information is available via the Java website at http://java.sun.com/javase/6/webnotes/ReleaseNotes.html CVE-ID CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3545 CVE-2011-3546 CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 CVE-2011-3560 CVE-2011-3561
Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
For Mac OS X v10.6 systems The download file is named: JavaForMacOSX10.6.dmg Its SHA-1 digest is: be0ac75b8bac967f1d39a94ebf9482a61fb7d70b
For Mac OS X v10.7 systems The download file is named: JavaForMacOSX10.7.dmg Its SHA-1 digest is: 7768e6aeb5adaa638c74d4c04150517ed99fed20
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iQEcBAEBAgAGBQJOuZNKAAoJEGnF2JsdZQeece8H/1I98YQ1LF4iDD442zB+WjZP 2Vxd3euXYwySD6qDCYNLJ0hUKu90c/4nr5d5rRH3xYdBzAHuZG39m069lpN1UZIW t5ube+j9zjiejnXlPbAgq+vIAg22nu0EdxhOOZZeQOoEYqyoKhXNCt3fR+tzo3o4 mN/LWMO1NwrM0sGDPuUGs2TWdPZbC4QJJz4Z4S+FsTlujYh9MRd3dyxLBIg7BKCL wgnFdpFW8bPmVdiTj91pC0Gb3XtolQxexXGHsdI15KeFMbQ06nKV/AyvxMF8O5jS D089GEHE52NAQCZ0YJ6TJsisrGqTZZ77js55cPU259FogxEKKBuwfdFbn4qVeD8= =4KBF -----END PGP SIGNATURE----- .
Release Date: 2012-01-23 Last Updated: 2012-01-23
Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.12 or earlier
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-3516 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2011-3521 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3544 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3545 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3546 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8 CVE-2011-3547 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3548 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3549 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3550 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2011-3551 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2011-3552 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2011-3553 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2011-3554 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3556 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-3557 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2011-3558 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3560 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2011-3561 (AV:A/AC:H/Au:N/C:P/I:N/A:N) 1.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following Java version upgrades to resolve these vulnerabilities. This bulletin will be revised as other upgrades for additional supported Java versions become available. The upgrades are available from the following location
http://www.hp.com/go/java
HP-UX B.11.11, B.11.23, B.11.31 JDK and JRE v6.0.13 or subsequent
MANUAL ACTIONS: Yes - Update For Java v6.0.12 and earlier, update to Java v6.0.13 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 =========== Jre60.JRE60-COM Jre60.JRE60-IPF32 Jre60.JRE60-IPF32-HS Jre60.JRE60-IPF64 Jre60.JRE60-IPF64-HS Jre60.JRE60-PA20 Jre60.JRE60-PA20-HS Jre60.JRE60-PA20W Jre60.JRE60-PA20W-HS Jdk60.JDK60-COM Jdk60.JDK60-IPF32 Jdk60.JDK60-IPF64 Jdk60.JDK60-PA20 Jdk60.JDK60-PA20W action: install revision 1.6.0.13.00 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) 23 January 2012 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201110-0379", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "javafx", "scope": "eq", "trust": 1.8, "vendor": "oracle", "version": "2.0" }, { "model": "jre", "scope": "eq", "trust": 1.6, "vendor": "sun", "version": "1.6.0" }, { "model": "esx", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "3.5" }, { "model": "esx", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "4.0" }, { "model": "esx", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "4.1" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.6.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jdk", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "1.6.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.6.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.7.0" }, { "model": "jre", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "1.6.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.7.0" }, { "model": "jre 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 28", "scope": "ne", "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 27", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 27", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 12", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.7" }, { "model": "jre 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 01", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 28", "scope": "ne", "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 26", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 26", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 24", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 11", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.7" }, { "model": "jdk 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 24", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "vcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "4.0 (windows)" }, { "model": "vcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "4.1 (windows)" }, { "model": "vcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "5.0 (windows)" }, { "model": "virtualcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "2.5 (windows)" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6.8" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.7.2" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6.8" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.7.2" }, { "model": "jdk", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "6 update 27" }, { "model": "jdk", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "7" }, { "model": "jre", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "6 update 27" }, { "model": "jre", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "7" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 extras" }, { "model": "enterprise linux hpc node supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux server supplementary eus", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6.1.z" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "jdk 01-b06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 2", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 01", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 20", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "java se sr8 fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8" }, { "model": "linux enterprise sdk sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "trio tview software", "scope": "eq", "trust": 0.3, "vendor": "schneider electric", "version": "3.27.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.1" }, { "model": "nonstop server h06.16.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.19.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "enterprise linux as extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "jdk 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6" }, { "model": "nonstop server j06.08.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.15.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.06" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "trio tview software", "scope": "ne", "trust": 0.3, "vendor": "schneider electric", "version": "3.29.0" }, { "model": "nonstop server j06.06.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "15.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1" }, { "model": "nonstop server j06.14", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.8" }, { "model": "nonstop server j06.09.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.26", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.06" }, { "model": "nonstop server j06.04.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system platform sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.2" }, { "model": "nonstop server j06.13", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "linux enterprise server sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "nonstop server j06.09.04", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.2" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0.0.52" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "nonstop server h06.18.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.15.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.22.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.014" }, { "model": "nonstop server j06.12.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ir", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server j06.05.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.011" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.02" }, { "model": "nonstop server j06.08.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.09.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.01" }, { "model": "nonstop server j06.16", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "java se sr6", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "nonstop server j6.0.14.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "freeflow print server 73.c0.41", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.011" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.2" }, { "model": "enterprise linux desktop supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0" }, { "model": "nonstop server j06.07.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.09.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "nonstop server j06.10.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "nonstop server j06.06.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.012" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "nonstop server h06.24.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.0" }, { "model": "nonstop server h06.25", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "messaging storage server sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.012" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.04" }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.0.2" }, { "model": "nonstop server h06.15.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "freeflow print server 73.b3.61", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "linux enterprise software development kit sp1 for sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.04" }, { "model": "virtualcenter update 6b", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "2.5" }, { "model": "security appscan standard", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "enterprise linux ws extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "java se sr9", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "nonstop server j06.07.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "enterprise linux es extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "message networking sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux enterprise server for vmware sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.010" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.013" }, { "model": "nonstop server j06.08.04", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "nonstop server j06.08.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura system manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "messaging storage server sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.015" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.010" }, { "model": "nonstop server h06.15.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.24", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.013" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.018" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.019" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "java se sr10", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "nonstop server h06.16.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.18.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.20.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.6" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.015" }, { "model": "nonstop server j06.13.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "nonstop server h06.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.014" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.019" }, { "model": "nonstop server h06.19.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "java se sr7", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "openpages grc platform", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.2.1" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "nonstop server h06.22.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.020" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "nonstop server h06.19.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "linux enterprise server sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.03" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.7" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.05" }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.1" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.020" }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "interactive response", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.1" }, { "model": "nonstop server j06.11.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr9-fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0" }, { "model": "nonstop server j06.15", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.03" }, { "model": "messaging application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "update manager update", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "5.01" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server h06.21.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "virtualcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "nonstop server h06.20.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "messaging storage server sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "nonstop server j06.05.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.07.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cms server aux", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "15.0" }, { "model": "nonstop server h06.21.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server h06.19.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux enterprise java sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.2" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.7" }, { "model": "nonstop server j06.11.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "nonstop server h06.26.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "javafx", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "2.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "linux enterprise server sp1 for sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.021" }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "desktop extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "nonstop server j06.04.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "nonstop server j06.04.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "nonstop server j06.06.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.016" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "nonstop server h06.21.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.021" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.07" }, { "model": "nonstop server j06.06.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.17.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.016" }, { "model": "network node manager i", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.1" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.018" }, { "model": "update manager", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura system platform sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "jdk 1.6.0 01-b06", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.07" }, { "model": "nonstop server h06.20.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "nonstop server j06.10.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server h06.17.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.017" }, { "model": "enterprise linux hpc node supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "nonstop server h06.16.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.4" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.2" }, { "model": "nonstop server j06.05.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "linux enterprise java sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.017" }, { "model": "java se sr1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "nonstop server h06.20.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "nonstop server j06.09.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0.1" }, { "model": "nonstop server h06.17.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.08.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura conferencing standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server j06.10.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "nonstop server h06.25.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.18.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.27", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.05" }, { "model": "nonstop server h06.17.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.14.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.2" } ], "sources": [ { "db": "BID", "id": "50250" }, { "db": "JVNDB", "id": "JVNDB-2011-002594" }, { "db": "CNNVD", "id": "CNNVD-201110-472" }, { "db": "NVD", "id": "CVE-2011-3561" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:vmware:esx", "vulnerable": true }, { "cpe22Uri": "cpe:/a:vmware:vcenter", "vulnerable": true }, { "cpe22Uri": "cpe:/a:vmware:virtualcenter", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:javafx", "vulnerable": true }, { "cpe22Uri": "cpe:/a:sun:jdk", "vulnerable": true }, { "cpe22Uri": "cpe:/a:sun:jre", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:enterprise_linux", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:enterprise_linux_hpc_node_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_server_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_server_supplementary_eus", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_workstation_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_desktop_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_supplementary", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-002594" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Oracle", "sources": [ { "db": "BID", "id": "50250" }, { "db": "CNNVD", "id": "CNNVD-201110-472" } ], "trust": 0.9 }, "cve": "CVE-2011-3561", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "HIGH", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 1.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.2, "id": "CVE-2011-3561", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 1.9, "vectorString": "AV:A/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2011-3561", "trust": 1.0, "value": "LOW" }, { "author": "NVD", "id": "CVE-2011-3561", "trust": 0.8, "value": "Low" }, { "author": "CNNVD", "id": "CNNVD-201110-472", "trust": 0.6, "value": "LOW" }, { "author": "VULMON", "id": "CVE-2011-3561", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3561" }, { "db": "JVNDB", "id": "JVNDB-2011-002594" }, { "db": "CNNVD", "id": "CNNVD-201110-472" }, { "db": "NVD", "id": "CVE-2011-3561" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. \nThe vulnerability can be exploited over multiple protocols. This issue affects the \u0027Deployment\u0027 sub-component. \nThis vulnerability affects the following supported versions:\nJDK and JRE 7, 6 Update 27, JavaFX 2.0. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201111-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Oracle JRE/JDK: Multiple vulnerabilities\n Date: November 05, 2011\n Bugs: #340421, #354213, #370559, #387851\n ID: 201111-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in the Oracle JRE/JDK,\nallowing attackers to cause unspecified impact. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-java/sun-jre-bin \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n 2 app-emulation/emul-linux-x86-java\n \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n 3 dev-java/sun-jdk \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n -------------------------------------------------------------------\n NOTE: Packages marked with asterisks require manual intervention!\n -------------------------------------------------------------------\n 3 affected packages\n -------------------------------------------------------------------\n\nDescription\n===========\n\nMultiple vulnerabilities have been reported in the Oracle Java\nimplementation. \n\nImpact\n======\n\nA remote attacker could exploit these vulnerabilities to cause\nunspecified impact, possibly including remote execution of arbitrary\ncode. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Oracle JDK 1.6 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-java/sun-jdk-1.6.0.29\"\n\nAll Oracle JRE 1.6 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-java/sun-jre-bin-1.6.0.29\"\n\nAll users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to\nthe latest version:\n\n # emerge --sync\n # emerge -a -1 -v \"\u003e=app-emulation/emul-linux-x86-java-1.6.0.29\"\n\nNOTE: As Oracle has revoked the DLJ license for its Java\nimplementation, the packages can no longer be updated automatically. \nThis limitation is not present on a non-fetch restricted implementation\nsuch as dev-java/icedtea-bin. \n\nReferences\n==========\n\n[ 1 ] CVE-2010-3541\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541\n[ 2 ] CVE-2010-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548\n[ 3 ] CVE-2010-3549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549\n[ 4 ] CVE-2010-3550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550\n[ 5 ] CVE-2010-3551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551\n[ 6 ] CVE-2010-3552\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552\n[ 7 ] CVE-2010-3553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553\n[ 8 ] CVE-2010-3554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554\n[ 9 ] CVE-2010-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555\n[ 10 ] CVE-2010-3556\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556\n[ 11 ] CVE-2010-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557\n[ 12 ] CVE-2010-3558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558\n[ 13 ] CVE-2010-3559\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559\n[ 14 ] CVE-2010-3560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560\n[ 15 ] CVE-2010-3561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561\n[ 16 ] CVE-2010-3562\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562\n[ 17 ] CVE-2010-3563\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563\n[ 18 ] CVE-2010-3565\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565\n[ 19 ] CVE-2010-3566\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566\n[ 20 ] CVE-2010-3567\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567\n[ 21 ] CVE-2010-3568\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568\n[ 22 ] CVE-2010-3569\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569\n[ 23 ] CVE-2010-3570\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570\n[ 24 ] CVE-2010-3571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571\n[ 25 ] CVE-2010-3572\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572\n[ 26 ] CVE-2010-3573\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573\n[ 27 ] CVE-2010-3574\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574\n[ 28 ] CVE-2010-4422\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422\n[ 29 ] CVE-2010-4447\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447\n[ 30 ] CVE-2010-4448\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448\n[ 31 ] CVE-2010-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450\n[ 32 ] CVE-2010-4451\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451\n[ 33 ] CVE-2010-4452\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452\n[ 34 ] CVE-2010-4454\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454\n[ 35 ] CVE-2010-4462\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462\n[ 36 ] CVE-2010-4463\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463\n[ 37 ] CVE-2010-4465\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465\n[ 38 ] CVE-2010-4466\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466\n[ 39 ] CVE-2010-4467\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467\n[ 40 ] CVE-2010-4468\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468\n[ 41 ] CVE-2010-4469\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469\n[ 42 ] CVE-2010-4470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470\n[ 43 ] CVE-2010-4471\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471\n[ 44 ] CVE-2010-4472\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472\n[ 45 ] CVE-2010-4473\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473\n[ 46 ] CVE-2010-4474\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474\n[ 47 ] CVE-2010-4475\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475\n[ 48 ] CVE-2010-4476\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476\n[ 49 ] CVE-2011-0802\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802\n[ 50 ] CVE-2011-0814\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814\n[ 51 ] CVE-2011-0815\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815\n[ 52 ] CVE-2011-0862\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862\n[ 53 ] CVE-2011-0863\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863\n[ 54 ] CVE-2011-0864\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864\n[ 55 ] CVE-2011-0865\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865\n[ 56 ] CVE-2011-0867\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867\n[ 57 ] CVE-2011-0868\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868\n[ 58 ] CVE-2011-0869\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869\n[ 59 ] CVE-2011-0871\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871\n[ 60 ] CVE-2011-0872\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872\n[ 61 ] CVE-2011-0873\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873\n[ 62 ] CVE-2011-3389\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389\n[ 63 ] CVE-2011-3516\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516\n[ 64 ] CVE-2011-3521\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521\n[ 65 ] CVE-2011-3544\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544\n[ 66 ] CVE-2011-3545\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545\n[ 67 ] CVE-2011-3546\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546\n[ 68 ] CVE-2011-3547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547\n[ 69 ] CVE-2011-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548\n[ 70 ] CVE-2011-3549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549\n[ 71 ] CVE-2011-3550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550\n[ 72 ] CVE-2011-3551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551\n[ 73 ] CVE-2011-3552\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552\n[ 74 ] CVE-2011-3553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553\n[ 75 ] CVE-2011-3554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554\n[ 76 ] CVE-2011-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555\n[ 77 ] CVE-2011-3556\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556\n[ 78 ] CVE-2011-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557\n[ 79 ] CVE-2011-3558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558\n[ 80 ] CVE-2011-3560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560\n[ 81 ] CVE-2011-3561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201111-02.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. In a typical operating environment, these are of low security risk as\nthe runtime is not used on untrusted applets. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: java-1.6.0-sun security update\nAdvisory ID: RHSA-2011:1384-01\nProduct: Red Hat Enterprise Linux Extras\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2011-1384.html\nIssue date: 2011-10-19\nCVE Names: CVE-2011-3389 CVE-2011-3516 CVE-2011-3521 \n CVE-2011-3544 CVE-2011-3545 CVE-2011-3546 \n CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 \n CVE-2011-3550 CVE-2011-3551 CVE-2011-3552 \n CVE-2011-3553 CVE-2011-3554 CVE-2011-3555 \n CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 \n CVE-2011-3560 CVE-2011-3561 \n=====================================================================\n\n1. Summary:\n\nUpdated java-1.6.0-sun packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise\nLinux 5 and 6 Supplementary. \n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Desktop version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux AS version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux ES version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux WS version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. Further\ninformation about these flaws can be found on the Oracle Java SE Critical\nPatch page, listed in the References section. \nAll running instances of Sun Java must be restarted for the update to take\neffect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)\n745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936)\n745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600)\n745391 - CVE-2011-3551 OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640)\n745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417)\n745399 - CVE-2011-3544 OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823)\n745442 - CVE-2011-3521 OpenJDK: IIOP deserialization code execution (Deserialization, 7055902)\n745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857)\n745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466)\n745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012)\n745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773)\n745476 - CVE-2011-3553 OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794)\n745492 - CVE-2011-3558 OpenJDK: Hotspot unspecified issue (Hotspot, 7070134)\n747191 - CVE-2011-3545 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Sound)\n747198 - CVE-2011-3549 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Swing)\n747200 - CVE-2011-3550 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (AWT)\n747203 - CVE-2011-3516 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)\n747205 - CVE-2011-3546 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)\n747206 - CVE-2011-3555 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (JRE)\n747208 - CVE-2011-3561 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)\n\n6. Package List:\n\nRed Hat Enterprise Linux AS version 4 Extras:\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm\n\nRed Hat Desktop version 4 Extras:\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm\n\nRed Hat Enterprise Linux ES version 4 Extras:\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm\n\nRed Hat Enterprise Linux WS version 4 Extras:\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5):\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 5):\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6):\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3389.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3516.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3521.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3544.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3545.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3546.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3547.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3548.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3549.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3550.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3551.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3552.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3553.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3554.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3555.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3556.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3557.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3558.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3560.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3561.html\nhttps://access.redhat.com/security/updates/classification/#critical\nhttp://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2011 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFOnw+BXlSAg2UNWIIRArM2AJwNT0vxdrXLgkZjOCwP8LkDemBYzQCbBrE3\n0MJzQCB587rTzSRSo+gGytc=\n=809z\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac\nOS X 10.6 Update 6\n\nJava for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6\nare now available and address the following:\n\nJava\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nMac OS X v10.7.2, Mac OS X Server v10.7.2\nImpact: Multiple vulnerabilities in Java 1.6.0_26\nDescription: Multiple vulnerabilities exist in Java 1.6.0_26, the\nmost serious of which may allow an untrusted Java applet to execute\narbitrary code outside the Java sandbox. Visiting a web page\ncontaining a maliciously crafted untrusted Java applet may lead to\narbitrary code execution with the privileges of the current user. \nThese issues are addressed by updating to Java version 1.6.0_29. \nFurther information is available via the Java website at\nhttp://java.sun.com/javase/6/webnotes/ReleaseNotes.html\nCVE-ID\nCVE-2011-3389\nCVE-2011-3521\nCVE-2011-3544\nCVE-2011-3545\nCVE-2011-3546\nCVE-2011-3547\nCVE-2011-3548\nCVE-2011-3549\nCVE-2011-3551\nCVE-2011-3552\nCVE-2011-3553\nCVE-2011-3554\nCVE-2011-3556\nCVE-2011-3557\nCVE-2011-3558\nCVE-2011-3560\nCVE-2011-3561\n\nJava for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6\nmay be obtained from the Software Update pane in System Preferences,\nor Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nFor Mac OS X v10.6 systems\nThe download file is named: JavaForMacOSX10.6.dmg\nIts SHA-1 digest is: be0ac75b8bac967f1d39a94ebf9482a61fb7d70b\n\nFor Mac OS X v10.7 systems\nThe download file is named: JavaForMacOSX10.7.dmg\nIts SHA-1 digest is: 7768e6aeb5adaa638c74d4c04150517ed99fed20\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.16 (Darwin)\n\niQEcBAEBAgAGBQJOuZNKAAoJEGnF2JsdZQeece8H/1I98YQ1LF4iDD442zB+WjZP\n2Vxd3euXYwySD6qDCYNLJ0hUKu90c/4nr5d5rRH3xYdBzAHuZG39m069lpN1UZIW\nt5ube+j9zjiejnXlPbAgq+vIAg22nu0EdxhOOZZeQOoEYqyoKhXNCt3fR+tzo3o4\nmN/LWMO1NwrM0sGDPuUGs2TWdPZbC4QJJz4Z4S+FsTlujYh9MRd3dyxLBIg7BKCL\nwgnFdpFW8bPmVdiTj91pC0Gb3XtolQxexXGHsdI15KeFMbQ06nKV/AyvxMF8O5jS\nD089GEHE52NAQCZ0YJ6TJsisrGqTZZ77js55cPU259FogxEKKBuwfdFbn4qVeD8=\n=4KBF\n-----END PGP SIGNATURE-----\n. \n\nRelease Date: 2012-01-23\nLast Updated: 2012-01-23\n\n ------------------------------------------------------------------------------\n\nPotential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.12 or earlier\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2011-3516 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6\nCVE-2011-3521 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3544 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3545 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3546 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8\nCVE-2011-3547 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2011-3548 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3549 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3550 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6\nCVE-2011-3551 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\nCVE-2011-3552 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6\nCVE-2011-3553 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\nCVE-2011-3554 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3556 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2011-3557 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2011-3558 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2011-3560 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2011-3561 (AV:A/AC:H/Au:N/C:P/I:N/A:N) 1.8\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following Java version upgrades to resolve these vulnerabilities. This bulletin will be revised as other upgrades for additional supported Java versions become available. \nThe upgrades are available from the following location\n\nhttp://www.hp.com/go/java\n\nHP-UX B.11.11, B.11.23, B.11.31\n JDK and JRE v6.0.13 or subsequent\n\nMANUAL ACTIONS: Yes - Update\nFor Java v6.0.12 and earlier, update to Java v6.0.13 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\nHP-UX B.11.23\nHP-UX B.11.31\n===========\nJre60.JRE60-COM\nJre60.JRE60-IPF32\nJre60.JRE60-IPF32-HS\nJre60.JRE60-IPF64\nJre60.JRE60-IPF64-HS\nJre60.JRE60-PA20\nJre60.JRE60-PA20-HS\nJre60.JRE60-PA20W\nJre60.JRE60-PA20W-HS\nJdk60.JDK60-COM\nJdk60.JDK60-IPF32\nJdk60.JDK60-IPF64\nJdk60.JDK60-PA20\nJdk60.JDK60-PA20W\naction: install revision 1.6.0.13.00 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) 23 January 2012 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in the title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners", "sources": [ { "db": "NVD", "id": "CVE-2011-3561" }, { "db": "JVNDB", "id": "JVNDB-2011-002594" }, { "db": "BID", "id": "50250" }, { "db": "VULMON", "id": "CVE-2011-3561" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "123734" }, { "db": "PACKETSTORM", "id": "108800" }, { "db": "PACKETSTORM", "id": "105998" }, { "db": "PACKETSTORM", "id": "106792" }, { "db": "PACKETSTORM", "id": "109072" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-3561", "trust": 3.4 }, { "db": "BID", "id": "50250", "trust": 2.0 }, { "db": "OSVDB", "id": "76513", "trust": 1.7 }, { "db": "SECTRACK", "id": "1026215", "trust": 1.7 }, { "db": "SECUNIA", "id": "48308", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2011-002594", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201110-472", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-17-213-02", "trust": 0.3 }, { "db": "VULMON", "id": "CVE-2011-3561", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106640", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "123734", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "108800", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "105998", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106792", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "109072", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3561" }, { "db": "BID", "id": "50250" }, { "db": "JVNDB", "id": "JVNDB-2011-002594" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "123734" }, { "db": "PACKETSTORM", "id": "108800" }, { "db": "PACKETSTORM", "id": "105998" }, { "db": "PACKETSTORM", "id": "106792" }, { "db": "PACKETSTORM", "id": "109072" }, { "db": "CNNVD", "id": "CNNVD-201110-472" }, { "db": "NVD", "id": "CVE-2011-3561" } ] }, "id": "VAR-201110-0379", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 1.0 }, "last_update_date": "2024-09-19T21:37:44.323000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "HT5045", "trust": 0.8, "url": "http://support.apple.com/kb/HT5045" }, { "title": "Oracle Java SE Critical Patch Update Advisory - October 2011", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" }, { "title": "RHSA-2013:1455", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2013-1455.html" }, { "title": "RHSA-2011:1384", "trust": 0.8, "url": "http://rhn.redhat.com/errata/RHSA-2011-1384.html" }, { "title": "October 2011 Critical Patch Updates Released", "trust": 0.8, "url": "http://blogs.oracle.com/security/entry/october_2011_critical_patch_updates" }, { "title": "VMSA-2012-0003", "trust": 0.8, "url": "http://www.vmware.com/jp/support/support-resources/advisories/VMSA-2012-0003.html" }, { "title": "Oracle \u2018Java Runtime Environment\u2019 Fixes for component security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=192724" }, { "title": "Red Hat: Critical: java-1.6.0-ibm security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120034 - Security Advisory" }, { "title": "Red Hat: Low: Red Hat Network Satellite server IBM Java Runtime security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20131455 - Security Advisory" } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3561" }, { "db": "JVNDB", "id": "JVNDB-2011-002594" }, { "db": "CNNVD", "id": "CNNVD-201110-472" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2011-3561" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "http://www.ibm.com/developerworks/java/jdk/alerts/" }, { "trust": 2.1, "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" }, { "trust": 1.8, "url": "http://rhn.redhat.com/errata/rhsa-2013-1455.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2" }, { "trust": 1.7, "url": "http://osvdb.org/76513" }, { "trust": 1.7, "url": "http://secunia.com/advisories/48308" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2011-1384.html" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/50250" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id?1026215" }, { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70833" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14274" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3561" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3561" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3521" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3546" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3549" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3553" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3554" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3389" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3548" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3551" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3547" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3545" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3561" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3556" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3560" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3552" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3544" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3557" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3516" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3550" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-213-02" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100150852" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100154049" }, { "trust": 0.3, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03358587" }, { "trust": 0.3, "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?docid=emr_na-c03909126-1\u0026ac.admitted=1378134276525.876444892.492883150" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643845" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21641966" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21609004" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21609022" }, { "trust": 0.3, "url": "http://lists.vmware.com/pipermail/security-announce/2012/000162.html" }, { "trust": 0.3, "url": "http://www.vmware.com/security/advisories/vmsa-2012-0005.html" }, { "trust": 0.3, "url": "http://www.xerox.com/download/security/security-bulletin/1284333-14afb-4baadb5bccb00/cert_xrx12-002_v1.1.pdf" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3548.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3556.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3551.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3389.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3561.html" }, { "trust": 0.3, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3552.html" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3547.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3554.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3549.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3516.html" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3521.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3553.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3545.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3544.html" }, { "trust": 0.3, "url": "http://bugzilla.redhat.com/):" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3560.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3557.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3546.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3550.html" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3558" }, { "trust": 0.2, "url": "https://access.redhat.com/kb/docs/doc-11259" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://www.rapid7.com/db/vulnerabilities/vmsa-2012-0005-cve-2011-3561" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2012:0034" }, { "trust": 0.1, "url": "https://www.rapid7.com/db/vulnerabilities/linuxrpm-rhsa-rhel4-unaffected" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4474" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3565" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0814" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3563" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3570" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0864" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3553" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4451" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3516" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3557" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3550" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0865" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4471" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3550" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3557" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3562" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3567" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3556" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3550" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4447" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4476" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3549" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3554" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3563" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0862" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4466" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3568" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4467" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3567" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4465" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4472" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3556" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0863" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3568" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3548" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3558" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3566" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3549" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3562" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3556" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3573" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3552" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4462" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4469" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4448" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3521" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3546" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3569" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3559" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0871" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0815" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3561" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3554" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4475" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3569" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3559" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3573" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3549" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3565" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0872" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3552" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3554" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3552" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4470" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4422" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3553" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0867" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4468" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3551" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4463" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3544" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3570" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3545" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3547" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0869" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3566" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4452" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0802" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3551" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4422" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3553" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4473" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3558" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201111-02.xml" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0873" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0868" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4454" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3389" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3551" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3557" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2468.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0873.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1540.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1476.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2463.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2446.html" }, { "trust": 0.1, "url": "https://access.redhat.com/site/articles/11258" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1500.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0428.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1480.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2419.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3563.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0401.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2444.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0425.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2454.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5089.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1722.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5079.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0497.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0500.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0419.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2422.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1721.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5081.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0409.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5071.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0863.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0423.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1532.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3216.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5069.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0499.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0862" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0867.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5084.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0443.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0507.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2451.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0809.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1487.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0351.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0814.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-4820.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0503.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0427.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0433.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1493.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1569.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5073.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-4823.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2435.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2456.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-3743.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#low" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2407.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0871.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2470.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5068.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1541.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0868.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-4822.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0873" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3159.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1557.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5075.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2471.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2429.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2443.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1713.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3213.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0441.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2457.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2412.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5072.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1718.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0432.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0446.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1481.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1537.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1717.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1531.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2432.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2447.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0802.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2452.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0865.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0450.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1491.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2464.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0862.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1571.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2383.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2418.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1473.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0547.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1563.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2465.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2472.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2466.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2424.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2453.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0867" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2473.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2433.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2437.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1716.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0506.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5083.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0501.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1533.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3342.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0869" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0426.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2450.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3143.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0440.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1725.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0865" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0502.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2417.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0445.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2394.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2455.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0498.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1682.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2442.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2459.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2430.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0442.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0551.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0424.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0869.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2448.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0863" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1719.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1486.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-5035.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2384.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0169.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0505.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2469.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0438.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0871" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0868" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1478.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0435.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0434.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0802" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0814" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2420.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2440.html" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2012-0034.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3555" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2011-1384.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3558.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3555.html" }, { "trust": 0.1, "url": "http://support.apple.com/kb/ht1222" }, { "trust": 0.1, "url": "http://www.apple.com/support/downloads/" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "http://java.sun.com/javase/6/webnotes/releasenotes.html" }, { "trust": 0.1, "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.1, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.1, "url": "http://www.hp.com/go/java" }, { "trust": 0.1, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430" }, { "trust": 0.1, "url": "https://www.hp.com/go/swa" } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3561" }, { "db": "BID", "id": "50250" }, { "db": "JVNDB", "id": "JVNDB-2011-002594" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "123734" }, { "db": "PACKETSTORM", "id": "108800" }, { "db": "PACKETSTORM", "id": "105998" }, { "db": "PACKETSTORM", "id": "106792" }, { "db": "PACKETSTORM", "id": "109072" }, { "db": "CNNVD", "id": "CNNVD-201110-472" }, { "db": "NVD", "id": "CVE-2011-3561" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2011-3561" }, { "db": "BID", "id": "50250" }, { "db": "JVNDB", "id": "JVNDB-2011-002594" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "123734" }, { "db": "PACKETSTORM", "id": "108800" }, { "db": "PACKETSTORM", "id": "105998" }, { "db": "PACKETSTORM", "id": "106792" }, { "db": "PACKETSTORM", "id": "109072" }, { "db": "CNNVD", "id": "CNNVD-201110-472" }, { "db": "NVD", "id": "CVE-2011-3561" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-10-19T00:00:00", "db": "VULMON", "id": "CVE-2011-3561" }, { "date": "2011-10-18T00:00:00", "db": "BID", "id": "50250" }, { "date": "2011-10-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-002594" }, { "date": "2011-11-06T01:01:42", "db": "PACKETSTORM", "id": "106640" }, { "date": "2013-10-23T22:57:57", "db": "PACKETSTORM", "id": "123734" }, { "date": "2012-01-18T23:25:42", "db": "PACKETSTORM", "id": "108800" }, { "date": "2011-10-19T22:54:10", "db": "PACKETSTORM", "id": "105998" }, { "date": "2011-11-09T18:31:22", "db": "PACKETSTORM", "id": "106792" }, { "date": "2012-01-25T16:35:02", "db": "PACKETSTORM", "id": "109072" }, { "date": "1900-01-01T00:00:00", "db": "CNNVD", "id": "CNNVD-201110-472" }, { "date": "2011-10-19T21:55:01.737000", "db": "NVD", "id": "CVE-2011-3561" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-10-30T00:00:00", "db": "VULMON", "id": "CVE-2011-3561" }, { "date": "2017-08-02T18:09:00", "db": "BID", "id": "50250" }, { "date": "2015-08-11T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-002594" }, { "date": "2022-05-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201110-472" }, { "date": "2022-05-13T14:52:52.233000", "db": "NVD", "id": "CVE-2011-3561" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "specific network environment", "sources": [ { "db": "CNNVD", "id": "CNNVD-201110-472" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Oracle Java SE of Java Runtime Environment (JRE) Vulnerabilities in components", "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-002594" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-201110-472" } ], "trust": 0.6 } }
var-201110-0383
Vulnerability from variot
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote attackers to affect integrity via unknown vectors related to Networking. Exploiting this vulnerability could allow an attacker to exhaust all ephemeral ports on the system. This could impact the availability of networking and system resources on the computer. Other attacks are also possible. This vulnerability affects the following supported versions: JDK and JRE 7, 6 Update 27, 5.0 Update 31, 1.4.2_33. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Hitachi Cosminexus Products Java Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA46694
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46694/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46694
RELEASE DATE: 2011-11-08
DISCUSS ADVISORY: http://secunia.com/advisories/46694/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46694/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46694
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Hitachi has acknowledged multiple vulnerabilities in Hitachi Cosminexus products, which can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
The vulnerabilities are caused due to vulnerabilities in the bundled version of Cosminexus Developer's Kit for Java.
For more information: SA46512
Please see the vendor's advisory for a list of affected products. Please see the vendor's advisory for details.
ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-024/index.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201406-32
http://security.gentoo.org/
Severity: High Title: IcedTea JDK: Multiple vulnerabilities Date: June 29, 2014 Bugs: #312297, #330205, #340819, #346799, #352035, #353418, #354231, #355127, #370787, #387637, #404095, #421031, #429522, #433389, #438750, #442478, #457206, #458410, #461714, #466822, #477210, #489570, #508270 ID: 201406-32
Synopsis
Multiple vulnerabilities have been found in the IcedTea JDK, the worst of which could lead to arbitrary code execution.
Background
IcedTea is a distribution of the Java OpenJDK source code built with free build tools.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/icedtea-bin < 6.1.13.3 >= 6.1.13.3
Description
Multiple vulnerabilities have been discovered in the IcedTea JDK. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All IcedTea JDK users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-6.1.13.3"
References
[ 1 ] CVE-2009-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555 [ 2 ] CVE-2010-2548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2548 [ 3 ] CVE-2010-2783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2783 [ 4 ] CVE-2010-3541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541 [ 5 ] CVE-2010-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548 [ 6 ] CVE-2010-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549 [ 7 ] CVE-2010-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551 [ 8 ] CVE-2010-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553 [ 9 ] CVE-2010-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554 [ 10 ] CVE-2010-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557 [ 11 ] CVE-2010-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561 [ 12 ] CVE-2010-3562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562 [ 13 ] CVE-2010-3564 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3564 [ 14 ] CVE-2010-3565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565 [ 15 ] CVE-2010-3566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566 [ 16 ] CVE-2010-3567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567 [ 17 ] CVE-2010-3568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568 [ 18 ] CVE-2010-3569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569 [ 19 ] CVE-2010-3573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573 [ 20 ] CVE-2010-3574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574 [ 21 ] CVE-2010-3860 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3860 [ 22 ] CVE-2010-4351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4351 [ 23 ] CVE-2010-4448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448 [ 24 ] CVE-2010-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450 [ 25 ] CVE-2010-4465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465 [ 26 ] CVE-2010-4467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467 [ 27 ] CVE-2010-4469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469 [ 28 ] CVE-2010-4470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470 [ 29 ] CVE-2010-4471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471 [ 30 ] CVE-2010-4472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472 [ 31 ] CVE-2010-4476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476 [ 32 ] CVE-2011-0025 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0025 [ 33 ] CVE-2011-0706 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0706 [ 34 ] CVE-2011-0815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815 [ 35 ] CVE-2011-0822 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0822 [ 36 ] CVE-2011-0862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862 [ 37 ] CVE-2011-0864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864 [ 38 ] CVE-2011-0865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865 [ 39 ] CVE-2011-0868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868 [ 40 ] CVE-2011-0869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869 [ 41 ] CVE-2011-0870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0870 [ 42 ] CVE-2011-0871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871 [ 43 ] CVE-2011-0872 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872 [ 44 ] CVE-2011-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389 [ 45 ] CVE-2011-3521 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521 [ 46 ] CVE-2011-3544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544 [ 47 ] CVE-2011-3547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547 [ 48 ] CVE-2011-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548 [ 49 ] CVE-2011-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551 [ 50 ] CVE-2011-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552 [ 51 ] CVE-2011-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553 [ 52 ] CVE-2011-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554 [ 53 ] CVE-2011-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556 [ 54 ] CVE-2011-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557 [ 55 ] CVE-2011-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558 [ 56 ] CVE-2011-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560 [ 57 ] CVE-2011-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563 [ 58 ] CVE-2011-3571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3571 [ 59 ] CVE-2011-5035 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035 [ 60 ] CVE-2012-0497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497 [ 61 ] CVE-2012-0501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501 [ 62 ] CVE-2012-0502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502 [ 63 ] CVE-2012-0503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503 [ 64 ] CVE-2012-0505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505 [ 65 ] CVE-2012-0506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506 [ 66 ] CVE-2012-0547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547 [ 67 ] CVE-2012-1711 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711 [ 68 ] CVE-2012-1713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713 [ 69 ] CVE-2012-1716 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716 [ 70 ] CVE-2012-1717 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717 [ 71 ] CVE-2012-1718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718 [ 72 ] CVE-2012-1719 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719 [ 73 ] CVE-2012-1723 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723 [ 74 ] CVE-2012-1724 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724 [ 75 ] CVE-2012-1725 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725 [ 76 ] CVE-2012-1726 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726 [ 77 ] CVE-2012-3216 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216 [ 78 ] CVE-2012-3422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3422 [ 79 ] CVE-2012-3423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3423 [ 80 ] CVE-2012-4416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416 [ 81 ] CVE-2012-4540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4540 [ 82 ] CVE-2012-5068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068 [ 83 ] CVE-2012-5069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069 [ 84 ] CVE-2012-5070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070 [ 85 ] CVE-2012-5071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071 [ 86 ] CVE-2012-5072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072 [ 87 ] CVE-2012-5073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073 [ 88 ] CVE-2012-5074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074 [ 89 ] CVE-2012-5075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075 [ 90 ] CVE-2012-5076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076 [ 91 ] CVE-2012-5077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077 [ 92 ] CVE-2012-5081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081 [ 93 ] CVE-2012-5084 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084 [ 94 ] CVE-2012-5085 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085 [ 95 ] CVE-2012-5086 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086 [ 96 ] CVE-2012-5087 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087 [ 97 ] CVE-2012-5089 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089 [ 98 ] CVE-2012-5979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5979 [ 99 ] CVE-2013-0169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169 [ 100 ] CVE-2013-0401 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401 [ 101 ] CVE-2013-0424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0424 [ 102 ] CVE-2013-0425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0425 [ 103 ] CVE-2013-0426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0426 [ 104 ] CVE-2013-0427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0427 [ 105 ] CVE-2013-0428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0428 [ 106 ] CVE-2013-0429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0429 [ 107 ] CVE-2013-0431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0431 [ 108 ] CVE-2013-0432 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0432 [ 109 ] CVE-2013-0433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0433 [ 110 ] CVE-2013-0434 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0434 [ 111 ] CVE-2013-0435 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0435 [ 112 ] CVE-2013-0440 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0440 [ 113 ] CVE-2013-0441 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0441 [ 114 ] CVE-2013-0442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0442 [ 115 ] CVE-2013-0443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0443 [ 116 ] CVE-2013-0444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0444 [ 117 ] CVE-2013-0450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0450 [ 118 ] CVE-2013-0809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809 [ 119 ] CVE-2013-1475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1475 [ 120 ] CVE-2013-1476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1476 [ 121 ] CVE-2013-1478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1478 [ 122 ] CVE-2013-1480 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1480 [ 123 ] CVE-2013-1484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484 [ 124 ] CVE-2013-1485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485 [ 125 ] CVE-2013-1486 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486 [ 126 ] CVE-2013-1488 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488 [ 127 ] CVE-2013-1493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493 [ 128 ] CVE-2013-1500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500 [ 129 ] CVE-2013-1518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518 [ 130 ] CVE-2013-1537 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537 [ 131 ] CVE-2013-1557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557 [ 132 ] CVE-2013-1569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569 [ 133 ] CVE-2013-1571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571 [ 134 ] CVE-2013-2383 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383 [ 135 ] CVE-2013-2384 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384 [ 136 ] CVE-2013-2407 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407 [ 137 ] CVE-2013-2412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412 [ 138 ] CVE-2013-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415 [ 139 ] CVE-2013-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417 [ 140 ] CVE-2013-2419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419 [ 141 ] CVE-2013-2420 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420 [ 142 ] CVE-2013-2421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421 [ 143 ] CVE-2013-2422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422 [ 144 ] CVE-2013-2423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423 [ 145 ] CVE-2013-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424 [ 146 ] CVE-2013-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426 [ 147 ] CVE-2013-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429 [ 148 ] CVE-2013-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430 [ 149 ] CVE-2013-2431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431 [ 150 ] CVE-2013-2436 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436 [ 151 ] CVE-2013-2443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443 [ 152 ] CVE-2013-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444 [ 153 ] CVE-2013-2445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445 [ 154 ] CVE-2013-2446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446 [ 155 ] CVE-2013-2447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447 [ 156 ] CVE-2013-2448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448 [ 157 ] CVE-2013-2449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449 [ 158 ] CVE-2013-2450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450 [ 159 ] CVE-2013-2451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451 [ 160 ] CVE-2013-2452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452 [ 161 ] CVE-2013-2453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453 [ 162 ] CVE-2013-2454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454 [ 163 ] CVE-2013-2455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455 [ 164 ] CVE-2013-2456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456 [ 165 ] CVE-2013-2457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457 [ 166 ] CVE-2013-2458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458 [ 167 ] CVE-2013-2459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459 [ 168 ] CVE-2013-2460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460 [ 169 ] CVE-2013-2461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461 [ 170 ] CVE-2013-2463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463 [ 171 ] CVE-2013-2465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465 [ 172 ] CVE-2013-2469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469 [ 173 ] CVE-2013-2470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470 [ 174 ] CVE-2013-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471 [ 175 ] CVE-2013-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472 [ 176 ] CVE-2013-2473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473 [ 177 ] CVE-2013-3829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829 [ 178 ] CVE-2013-4002 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4002 [ 179 ] CVE-2013-5772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772 [ 180 ] CVE-2013-5774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774 [ 181 ] CVE-2013-5778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778 [ 182 ] CVE-2013-5780 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780 [ 183 ] CVE-2013-5782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782 [ 184 ] CVE-2013-5783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783 [ 185 ] CVE-2013-5784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784 [ 186 ] CVE-2013-5790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790 [ 187 ] CVE-2013-5797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797 [ 188 ] CVE-2013-5800 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800 [ 189 ] CVE-2013-5802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802 [ 190 ] CVE-2013-5803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803 [ 191 ] CVE-2013-5804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804 [ 192 ] CVE-2013-5805 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805 [ 193 ] CVE-2013-5806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806 [ 194 ] CVE-2013-5809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809 [ 195 ] CVE-2013-5814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814 [ 196 ] CVE-2013-5817 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817 [ 197 ] CVE-2013-5820 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820 [ 198 ] CVE-2013-5823 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823 [ 199 ] CVE-2013-5825 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825 [ 200 ] CVE-2013-5829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829 [ 201 ] CVE-2013-5830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830 [ 202 ] CVE-2013-5840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840 [ 203 ] CVE-2013-5842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842 [ 204 ] CVE-2013-5849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849 [ 205 ] CVE-2013-5850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850 [ 206 ] CVE-2013-5851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851 [ 207 ] CVE-2013-6629 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6629 [ 208 ] CVE-2013-6954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6954 [ 209 ] CVE-2014-0429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0429 [ 210 ] CVE-2014-0446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0446 [ 211 ] CVE-2014-0451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0451 [ 212 ] CVE-2014-0452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0452 [ 213 ] CVE-2014-0453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0453 [ 214 ] CVE-2014-0456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0456 [ 215 ] CVE-2014-0457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0457 [ 216 ] CVE-2014-0458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0458 [ 217 ] CVE-2014-0459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0459 [ 218 ] CVE-2014-0460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0460 [ 219 ] CVE-2014-0461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0461 [ 220 ] CVE-2014-1876 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1876 [ 221 ] CVE-2014-2397 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2397 [ 222 ] CVE-2014-2398 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2398 [ 223 ] CVE-2014-2403 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2403 [ 224 ] CVE-2014-2412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2412 [ 225 ] CVE-2014-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2414 [ 226 ] CVE-2014-2421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2421 [ 227 ] CVE-2014-2423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2423 [ 228 ] CVE-2014-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2427
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201406-32.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . This combines the two previous openjdk-6 advisories, DSA-2311-1 and DSA-2356-1.
CVE-2011-0862 Integer overflow errors in the JPEG and font parser allow untrusted code (including applets) to elevate its privileges.
CVE-2011-0864 Hotspot, the just-in-time compiler in OpenJDK, mishandled certain byte code instructions, allowing untrusted code (including applets) to crash the virtual machine.
CVE-2011-0865 A race condition in signed object deserialization could allow untrusted code to modify signed content, apparently leaving its signature intact.
CVE-2011-0867 Untrusted code (including applets) could access information about network interfaces which was not intended to be public. (Note that the interface MAC address is still available to untrusted code.)
CVE-2011-0868 A float-to-long conversion could overflow, , allowing untrusted code (including applets) to crash the virtual machine.
CVE-2011-0869 Untrusted code (including applets) could intercept HTTP requests by reconfiguring proxy settings through a SOAP connection.
CVE-2011-0871 Untrusted code (including applets) could elevate its privileges through the Swing MediaTracker code.
CVE-2011-3389 The TLS implementation does not guard properly against certain chosen-plaintext attacks when block ciphers are used in CBC mode.
CVE-2011-3547 The skip() method in java.io.InputStream uses a shared buffer, allowing untrusted Java code (such as applets) to access data that is skipped by other code.
CVE-2011-3551 The Java2D C code contains an integer overflow which results in a heap-based buffer overflow, potentially allowing untrusted Java code (such as applets) to elevate its privileges.
CVE-2011-3553 JAX-WS enables stack traces for certain server responses by default, potentially leaking sensitive information.
CVE-2011-3560 The com.sun.net.ssl.HttpsURLConnection class does not perform proper security manager checks in the setSSLSocketFactory() method, allowing untrusted Java code to bypass security policy restrictions.
For the oldstable distribution (lenny), these problems have been fixed in version 6b18-1.8.10-0~lenny1.
We recommend that you upgrade your openjdk-6 packages. ========================================================================== Ubuntu Security Notice USN-1263-1 November 16, 2011
icedtea-web, openjdk-6, openjdk-6b18 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Summary:
Multiple OpenJDK 6 and IcedTea-Web vulnerabilities have been fixed.
Software Description: - icedtea-web: A web browser plugin to execute Java applets - openjdk-6: Open Source Java implementation - openjdk-6b18: Open Source Java implementation
Details:
Deepak Bhole discovered a flaw in the Same Origin Policy (SOP) implementation in the IcedTea web browser plugin. This could allow a remote attacker to open connections to certain hosts that should not be permitted. (CVE-2011-3377)
Juliano Rizzo and Thai Duong discovered that the block-wise AES encryption algorithm block-wise as used in TLS/SSL was vulnerable to a chosen-plaintext attack. This could allow a remote attacker to view confidential data. (CVE-2011-3389)
It was discovered that a type confusion flaw existed in the in the Internet Inter-Orb Protocol (IIOP) deserialization code. A remote attacker could use this to cause an untrusted application or applet to execute arbitrary code by deserializing malicious input. (CVE-2011-3521)
It was discovered that the Java scripting engine did not perform SecurityManager checks. This could allow a remote attacker to cause an untrusted application or applet to execute arbitrary code with the full privileges of the JVM. (CVE-2011-3544)
It was discovered that the InputStream class used a global buffer to store input bytes skipped. An attacker could possibly use this to gain access to sensitive information. (CVE-2011-3547)
It was discovered that a vulnerability existed in the AWTKeyStroke class. A remote attacker could cause an untrusted application or applet to execute arbitrary code. (CVE-2011-3548)
It was discovered that an integer overflow vulnerability existed in the TransformHelper class in the Java2D implementation. A remote attacker could use this cause a denial of service via an application or applet crash or possibly execute arbitrary code. (CVE-2011-3551)
It was discovered that the default number of available UDP sockets for applications running under SecurityManager restrictions was set too high. A remote attacker could use this with a malicious application or applet exhaust the number of available UDP sockets to cause a denial of service for other applets or applications running within the same JVM. (CVE-2011-3552)
It was discovered that Java API for XML Web Services (JAX-WS) could incorrectly expose a stack trace. A remote attacker could potentially use this to gain access to sensitive information. (CVE-2011-3553)
It was discovered that the unpacker for pack200 JAR files did not sufficiently check for errors. An attacker could cause a denial of service or possibly execute arbitrary code through a specially crafted pack200 JAR file. (CVE-2011-3554)
It was discovered that the RMI registration implementation did not properly restrict privileges of remotely executed code. A remote attacker could use this to execute code with elevated privileges. (CVE-2011-3556, CVE-2011-3557)
It was discovered that the HotSpot VM could be made to crash, allowing an attacker to cause a denial of service or possibly leak sensitive information. (CVE-2011-3558)
It was discovered that the HttpsURLConnection class did not properly perform SecurityManager checks in certain situations. This could allow a remote attacker to bypass restrictions on HTTPS connections. (CVE-2011-3560)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.10: icedtea-6-jre-cacao 6b23~pre11-0ubuntu1.11.10 icedtea-6-jre-jamvm 6b23~pre11-0ubuntu1.11.10 icedtea-netx 1.1.3-1ubuntu1.1 icedtea-plugin 1.1.3-1ubuntu1.1 openjdk-6-jre 6b23~pre11-0ubuntu1.11.10 openjdk-6-jre-headless 6b23~pre11-0ubuntu1.11.10 openjdk-6-jre-lib 6b23~pre11-0ubuntu1.11.10 openjdk-6-jre-zero 6b23~pre11-0ubuntu1.11.10
Ubuntu 11.04: icedtea-6-jre-cacao 6b22-1.10.4-0ubuntu1~11.04.1 icedtea-6-jre-jamvm 6b22-1.10.4-0ubuntu1~11.04.1 icedtea-netx 1.1.1-0ubuntu1~11.04.2 icedtea-plugin 1.1.1-0ubuntu1~11.04.2 openjdk-6-jre 6b22-1.10.4-0ubuntu1~11.04.1 openjdk-6-jre-headless 6b22-1.10.4-0ubuntu1~11.04.1 openjdk-6-jre-lib 6b22-1.10.4-0ubuntu1~11.04.1 openjdk-6-jre-zero 6b22-1.10.4-0ubuntu1~11.04.1
Ubuntu 10.10: icedtea-6-jre-cacao 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-demo 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-jdk 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-jre 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-jre-headless 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-jre-lib 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-jre-zero 6b20-1.9.10-0ubuntu1~10.10.2
Ubuntu 10.04 LTS: icedtea-6-jre-cacao 6b20-1.9.10-0ubuntu1~10.04.2 icedtea6-plugin 6b20-1.9.10-0ubuntu1~10.04.2 openjdk-6-demo 6b20-1.9.10-0ubuntu1~10.04.2 openjdk-6-jre 6b20-1.9.10-0ubuntu1~10.04.2 openjdk-6-jre-headless 6b20-1.9.10-0ubuntu1~10.04.2 openjdk-6-jre-lib 6b20-1.9.10-0ubuntu1~10.04.2 openjdk-6-jre-zero 6b20-1.9.10-0ubuntu1~10.04.2
After a standard system update you need to restart any Java applications or applets to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: java-1.6.0-sun security update Advisory ID: RHSA-2011:1384-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1384.html Issue date: 2011-10-19 CVE Names: CVE-2011-3389 CVE-2011-3516 CVE-2011-3521 CVE-2011-3544 CVE-2011-3545 CVE-2011-3546 CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 CVE-2011-3550 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3555 CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 CVE-2011-3560 CVE-2011-3561 =====================================================================
- Summary:
Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
-
Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section. All running instances of Sun Java must be restarted for the update to take effect.
-
Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
- Bugs fixed (http://bugzilla.redhat.com/):
737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) 745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936) 745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600) 745391 - CVE-2011-3551 OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640) 745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417) 745399 - CVE-2011-3544 OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823) 745442 - CVE-2011-3521 OpenJDK: IIOP deserialization code execution (Deserialization, 7055902) 745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857) 745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466) 745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012) 745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773) 745476 - CVE-2011-3553 OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794) 745492 - CVE-2011-3558 OpenJDK: Hotspot unspecified issue (Hotspot, 7070134) 747191 - CVE-2011-3545 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Sound) 747198 - CVE-2011-3549 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Swing) 747200 - CVE-2011-3550 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (AWT) 747203 - CVE-2011-3516 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment) 747205 - CVE-2011-3546 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment) 747206 - CVE-2011-3555 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (JRE) 747208 - CVE-2011-3561 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)
- Package List:
Red Hat Enterprise Linux AS version 4 Extras:
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm
Red Hat Desktop version 4 Extras:
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm
Red Hat Enterprise Linux ES version 4 Extras:
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm
Red Hat Enterprise Linux WS version 4 Extras:
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.x86_64.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node Supplementary (v. 6):
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-3389.html https://www.redhat.com/security/data/cve/CVE-2011-3516.html https://www.redhat.com/security/data/cve/CVE-2011-3521.html https://www.redhat.com/security/data/cve/CVE-2011-3544.html https://www.redhat.com/security/data/cve/CVE-2011-3545.html https://www.redhat.com/security/data/cve/CVE-2011-3546.html https://www.redhat.com/security/data/cve/CVE-2011-3547.html https://www.redhat.com/security/data/cve/CVE-2011-3548.html https://www.redhat.com/security/data/cve/CVE-2011-3549.html https://www.redhat.com/security/data/cve/CVE-2011-3550.html https://www.redhat.com/security/data/cve/CVE-2011-3551.html https://www.redhat.com/security/data/cve/CVE-2011-3552.html https://www.redhat.com/security/data/cve/CVE-2011-3553.html https://www.redhat.com/security/data/cve/CVE-2011-3554.html https://www.redhat.com/security/data/cve/CVE-2011-3555.html https://www.redhat.com/security/data/cve/CVE-2011-3556.html https://www.redhat.com/security/data/cve/CVE-2011-3557.html https://www.redhat.com/security/data/cve/CVE-2011-3558.html https://www.redhat.com/security/data/cve/CVE-2011-3560.html https://www.redhat.com/security/data/cve/CVE-2011-3561.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFOnw+BXlSAg2UNWIIRArM2AJwNT0vxdrXLgkZjOCwP8LkDemBYzQCbBrE3 0MJzQCB587rTzSRSo+gGytc= =809z -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
Release Date: 2012-01-23 Last Updated: 2012-01-23
Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.12 or earlier
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-3516 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2011-3521 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3544 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3545 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3546 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8 CVE-2011-3547 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3548 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3549 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3550 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2011-3551 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2011-3552 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2011-3553 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2011-3554 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3556 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-3557 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2011-3558 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3560 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2011-3561 (AV:A/AC:H/Au:N/C:P/I:N/A:N) 1.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following Java version upgrades to resolve these vulnerabilities. This bulletin will be revised as other upgrades for additional supported Java versions become available. The upgrades are available from the following location
http://www.hp.com/go/java
HP-UX B.11.11, B.11.23, B.11.31 JDK and JRE v6.0.13 or subsequent
MANUAL ACTIONS: Yes - Update For Java v6.0.12 and earlier, update to Java v6.0.13 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 =========== Jre60.JRE60-COM Jre60.JRE60-IPF32 Jre60.JRE60-IPF32-HS Jre60.JRE60-IPF64 Jre60.JRE60-IPF64-HS Jre60.JRE60-PA20 Jre60.JRE60-PA20-HS Jre60.JRE60-PA20W Jre60.JRE60-PA20W-HS Jdk60.JDK60-COM Jdk60.JDK60-IPF32 Jdk60.JDK60-IPF64 Jdk60.JDK60-PA20 Jdk60.JDK60-PA20W action: install revision 1.6.0.13.00 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) 23 January 2012 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201110-0383", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jre", "scope": "eq", "trust": 1.9, "vendor": "sun", "version": "1.4.2" }, { "model": "esx", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "3.5" }, { "model": "esx", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "4.0" }, { "model": "esx", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "4.1" }, { "model": "jre", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "jdk", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_22" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_22" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_26" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_17" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_6" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_17" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_6" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_27" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_27" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_1" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_1" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_18" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_18" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_7" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_25" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_7" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_25" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_31" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_31" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_21" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_21" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_4" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_4" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_28" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_28" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_11" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_11" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_2" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_2" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_10" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_10" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_16" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_16" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_14" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_14" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_12" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_12" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_29" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_29" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_20" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_24" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_20" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_24" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_5" }, { "model": "jre", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.4.2_33" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_5" }, { "model": "jdk", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.4.2_33" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_26" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_8" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_8" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_32" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_32" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_15" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_15" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_30" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_30" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_3" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_3" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_9" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_9" }, { "model": "jre", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jdk", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_23" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_23" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_19" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_19" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_13" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_13" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.7.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.7.0" }, { "model": "jre 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.5.0 32", "scope": "ne", "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 08", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "sdk 1.4.2 30", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 24", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.6.0 28", "scope": "ne", "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.4.2 30", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 17", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 16", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 08", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 1.5.0 32", "scope": "ne", "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.4.2 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.5.0 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 27", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 23", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 22", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 18", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 1.4.2 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.4.2 32", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 28", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 12", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 1.4.2 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 22", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 27", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "sdk 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.4.2 12", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 24", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 09", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 16", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 12", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 1.4.2 12", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.5.0 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.7" }, { "model": "jre 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.4.2 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 01", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 1.5.0 28", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.4.2 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 22", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.4.2 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 1.5.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 28", "scope": "ne", "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "sdk 09", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.4.2 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 23", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.4.2 17", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 10", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 28", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 1.4.2 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.4.2 33", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 26", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 30", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 26", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 24", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 1.4.2 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 22", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 11", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.4.2 16", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 18", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.7" }, { "model": "sdk 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "sdk 1.4.2 16", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 17", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 24", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "sdk 1.4.2 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 30", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "sdk 1.4.2 33", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "sdk 1.4.2 32", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk .0 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 0 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 24", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "vcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "4.0 (windows)" }, { "model": "vcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "4.1 (windows)" }, { "model": "vcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "5.0 (windows)" }, { "model": "virtualcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "2.5 (windows)" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6.8" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.7.2" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6.8" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.7.2" }, { "model": "jdk", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "5.0 update 31" }, { "model": "jdk", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "6 update 27" }, { "model": "jdk", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "7" }, { "model": "jre", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "1.4.2_33" }, { "model": "jre", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "5.0 update 31" }, { "model": "jre", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "6 update 27" }, { "model": "jre", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "7" }, { "model": "sdk", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "1.4.2_33" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 extras" }, { "model": "enterprise linux hpc node supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux server supplementary eus", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6.1.z" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "enterprise version 6" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard version 6" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "cosminexus client", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "cosminexus developer\u0027s kit for java", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base" }, { "model": "cosminexus server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard edition version 4" }, { "model": "cosminexus server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "web edition version 4" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard edition version 4" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "web edition version 4" }, { "model": "hirdb for java /xml", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "developer\u0027s kit for java", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "processing kit for xml", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "enterprise" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "express" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "smart edition" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard-r" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "for plug-in" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "01" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional for plug-in" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard" }, { "model": "ucosminexus operator", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus portal framework", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "entry set" }, { "model": "ucosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "architect" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "platform" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "platform - messaging" }, { "model": "jdk 1.5.0.0 11", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.5.0.0 09", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 11-b03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0 12", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 28", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk .0 04", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 01-b06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.6" }, { "model": "jdk .0 03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0.0 08", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0.0 09", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.5.0.0 07", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 2", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 01", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 27", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 07-b03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0.0 08", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 20", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0.0 12", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "cosminexus server web edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux enterprise for sap applications sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "java se sr8 fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8" }, { "model": "linux enterprise sdk sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "trio tview software", "scope": "eq", "trust": 0.3, "vendor": "schneider electric", "version": "3.27.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.1" }, { "model": "processing kit for xml", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.16.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.19.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr11 pf1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "enterprise linux as extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.10" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "jdk 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6" }, { "model": "nonstop server j06.08.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus studio web edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "nonstop server h06.15.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "trio tview software", "scope": "ne", "trust": 0.3, "vendor": "schneider electric", "version": "3.29.0" }, { "model": "nonstop server j06.06.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "15.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1" }, { "model": "nonstop server j06.14", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "sdk 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5" }, { "model": "ucosminexus application server express", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-70" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.8" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server j06.09.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.26", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "nonstop server j06.04.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system platform sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.2" }, { "model": "nonstop server j06.13", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr13", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "linux enterprise server sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "java se sr12", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.0" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "nonstop server j06.09.04", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.2" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "jre 27", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0.0.52" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "cosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "nonstop server h06.18.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.15.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.22.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server j06.12.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ir", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server j06.05.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.08.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus server standard edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server j06.09.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "nonstop server j06.16", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "ucosminexus client for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "java se sr6", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "nonstop server j6.0.14.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "freeflow print server 73.c0.41", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.2" }, { "model": "enterprise linux desktop supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "010" }, { "model": "enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "jdk 1.5.0 11", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "ucosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "ucosminexus service platform messaging", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0" }, { "model": "nonstop server j06.07.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2011" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "nonstop server j06.09.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk 1.5.0.0 04", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "nonstop server j06.10.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "nonstop server j06.06.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "nonstop server h06.24.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "jdk 1.5.0.0 06", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.0" }, { "model": "nonstop server h06.25", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "messaging storage server sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.0.2" }, { "model": "ucosminexus application server light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.15.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "freeflow print server 73.b3.61", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "linux enterprise software development kit sp1 for sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "enterprise linux for sap server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "virtualcenter update 6b", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "2.5" }, { "model": "java se sr12-fp5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "openjdk", "scope": "eq", "trust": 0.3, "vendor": "openjdk", "version": "6" }, { "model": "security appscan standard", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "jre 1.5.0 09", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "enterprise linux ws extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "java se sr9", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "enterprise linux es extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "jre beta", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "nonstop server j06.07.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "message networking sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux enterprise server for vmware sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "openjdk", "scope": "eq", "trust": 0.3, "vendor": "openjdk", "version": "1.6" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "nonstop server j06.08.04", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.08.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura system manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "messaging storage server sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "enterprise server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "jdk 07", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "nonstop server h06.15.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.24", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus primary server base", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "java se sr10", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "nonstop server h06.16.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus developer professional for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.18.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.20.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "enterprise linux hpc node optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "java se sr11", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.6" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "nonstop server j06.13.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "nonstop server h06.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "enterprise server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "jdk 1.5.0 11-b03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "nonstop server h06.19.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "java se sr7", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "java se sr13-fp10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "openpages grc platform", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.2.1" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "nonstop server h06.22.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "enterprise linux workstation optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "enterprise linux as for sap", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "cosminexus studio standard edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "nonstop server h06.19.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "linux enterprise server sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.7" }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.1" }, { "model": "jre 28", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "interactive response", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.1" }, { "model": "nonstop server j06.11.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr9-fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0" }, { "model": "nonstop server j06.15", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2011" }, { "model": "messaging application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "update manager update", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "5.01" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.21.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "virtualcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "nonstop server h06.20.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "jre 10-b03", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-80" }, { "model": "cosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.2" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0" }, { "model": "messaging storage server sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "nonstop server j06.05.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jre 07", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "nonstop server j06.07.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cms server aux", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "15.0" }, { "model": "nonstop server h06.21.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server h06.19.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk 0 09", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "linux enterprise java sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "jre 1.5.0 08", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "hirdb for java", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.2" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.10" }, { "model": "ucosminexus application server smart edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.7" }, { "model": "nonstop server j06.11.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "nonstop server h06.26.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "cosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "linux enterprise server sp1 for sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "enterprise linux server optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "desktop extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "nonstop server j06.04.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "nonstop server j06.04.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "nonstop server j06.06.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus primary server base", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "nonstop server h06.21.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "nonstop server j06.06.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.17.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk 1.5.0 07-b03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "java se sr13-fp11", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.4.2" }, { "model": "linux enterprise software development kit sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "network node manager i", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.1" }, { "model": "update manager", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura system platform sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "jdk 1.6.0 01-b06", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "cosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "enterprise linux sap", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "nonstop server h06.20.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "nonstop server j06.10.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "enterprise linux desktop optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server h06.17.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "enterprise linux hpc node supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "ucosminexus application server standard-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "nonstop server h06.16.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk 1.5.0.0 03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.4" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.2" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "nonstop server j06.05.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "linux enterprise java sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "sdk 02", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "java se sr1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "nonstop server h06.20.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus developer no version", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5" }, { "model": "jdk 0 03", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "nonstop server j06.09.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0.1" }, { "model": "linux enterprise desktop sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "nonstop server h06.17.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.08.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura conferencing standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server j06.10.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "nonstop server h06.25.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.18.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus application server no version", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.27", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.17.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.14.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.2" } ], "sources": [ { "db": "BID", "id": "50248" }, { "db": "JVNDB", "id": "JVNDB-2011-002586" }, { "db": "NVD", "id": "CVE-2011-3552" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:vmware:esx", "vulnerable": true }, { "cpe22Uri": "cpe:/a:vmware:vcenter", "vulnerable": true }, { "cpe22Uri": "cpe:/a:vmware:virtualcenter", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:sun:jdk", "vulnerable": true }, { "cpe22Uri": "cpe:/a:sun:jre", "vulnerable": true }, { "cpe22Uri": "cpe:/a:sun:sdk", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:enterprise_linux", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:enterprise_linux_hpc_node_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_server_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_server_supplementary_eus", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_workstation_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_desktop_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_client", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developers_kit_for_java", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_primary_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:hirdb_for_java_xml", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:hitachi_developers_kit_for_java", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:processing_kit_for_xml", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_client", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_operator", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_portal_framework", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_primary_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_service", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-002586" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "107305" }, { "db": "PACKETSTORM", "id": "108800" }, { "db": "PACKETSTORM", "id": "105998" }, { "db": "PACKETSTORM", "id": "108498" } ], "trust": 0.4 }, "cve": "CVE-2011-3552", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "exploitabilityScore": 4.9, "id": "CVE-2011-3552", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "LOW", "trust": 1.9, "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2011-3552", "trust": 1.0, "value": "LOW" }, { "author": "NVD", "id": "CVE-2011-3552", "trust": 0.8, "value": "Low" }, { "author": "VULMON", "id": "CVE-2011-3552", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3552" }, { "db": "JVNDB", "id": "JVNDB-2011-002586" }, { "db": "NVD", "id": "CVE-2011-3552" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote attackers to affect integrity via unknown vectors related to Networking. \nExploiting this vulnerability could allow an attacker to exhaust all ephemeral ports on the system. This could impact the availability of networking and system resources on the computer. Other attacks are also possible. \nThis vulnerability affects the following supported versions:\nJDK and JRE 7, 6 Update 27, 5.0 Update 31, 1.4.2_33. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nHitachi Cosminexus Products Java Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA46694\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46694/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46694\n\nRELEASE DATE:\n2011-11-08\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46694/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46694/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46694\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nHitachi has acknowledged multiple vulnerabilities in Hitachi\nCosminexus products, which can be exploited by malicious users to\ndisclose certain information and by malicious people to disclose\npotentially sensitive information, hijack a user\u0027s session, conduct\nDNS cache poisoning attacks, manipulate certain data, cause a DoS\n(Denial of Service), and compromise a vulnerable system. \n\nThe vulnerabilities are caused due to vulnerabilities in the bundled\nversion of Cosminexus Developer\u0027s Kit for Java. \n\nFor more information:\nSA46512\n\nPlease see the vendor\u0027s advisory for a list of affected products. Please see the vendor\u0027s advisory for\ndetails. \n\nORIGINAL ADVISORY:\nhttp://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-024/index.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201406-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: IcedTea JDK: Multiple vulnerabilities\n Date: June 29, 2014\n Bugs: #312297, #330205, #340819, #346799, #352035, #353418,\n #354231, #355127, #370787, #387637, #404095, #421031,\n #429522, #433389, #438750, #442478, #457206, #458410,\n #461714, #466822, #477210, #489570, #508270\n ID: 201406-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in the IcedTea JDK, the worst\nof which could lead to arbitrary code execution. \n\nBackground\n==========\n\nIcedTea is a distribution of the Java OpenJDK source code built with\nfree build tools. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-java/icedtea-bin \u003c 6.1.13.3 \u003e= 6.1.13.3 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in the IcedTea JDK. \nPlease review the CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll IcedTea JDK users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-java/icedtea-bin-6.1.13.3\"\n\nReferences\n==========\n\n[ 1 ] CVE-2009-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555\n[ 2 ] CVE-2010-2548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2548\n[ 3 ] CVE-2010-2783\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2783\n[ 4 ] CVE-2010-3541\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541\n[ 5 ] CVE-2010-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548\n[ 6 ] CVE-2010-3549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549\n[ 7 ] CVE-2010-3551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551\n[ 8 ] CVE-2010-3553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553\n[ 9 ] CVE-2010-3554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554\n[ 10 ] CVE-2010-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557\n[ 11 ] CVE-2010-3561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561\n[ 12 ] CVE-2010-3562\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562\n[ 13 ] CVE-2010-3564\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3564\n[ 14 ] CVE-2010-3565\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565\n[ 15 ] CVE-2010-3566\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566\n[ 16 ] CVE-2010-3567\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567\n[ 17 ] CVE-2010-3568\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568\n[ 18 ] CVE-2010-3569\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569\n[ 19 ] CVE-2010-3573\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573\n[ 20 ] CVE-2010-3574\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574\n[ 21 ] CVE-2010-3860\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3860\n[ 22 ] CVE-2010-4351\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4351\n[ 23 ] CVE-2010-4448\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448\n[ 24 ] CVE-2010-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450\n[ 25 ] CVE-2010-4465\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465\n[ 26 ] CVE-2010-4467\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467\n[ 27 ] CVE-2010-4469\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469\n[ 28 ] CVE-2010-4470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470\n[ 29 ] CVE-2010-4471\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471\n[ 30 ] CVE-2010-4472\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472\n[ 31 ] CVE-2010-4476\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476\n[ 32 ] CVE-2011-0025\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0025\n[ 33 ] CVE-2011-0706\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0706\n[ 34 ] CVE-2011-0815\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815\n[ 35 ] CVE-2011-0822\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0822\n[ 36 ] CVE-2011-0862\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862\n[ 37 ] CVE-2011-0864\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864\n[ 38 ] CVE-2011-0865\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865\n[ 39 ] CVE-2011-0868\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868\n[ 40 ] CVE-2011-0869\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869\n[ 41 ] CVE-2011-0870\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0870\n[ 42 ] CVE-2011-0871\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871\n[ 43 ] CVE-2011-0872\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872\n[ 44 ] CVE-2011-3389\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389\n[ 45 ] CVE-2011-3521\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521\n[ 46 ] CVE-2011-3544\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544\n[ 47 ] CVE-2011-3547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547\n[ 48 ] CVE-2011-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548\n[ 49 ] CVE-2011-3551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551\n[ 50 ] CVE-2011-3552\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552\n[ 51 ] CVE-2011-3553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553\n[ 52 ] CVE-2011-3554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554\n[ 53 ] CVE-2011-3556\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556\n[ 54 ] CVE-2011-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557\n[ 55 ] CVE-2011-3558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558\n[ 56 ] CVE-2011-3560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560\n[ 57 ] CVE-2011-3563\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563\n[ 58 ] CVE-2011-3571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3571\n[ 59 ] CVE-2011-5035\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035\n[ 60 ] CVE-2012-0497\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497\n[ 61 ] CVE-2012-0501\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501\n[ 62 ] CVE-2012-0502\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502\n[ 63 ] CVE-2012-0503\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503\n[ 64 ] CVE-2012-0505\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505\n[ 65 ] CVE-2012-0506\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506\n[ 66 ] CVE-2012-0547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547\n[ 67 ] CVE-2012-1711\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711\n[ 68 ] CVE-2012-1713\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713\n[ 69 ] CVE-2012-1716\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716\n[ 70 ] CVE-2012-1717\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717\n[ 71 ] CVE-2012-1718\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718\n[ 72 ] CVE-2012-1719\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719\n[ 73 ] CVE-2012-1723\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723\n[ 74 ] CVE-2012-1724\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724\n[ 75 ] CVE-2012-1725\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725\n[ 76 ] CVE-2012-1726\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726\n[ 77 ] CVE-2012-3216\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216\n[ 78 ] CVE-2012-3422\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3422\n[ 79 ] CVE-2012-3423\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3423\n[ 80 ] CVE-2012-4416\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416\n[ 81 ] CVE-2012-4540\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4540\n[ 82 ] CVE-2012-5068\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068\n[ 83 ] CVE-2012-5069\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069\n[ 84 ] CVE-2012-5070\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070\n[ 85 ] CVE-2012-5071\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071\n[ 86 ] CVE-2012-5072\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072\n[ 87 ] CVE-2012-5073\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073\n[ 88 ] CVE-2012-5074\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074\n[ 89 ] CVE-2012-5075\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075\n[ 90 ] CVE-2012-5076\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076\n[ 91 ] CVE-2012-5077\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077\n[ 92 ] CVE-2012-5081\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081\n[ 93 ] CVE-2012-5084\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084\n[ 94 ] CVE-2012-5085\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085\n[ 95 ] CVE-2012-5086\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086\n[ 96 ] CVE-2012-5087\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087\n[ 97 ] CVE-2012-5089\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089\n[ 98 ] CVE-2012-5979\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5979\n[ 99 ] CVE-2013-0169\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169\n[ 100 ] CVE-2013-0401\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401\n[ 101 ] CVE-2013-0424\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0424\n[ 102 ] CVE-2013-0425\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0425\n[ 103 ] CVE-2013-0426\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0426\n[ 104 ] CVE-2013-0427\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0427\n[ 105 ] CVE-2013-0428\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0428\n[ 106 ] CVE-2013-0429\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0429\n[ 107 ] CVE-2013-0431\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0431\n[ 108 ] CVE-2013-0432\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0432\n[ 109 ] CVE-2013-0433\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0433\n[ 110 ] CVE-2013-0434\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0434\n[ 111 ] CVE-2013-0435\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0435\n[ 112 ] CVE-2013-0440\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0440\n[ 113 ] CVE-2013-0441\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0441\n[ 114 ] CVE-2013-0442\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0442\n[ 115 ] CVE-2013-0443\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0443\n[ 116 ] CVE-2013-0444\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0444\n[ 117 ] CVE-2013-0450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0450\n[ 118 ] CVE-2013-0809\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809\n[ 119 ] CVE-2013-1475\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1475\n[ 120 ] CVE-2013-1476\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1476\n[ 121 ] CVE-2013-1478\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1478\n[ 122 ] CVE-2013-1480\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1480\n[ 123 ] CVE-2013-1484\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484\n[ 124 ] CVE-2013-1485\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485\n[ 125 ] CVE-2013-1486\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486\n[ 126 ] CVE-2013-1488\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488\n[ 127 ] CVE-2013-1493\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493\n[ 128 ] CVE-2013-1500\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500\n[ 129 ] CVE-2013-1518\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518\n[ 130 ] CVE-2013-1537\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537\n[ 131 ] CVE-2013-1557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557\n[ 132 ] CVE-2013-1569\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569\n[ 133 ] CVE-2013-1571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571\n[ 134 ] CVE-2013-2383\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383\n[ 135 ] CVE-2013-2384\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384\n[ 136 ] CVE-2013-2407\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407\n[ 137 ] CVE-2013-2412\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412\n[ 138 ] CVE-2013-2415\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415\n[ 139 ] CVE-2013-2417\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417\n[ 140 ] CVE-2013-2419\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419\n[ 141 ] CVE-2013-2420\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420\n[ 142 ] CVE-2013-2421\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421\n[ 143 ] CVE-2013-2422\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422\n[ 144 ] CVE-2013-2423\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423\n[ 145 ] CVE-2013-2424\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424\n[ 146 ] CVE-2013-2426\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426\n[ 147 ] CVE-2013-2429\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429\n[ 148 ] CVE-2013-2430\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430\n[ 149 ] CVE-2013-2431\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431\n[ 150 ] CVE-2013-2436\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436\n[ 151 ] CVE-2013-2443\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443\n[ 152 ] CVE-2013-2444\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444\n[ 153 ] CVE-2013-2445\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445\n[ 154 ] CVE-2013-2446\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446\n[ 155 ] CVE-2013-2447\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447\n[ 156 ] CVE-2013-2448\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448\n[ 157 ] CVE-2013-2449\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449\n[ 158 ] CVE-2013-2450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450\n[ 159 ] CVE-2013-2451\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451\n[ 160 ] CVE-2013-2452\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452\n[ 161 ] CVE-2013-2453\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453\n[ 162 ] CVE-2013-2454\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454\n[ 163 ] CVE-2013-2455\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455\n[ 164 ] CVE-2013-2456\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456\n[ 165 ] CVE-2013-2457\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457\n[ 166 ] CVE-2013-2458\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458\n[ 167 ] CVE-2013-2459\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459\n[ 168 ] CVE-2013-2460\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460\n[ 169 ] CVE-2013-2461\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461\n[ 170 ] CVE-2013-2463\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463\n[ 171 ] CVE-2013-2465\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465\n[ 172 ] CVE-2013-2469\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469\n[ 173 ] CVE-2013-2470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470\n[ 174 ] CVE-2013-2471\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471\n[ 175 ] CVE-2013-2472\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472\n[ 176 ] CVE-2013-2473\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473\n[ 177 ] CVE-2013-3829\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829\n[ 178 ] CVE-2013-4002\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4002\n[ 179 ] CVE-2013-5772\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772\n[ 180 ] CVE-2013-5774\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774\n[ 181 ] CVE-2013-5778\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778\n[ 182 ] CVE-2013-5780\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780\n[ 183 ] CVE-2013-5782\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782\n[ 184 ] CVE-2013-5783\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783\n[ 185 ] CVE-2013-5784\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784\n[ 186 ] CVE-2013-5790\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790\n[ 187 ] CVE-2013-5797\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797\n[ 188 ] CVE-2013-5800\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800\n[ 189 ] CVE-2013-5802\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802\n[ 190 ] CVE-2013-5803\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803\n[ 191 ] CVE-2013-5804\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804\n[ 192 ] CVE-2013-5805\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805\n[ 193 ] CVE-2013-5806\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806\n[ 194 ] CVE-2013-5809\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809\n[ 195 ] CVE-2013-5814\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814\n[ 196 ] CVE-2013-5817\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817\n[ 197 ] CVE-2013-5820\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820\n[ 198 ] CVE-2013-5823\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823\n[ 199 ] CVE-2013-5825\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825\n[ 200 ] CVE-2013-5829\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829\n[ 201 ] CVE-2013-5830\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830\n[ 202 ] CVE-2013-5840\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840\n[ 203 ] CVE-2013-5842\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842\n[ 204 ] CVE-2013-5849\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849\n[ 205 ] CVE-2013-5850\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850\n[ 206 ] CVE-2013-5851\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851\n[ 207 ] CVE-2013-6629\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6629\n[ 208 ] CVE-2013-6954\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6954\n[ 209 ] CVE-2014-0429\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0429\n[ 210 ] CVE-2014-0446\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0446\n[ 211 ] CVE-2014-0451\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0451\n[ 212 ] CVE-2014-0452\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0452\n[ 213 ] CVE-2014-0453\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0453\n[ 214 ] CVE-2014-0456\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0456\n[ 215 ] CVE-2014-0457\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0457\n[ 216 ] CVE-2014-0458\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0458\n[ 217 ] CVE-2014-0459\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0459\n[ 218 ] CVE-2014-0460\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0460\n[ 219 ] CVE-2014-0461\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0461\n[ 220 ] CVE-2014-1876\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1876\n[ 221 ] CVE-2014-2397\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2397\n[ 222 ] CVE-2014-2398\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2398\n[ 223 ] CVE-2014-2403\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2403\n[ 224 ] CVE-2014-2412\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2412\n[ 225 ] CVE-2014-2414\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2414\n[ 226 ] CVE-2014-2421\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2421\n[ 227 ] CVE-2014-2423\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2423\n[ 228 ] CVE-2014-2427\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2427\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201406-32.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. This combines the two previous\nopenjdk-6 advisories, DSA-2311-1 and DSA-2356-1. \n\nCVE-2011-0862\n\tInteger overflow errors in the JPEG and font parser allow\n\tuntrusted code (including applets) to elevate its privileges. \n\nCVE-2011-0864\n\tHotspot, the just-in-time compiler in OpenJDK, mishandled\n\tcertain byte code instructions, allowing untrusted code\n\t(including applets) to crash the virtual machine. \n\nCVE-2011-0865\n\tA race condition in signed object deserialization could\n\tallow untrusted code to modify signed content, apparently\n\tleaving its signature intact. \n\nCVE-2011-0867\n\tUntrusted code (including applets) could access information\n\tabout network interfaces which was not intended to be public. \n\t(Note that the interface MAC address is still available to\n\tuntrusted code.)\n\nCVE-2011-0868\n\tA float-to-long conversion could overflow, , allowing\n\tuntrusted code (including applets) to crash the virtual\n\tmachine. \n\nCVE-2011-0869\n\tUntrusted code (including applets) could intercept HTTP\n\trequests by reconfiguring proxy settings through a SOAP\n\tconnection. \n\nCVE-2011-0871\n\tUntrusted code (including applets) could elevate its\n\tprivileges through the Swing MediaTracker code. \n\nCVE-2011-3389\n\tThe TLS implementation does not guard properly against certain\n\tchosen-plaintext attacks when block ciphers are used in CBC\n\tmode. \n\nCVE-2011-3547\n\tThe skip() method in java.io.InputStream uses a shared buffer,\n\tallowing untrusted Java code (such as applets) to access data\n\tthat is skipped by other code. \n\nCVE-2011-3551\n\tThe Java2D C code contains an integer overflow which results\n\tin a heap-based buffer overflow, potentially allowing\n\tuntrusted Java code (such as applets) to elevate its\n\tprivileges. \n\nCVE-2011-3553\n\tJAX-WS enables stack traces for certain server responses by\n\tdefault, potentially leaking sensitive information. \n\nCVE-2011-3560\n\tThe com.sun.net.ssl.HttpsURLConnection class does not perform\n\tproper security manager checks in the setSSLSocketFactory()\n\tmethod, allowing untrusted Java code to bypass security policy\n\trestrictions. \n\nFor the oldstable distribution (lenny), these problems have been fixed\nin version 6b18-1.8.10-0~lenny1. \n\nWe recommend that you upgrade your openjdk-6 packages. ==========================================================================\nUbuntu Security Notice USN-1263-1\nNovember 16, 2011\n\nicedtea-web, openjdk-6, openjdk-6b18 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 11.10\n- Ubuntu 11.04\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n\nSummary:\n\nMultiple OpenJDK 6 and IcedTea-Web vulnerabilities have been fixed. \n\nSoftware Description:\n- icedtea-web: A web browser plugin to execute Java applets\n- openjdk-6: Open Source Java implementation\n- openjdk-6b18: Open Source Java implementation\n\nDetails:\n\nDeepak Bhole discovered a flaw in the Same Origin Policy (SOP)\nimplementation in the IcedTea web browser plugin. This could allow a\nremote attacker to open connections to certain hosts that should\nnot be permitted. (CVE-2011-3377)\n\nJuliano Rizzo and Thai Duong discovered that the block-wise AES\nencryption algorithm block-wise as used in TLS/SSL was vulnerable to\na chosen-plaintext attack. This could allow a remote attacker to view\nconfidential data. (CVE-2011-3389)\n\nIt was discovered that a type confusion flaw existed in the in\nthe Internet Inter-Orb Protocol (IIOP) deserialization code. A\nremote attacker could use this to cause an untrusted application\nor applet to execute arbitrary code by deserializing malicious\ninput. (CVE-2011-3521)\n\nIt was discovered that the Java scripting engine did not perform\nSecurityManager checks. This could allow a remote attacker to cause\nan untrusted application or applet to execute arbitrary code with\nthe full privileges of the JVM. (CVE-2011-3544)\n\nIt was discovered that the InputStream class used a global buffer to\nstore input bytes skipped. An attacker could possibly use this to gain\naccess to sensitive information. (CVE-2011-3547)\n\nIt was discovered that a vulnerability existed in the AWTKeyStroke\nclass. A remote attacker could cause an untrusted application or applet\nto execute arbitrary code. (CVE-2011-3548)\n\nIt was discovered that an integer overflow vulnerability existed\nin the TransformHelper class in the Java2D implementation. A remote\nattacker could use this cause a denial of service via an application\nor applet crash or possibly execute arbitrary code. (CVE-2011-3551)\n\nIt was discovered that the default number of available UDP sockets for\napplications running under SecurityManager restrictions was set too\nhigh. A remote attacker could use this with a malicious application or\napplet exhaust the number of available UDP sockets to cause a denial\nof service for other applets or applications running within the same\nJVM. (CVE-2011-3552)\n\nIt was discovered that Java API for XML Web Services (JAX-WS) could\nincorrectly expose a stack trace. A remote attacker could potentially\nuse this to gain access to sensitive information. (CVE-2011-3553)\n\nIt was discovered that the unpacker for pack200 JAR files did not\nsufficiently check for errors. An attacker could cause a denial of\nservice or possibly execute arbitrary code through a specially crafted\npack200 JAR file. (CVE-2011-3554)\n\nIt was discovered that the RMI registration implementation did not\nproperly restrict privileges of remotely executed code. A remote\nattacker could use this to execute code with elevated privileges. \n(CVE-2011-3556, CVE-2011-3557)\n\nIt was discovered that the HotSpot VM could be made to crash, allowing\nan attacker to cause a denial of service or possibly leak sensitive\ninformation. (CVE-2011-3558)\n\nIt was discovered that the HttpsURLConnection class did not\nproperly perform SecurityManager checks in certain situations. This\ncould allow a remote attacker to bypass restrictions on HTTPS\nconnections. (CVE-2011-3560)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 11.10:\n icedtea-6-jre-cacao 6b23~pre11-0ubuntu1.11.10\n icedtea-6-jre-jamvm 6b23~pre11-0ubuntu1.11.10\n icedtea-netx 1.1.3-1ubuntu1.1\n icedtea-plugin 1.1.3-1ubuntu1.1\n openjdk-6-jre 6b23~pre11-0ubuntu1.11.10\n openjdk-6-jre-headless 6b23~pre11-0ubuntu1.11.10\n openjdk-6-jre-lib 6b23~pre11-0ubuntu1.11.10\n openjdk-6-jre-zero 6b23~pre11-0ubuntu1.11.10\n\nUbuntu 11.04:\n icedtea-6-jre-cacao 6b22-1.10.4-0ubuntu1~11.04.1\n icedtea-6-jre-jamvm 6b22-1.10.4-0ubuntu1~11.04.1\n icedtea-netx 1.1.1-0ubuntu1~11.04.2\n icedtea-plugin 1.1.1-0ubuntu1~11.04.2\n openjdk-6-jre 6b22-1.10.4-0ubuntu1~11.04.1\n openjdk-6-jre-headless 6b22-1.10.4-0ubuntu1~11.04.1\n openjdk-6-jre-lib 6b22-1.10.4-0ubuntu1~11.04.1\n openjdk-6-jre-zero 6b22-1.10.4-0ubuntu1~11.04.1\n\nUbuntu 10.10:\n icedtea-6-jre-cacao 6b20-1.9.10-0ubuntu1~10.10.2\n openjdk-6-demo 6b20-1.9.10-0ubuntu1~10.10.2\n openjdk-6-jdk 6b20-1.9.10-0ubuntu1~10.10.2\n openjdk-6-jre 6b20-1.9.10-0ubuntu1~10.10.2\n openjdk-6-jre-headless 6b20-1.9.10-0ubuntu1~10.10.2\n openjdk-6-jre-lib 6b20-1.9.10-0ubuntu1~10.10.2\n openjdk-6-jre-zero 6b20-1.9.10-0ubuntu1~10.10.2\n\nUbuntu 10.04 LTS:\n icedtea-6-jre-cacao 6b20-1.9.10-0ubuntu1~10.04.2\n icedtea6-plugin 6b20-1.9.10-0ubuntu1~10.04.2\n openjdk-6-demo 6b20-1.9.10-0ubuntu1~10.04.2\n openjdk-6-jre 6b20-1.9.10-0ubuntu1~10.04.2\n openjdk-6-jre-headless 6b20-1.9.10-0ubuntu1~10.04.2\n openjdk-6-jre-lib 6b20-1.9.10-0ubuntu1~10.04.2\n openjdk-6-jre-zero 6b20-1.9.10-0ubuntu1~10.04.2\n\nAfter a standard system update you need to restart any Java applications\nor applets to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: java-1.6.0-sun security update\nAdvisory ID: RHSA-2011:1384-01\nProduct: Red Hat Enterprise Linux Extras\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2011-1384.html\nIssue date: 2011-10-19\nCVE Names: CVE-2011-3389 CVE-2011-3516 CVE-2011-3521 \n CVE-2011-3544 CVE-2011-3545 CVE-2011-3546 \n CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 \n CVE-2011-3550 CVE-2011-3551 CVE-2011-3552 \n CVE-2011-3553 CVE-2011-3554 CVE-2011-3555 \n CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 \n CVE-2011-3560 CVE-2011-3561 \n=====================================================================\n\n1. Summary:\n\nUpdated java-1.6.0-sun packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise\nLinux 5 and 6 Supplementary. \n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Desktop version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux AS version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux ES version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux WS version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. Further\ninformation about these flaws can be found on the Oracle Java SE Critical\nPatch page, listed in the References section. \nAll running instances of Sun Java must be restarted for the update to take\neffect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)\n745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936)\n745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600)\n745391 - CVE-2011-3551 OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640)\n745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417)\n745399 - CVE-2011-3544 OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823)\n745442 - CVE-2011-3521 OpenJDK: IIOP deserialization code execution (Deserialization, 7055902)\n745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857)\n745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466)\n745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012)\n745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773)\n745476 - CVE-2011-3553 OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794)\n745492 - CVE-2011-3558 OpenJDK: Hotspot unspecified issue (Hotspot, 7070134)\n747191 - CVE-2011-3545 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Sound)\n747198 - CVE-2011-3549 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Swing)\n747200 - CVE-2011-3550 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (AWT)\n747203 - CVE-2011-3516 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)\n747205 - CVE-2011-3546 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)\n747206 - CVE-2011-3555 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (JRE)\n747208 - CVE-2011-3561 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)\n\n6. Package List:\n\nRed Hat Enterprise Linux AS version 4 Extras:\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm\n\nRed Hat Desktop version 4 Extras:\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm\n\nRed Hat Enterprise Linux ES version 4 Extras:\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm\n\nRed Hat Enterprise Linux WS version 4 Extras:\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5):\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 5):\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6):\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3389.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3516.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3521.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3544.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3545.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3546.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3547.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3548.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3549.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3550.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3551.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3552.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3553.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3554.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3555.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3556.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3557.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3558.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3560.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3561.html\nhttps://access.redhat.com/security/updates/classification/#critical\nhttp://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2011 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFOnw+BXlSAg2UNWIIRArM2AJwNT0vxdrXLgkZjOCwP8LkDemBYzQCbBrE3\n0MJzQCB587rTzSRSo+gGytc=\n=809z\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nRelease Date: 2012-01-23\nLast Updated: 2012-01-23\n\n ------------------------------------------------------------------------------\n\nPotential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.12 or earlier\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2011-3516 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6\nCVE-2011-3521 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3544 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3545 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3546 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8\nCVE-2011-3547 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2011-3548 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3549 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3550 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6\nCVE-2011-3551 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\nCVE-2011-3552 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6\nCVE-2011-3553 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\nCVE-2011-3554 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3556 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2011-3557 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2011-3558 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2011-3560 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2011-3561 (AV:A/AC:H/Au:N/C:P/I:N/A:N) 1.8\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following Java version upgrades to resolve these vulnerabilities. This bulletin will be revised as other upgrades for additional supported Java versions become available. \nThe upgrades are available from the following location\n\nhttp://www.hp.com/go/java\n\nHP-UX B.11.11, B.11.23, B.11.31\n JDK and JRE v6.0.13 or subsequent\n\nMANUAL ACTIONS: Yes - Update\nFor Java v6.0.12 and earlier, update to Java v6.0.13 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\nHP-UX B.11.23\nHP-UX B.11.31\n===========\nJre60.JRE60-COM\nJre60.JRE60-IPF32\nJre60.JRE60-IPF32-HS\nJre60.JRE60-IPF64\nJre60.JRE60-IPF64-HS\nJre60.JRE60-PA20\nJre60.JRE60-PA20-HS\nJre60.JRE60-PA20W\nJre60.JRE60-PA20W-HS\nJdk60.JDK60-COM\nJdk60.JDK60-IPF32\nJdk60.JDK60-IPF64\nJdk60.JDK60-PA20\nJdk60.JDK60-PA20W\naction: install revision 1.6.0.13.00 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) 23 January 2012 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in the title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners", "sources": [ { "db": "NVD", "id": "CVE-2011-3552" }, { "db": "JVNDB", "id": "JVNDB-2011-002586" }, { "db": "BID", "id": "50248" }, { "db": "VULMON", "id": "CVE-2011-3552" }, { "db": "PACKETSTORM", "id": "107305" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "108800" }, { "db": "PACKETSTORM", "id": "127267" }, { "db": "PACKETSTORM", "id": "107455" }, { "db": "PACKETSTORM", "id": "107532" }, { "db": "PACKETSTORM", "id": "107051" }, { "db": "PACKETSTORM", "id": "105998" }, { "db": "PACKETSTORM", "id": "108498" }, { "db": "PACKETSTORM", "id": "109072" }, { "db": "PACKETSTORM", "id": "112826" } ], "trust": 2.97 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-3552", "trust": 3.2 }, { "db": "BID", "id": "50248", "trust": 1.4 }, { "db": "SECUNIA", "id": "48308", "trust": 1.1 }, { "db": "SECUNIA", "id": "49198", "trust": 1.1 }, { "db": "SECUNIA", "id": "48692", "trust": 1.1 }, { "db": "SECTRACK", "id": "1026215", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2011-002586", "trust": 0.8 }, { "db": "HITACHI", "id": "HS11-024", "trust": 0.4 }, { "db": "ICS CERT", "id": "ICSA-17-213-02", "trust": 0.3 }, { "db": "SECUNIA", "id": "46694", "trust": 0.2 }, { "db": "VULMON", "id": "CVE-2011-3552", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "107305", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106747", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "108800", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127267", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "107455", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "107532", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "107051", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "105998", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "108498", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "109072", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "112826", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3552" }, { "db": "BID", "id": "50248" }, { "db": "JVNDB", "id": "JVNDB-2011-002586" }, { "db": "PACKETSTORM", "id": "107305" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "108800" }, { "db": "PACKETSTORM", "id": "127267" }, { "db": "PACKETSTORM", "id": "107455" }, { "db": "PACKETSTORM", "id": "107532" }, { "db": "PACKETSTORM", "id": "107051" }, { "db": "PACKETSTORM", "id": "105998" }, { "db": "PACKETSTORM", "id": "108498" }, { "db": "PACKETSTORM", "id": "109072" }, { "db": "PACKETSTORM", "id": "112826" }, { "db": "NVD", "id": "CVE-2011-3552" } ] }, "id": "VAR-201110-0383", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 1.0 }, "last_update_date": "2024-09-19T20:51:53.343000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "HT5045", "trust": 0.8, "url": "http://support.apple.com/kb/HT5045" }, { "title": "HS11-024", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-024/index.html" }, { "title": "Oracle Java SE Critical Patch Update Advisory - October 2011", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" }, { "title": "RHSA-2013:1455", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2013-1455.html" }, { "title": "RHSA-2011:1384", "trust": 0.8, "url": "http://rhn.redhat.com/errata/RHSA-2011-1384.html" }, { "title": "RHSA-2011:1478", "trust": 0.8, "url": "http://rhn.redhat.com/errata/RHSA-2011-1478.html" }, { "title": "October 2011 Critical Patch Updates Released", "trust": 0.8, "url": "http://blogs.oracle.com/security/entry/october_2011_critical_patch_updates" }, { "title": "VMSA-2012-0003", "trust": 0.8, "url": "http://www.vmware.com/jp/support/support-resources/advisories/VMSA-2012-0003.html" }, { "title": "HS11-024", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-024/index.html" }, { "title": "Red Hat: Critical: java-1.4.2-ibm security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120006 - Security Advisory" }, { "title": "Red Hat: Critical: java-1.5.0-ibm security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20111478 - Security Advisory" }, { "title": "Red Hat: Moderate: java-1.4.2-ibm-sap security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120343 - Security Advisory" }, { "title": "Red Hat: Critical: java-1.6.0-ibm security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120034 - Security Advisory" }, { "title": "Ubuntu Security Notice: openjdk-6, openjdk-6b18 regression", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1263-2" }, { "title": "Ubuntu Security Notice: icedtea-web, openjdk-6, openjdk-6b18 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1263-1" }, { "title": "Debian Security Advisories: DSA-2356-1 openjdk-6 -- several vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a48d7ee302b835c97c950b74a371fcfe" }, { "title": "Amazon Linux AMI: ALAS-2011-010", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2011-010" }, { "title": "Red Hat: Low: Red Hat Network Satellite server IBM Java Runtime security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20131455 - Security Advisory" } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3552" }, { "db": "JVNDB", "id": "JVNDB-2011-002586" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2011-3552" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "http://www.ibm.com/developerworks/java/jdk/alerts/" }, { "trust": 1.6, "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" }, { "trust": 1.2, "url": "http://www.ubuntu.com/usn/usn-1263-1" }, { "trust": 1.2, "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" }, { "trust": 1.2, "url": "http://www.securityfocus.com/bid/50248" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2011-1384.html" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2011-1478.html" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2012-0006.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/49198" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id?1026215" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/48692" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2013-1455.html" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2" }, { "trust": 1.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70841" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14465" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2" }, { "trust": 1.1, "url": "http://secunia.com/advisories/48308" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3552" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3556" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3548" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3547" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3552" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3552" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3560" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3389" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3557" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3554" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3549" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3545" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3521" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3553" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3544" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3551" }, { "trust": 0.4, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs11-024/index.html" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2011-3547.html" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2011-3548.html" }, { "trust": 0.4, "url": "https://access.redhat.com/kb/docs/doc-11259" }, { "trust": 0.4, "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2011-3556.html" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2011-3549.html" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2011-3545.html" }, { "trust": 0.4, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.4, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2011-3552.html" }, { "trust": 0.4, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.4, "url": "http://bugzilla.redhat.com/):" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=745397" }, { "trust": 0.3, "url": "http://blog.watchfire.com/files/dnsp_port_exhaustion.pdf" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-213-02" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100151219" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100150852" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100154049" }, { "trust": 0.3, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03358587" }, { "trust": 0.3, "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?docid=emr_na-c03909126-1\u0026ac.admitted=1378134276525.876444892.492883150" }, { "trust": 0.3, "url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03266681\u0026ac.admitted=1333452464452.876444892.492883150" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643845" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21641966" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21609004" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21609022" }, { "trust": 0.3, "url": "http://lists.vmware.com/pipermail/security-announce/2012/000162.html" }, { "trust": 0.3, "url": "http://www.vmware.com/security/advisories/vmsa-2012-0005.html" }, { "trust": 0.3, "url": "http://www.xerox.com/download/security/security-bulletin/1284333-14afb-4baadb5bccb00/cert_xrx12-002_v1.1.pdf" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3554.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3560.html" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3550" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3557.html" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3546" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3516" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3389.html" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3561" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3558" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3553.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3551.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3546.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3516.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3561.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3550.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3544.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3521.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4465" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4469" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4448" }, { "trust": 0.2, "url": "http://www.debian.org/security/faq" }, { "trust": 0.2, "url": "http://www.debian.org/security/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0865" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0864" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0862" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0867" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0871" }, { "trust": 0.2, "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.2, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.2, "url": "http://www.hp.com/go/java" }, { "trust": 0.2, "url": "https://www.hp.com/go/swa" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2012:0006" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/1263-2/" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2011-1478.html" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46694/#comments" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/products/corporate/vim/ovum_2011_request/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46694" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46694/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2012-0034.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4470" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3423" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3565" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2469" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0864" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3553" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2443" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1717" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2412" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1716" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0505" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1518" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2419" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3557" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2414" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3829" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5829" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5804" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1485" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5806" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5087" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2422" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0865" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4471" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5075" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3557" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3562" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2426" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3567" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4002" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5084" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1711" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1478" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2461" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5820" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5979" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6954" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2470" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4476" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0547" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4540" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0429" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0441" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2451" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2459" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5823" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2421" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0870" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3554" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0862" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2460" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1713" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0706" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0434" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5784" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3568" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5830" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5800" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4467" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3567" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2456" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5803" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4465" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4472" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5086" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3556" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0425" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2383" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2423" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2447" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2452" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2445" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5778" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5780" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5073" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3568" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1493" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2446" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5069" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-5035" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3566" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3549" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1500" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3562" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0426" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0457" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5850" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2783" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3573" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3552" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0451" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0459" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2423" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1876" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2384" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4469" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0431" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1557" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0458" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2453" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4448" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3521" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0401" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5085" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2407" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2421" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3564" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2429" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3569" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2403" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5068" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0871" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5071" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2398" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0432" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0815" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0444" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1475" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0497" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5774" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5782" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3554" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1725" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5790" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5805" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3564" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5802" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5849" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1719" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3569" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3573" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0461" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0442" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2448" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2458" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0427" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2427" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5825" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0506" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1484" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2430" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3541" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2415" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3549" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3565" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0872" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3216" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0429" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1718" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5772" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3860" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3422" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0433" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5074" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3554" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2454" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2444" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5072" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4470" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2436" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4416" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0822" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1537" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3553" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3551" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2449" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0503" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0025" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2457" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1476" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0169" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0424" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3563" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0809" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5077" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0435" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3544" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0456" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1723" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1726" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1571" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4467" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0460" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5081" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3547" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5840" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5851" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2465" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2431" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2473" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6629" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5783" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2783" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2463" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2412" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5809" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1480" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4351" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2420" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0501" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0428" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0869" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2417" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2471" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3566" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3551" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2424" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5076" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5842" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2397" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0452" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3553" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1569" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1724" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5797" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5070" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1486" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2472" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0446" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0453" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3860" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1488" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0502" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0868" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0440" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0443" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3389" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5814" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5817" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4351" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3551" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2455" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3557" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5089" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0868" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0869" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6b18/6b18-1.8.10-0ubuntu1~10.10.2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b20-1.9.10-0ubuntu1~10.04.2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/icedtea-web/1.1.1-0ubuntu1~11.04.2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b23~pre11-0ubuntu1.11.10" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6b18/6b18-1.8.10-0ubuntu1~11.04.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b22-1.10.4-0ubuntu1~11.04.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6b18/6b18-1.8.10-0ubuntu1~10.04.2" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3377" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b20-1.9.10-0ubuntu1~10.10.2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/icedtea-web/1.1.3-1ubuntu1.1" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3555" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2011-1384.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3558.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3555.html" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2012-0006.html" }, { "trust": 0.1, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3563" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4454" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0815" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4476" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0499" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4462" }, { "trust": 0.1, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4475" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4473" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4447" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0802" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0814" } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3552" }, { "db": "BID", "id": "50248" }, { "db": "JVNDB", "id": "JVNDB-2011-002586" }, { "db": "PACKETSTORM", "id": "107305" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "108800" }, { "db": "PACKETSTORM", "id": "127267" }, { "db": "PACKETSTORM", "id": "107455" }, { "db": "PACKETSTORM", "id": "107532" }, { "db": "PACKETSTORM", "id": "107051" }, { "db": "PACKETSTORM", "id": "105998" }, { "db": "PACKETSTORM", "id": "108498" }, { "db": "PACKETSTORM", "id": "109072" }, { "db": "PACKETSTORM", "id": "112826" }, { "db": "NVD", "id": "CVE-2011-3552" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2011-3552" }, { "db": "BID", "id": "50248" }, { "db": "JVNDB", "id": "JVNDB-2011-002586" }, { "db": "PACKETSTORM", "id": "107305" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "108800" }, { "db": "PACKETSTORM", "id": "127267" }, { "db": "PACKETSTORM", "id": "107455" }, { "db": "PACKETSTORM", "id": "107532" }, { "db": "PACKETSTORM", "id": "107051" }, { "db": "PACKETSTORM", "id": "105998" }, { "db": "PACKETSTORM", "id": "108498" }, { "db": "PACKETSTORM", "id": "109072" }, { "db": "PACKETSTORM", "id": "112826" }, { "db": "NVD", "id": "CVE-2011-3552" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-10-19T00:00:00", "db": "VULMON", "id": "CVE-2011-3552" }, { "date": "2011-10-18T00:00:00", "db": "BID", "id": "50248" }, { "date": "2011-10-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-002586" }, { "date": "2011-11-24T19:22:00", "db": "PACKETSTORM", "id": "107305" }, { "date": "2011-11-08T04:55:18", "db": "PACKETSTORM", "id": "106747" }, { "date": "2012-01-18T23:25:42", "db": "PACKETSTORM", "id": "108800" }, { "date": "2014-06-30T23:39:28", "db": "PACKETSTORM", "id": "127267" }, { "date": "2011-12-01T21:42:10", "db": "PACKETSTORM", "id": "107455" }, { "date": "2011-12-05T14:44:00", "db": "PACKETSTORM", "id": "107532" }, { "date": "2011-11-17T02:34:27", "db": "PACKETSTORM", "id": "107051" }, { "date": "2011-10-19T22:54:10", "db": "PACKETSTORM", "id": "105998" }, { "date": "2012-01-09T22:38:38", "db": "PACKETSTORM", "id": "108498" }, { "date": "2012-01-25T16:35:02", "db": "PACKETSTORM", "id": "109072" }, { "date": "2012-05-17T21:16:37", "db": "PACKETSTORM", "id": "112826" }, { "date": "2011-10-19T21:55:01.440000", "db": "NVD", "id": "CVE-2011-3552" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-01-06T00:00:00", "db": "VULMON", "id": "CVE-2011-3552" }, { "date": "2017-08-03T11:09:00", "db": "BID", "id": "50248" }, { "date": "2015-08-11T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-002586" }, { "date": "2018-01-06T02:29:20.377000", "db": "NVD", "id": "CVE-2011-3552" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "network", "sources": [ { "db": "BID", "id": "50248" } ], "trust": 0.3 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Oracle Java SE of Java Runtime Environment (JRE) Component vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-002586" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unknown", "sources": [ { "db": "BID", "id": "50248" } ], "trust": 0.3 } }
var-201003-0281
Vulnerability from variot
The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information. OpenSSL is prone to a denial-of-service vulnerability caused by a NULL-pointer dereference. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. OpenSSL versions 0.9.8f through 0.9.8m are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
VMware Security Advisory
Advisory ID: VMSA-2011-0003 Synopsis: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX Issue date: 2011-02-10 Updated on: 2011-02-10 (initial release of advisory) CVE numbers: --- Apache Tomcat --- CVE-2009-2693 CVE-2009-2901 CVE-2009-2902 CVE-2009-3548 CVE-2010-2227 CVE-2010-1157 --- Apache Tomcat Manager --- CVE-2010-2928 --- cURL --- CVE-2010-0734 --- COS Kernel --- CVE-2010-1084 CVE-2010-2066 CVE-2010-2070 CVE-2010-2226 CVE-2010-2248 CVE-2010-2521 CVE-2010-2524 CVE-2010-0008 CVE-2010-0415 CVE-2010-0437 CVE-2009-4308 CVE-2010-0003 CVE-2010-0007 CVE-2010-0307 CVE-2010-1086 CVE-2010-0410 CVE-2010-0730 CVE-2010-1085 CVE-2010-0291 CVE-2010-0622 CVE-2010-1087 CVE-2010-1173 CVE-2010-1437 CVE-2010-1088 CVE-2010-1187 CVE-2010-1436 CVE-2010-1641 CVE-2010-3081 --- Microsoft SQL Express --- CVE-2008-5416 CVE-2008-0085 CVE-2008-0086 CVE-2008-0107 CVE-2008-0106 --- OpenSSL --- CVE-2010-0740 CVE-2010-0433 CVE-2010-3864 CVE-2010-2939 --- Oracle (Sun) JRE --- CVE-2009-3555 CVE-2010-0082 CVE-2010-0084 CVE-2010-0085 CVE-2010-0087 CVE-2010-0088 CVE-2010-0089 CVE-2010-0090 CVE-2010-0091 CVE-2010-0092 CVE-2010-0093 CVE-2010-0094 CVE-2010-0095 CVE-2010-0837 CVE-2010-0838 CVE-2010-0839 CVE-2010-0840 CVE-2010-0841 CVE-2010-0842 CVE-2010-0843 CVE-2010-0844 CVE-2010-0845 CVE-2010-0846 CVE-2010-0847 CVE-2010-0848 CVE-2010-0849 CVE-2010-0850 CVE-2010-0886 CVE-2010-3556 CVE-2010-3566 CVE-2010-3567 CVE-2010-3550 CVE-2010-3561 CVE-2010-3573 CVE-2010-3565 CVE-2010-3568 CVE-2010-3569 CVE-2010-1321 CVE-2010-3548 CVE-2010-3551 CVE-2010-3562 CVE-2010-3571 CVE-2010-3554 CVE-2010-3559 CVE-2010-3572 CVE-2010-3553 CVE-2010-3549 CVE-2010-3557 CVE-2010-3541 CVE-2010-3574 --- pam_krb5 --- CVE-2008-3825 CVE-2009-1384
- Summary
Update 1 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere Hypervisor (ESXi) 4.1, ESXi 4.1, addresses several security issues.
- Relevant releases
vCenter Server 4.1 without Update 1,
vCenter Update Manager 4.1 without Update 1,
ESXi 4.1 without patch ESXi410-201101201-SG,
ESX 4.1 without patch ESX410-201101201-SG.
- Problem Description
a. vCenter Server and vCenter Update Manager update Microsoft SQL Server 2005 Express Edition to Service Pack 3
Microsoft SQL Server 2005 Express Edition (SQL Express)
distributed with vCenter Server 4.1 Update 1 and vCenter Update
Manager 4.1 Update 1 is upgraded from SQL Express Service Pack 2
to SQL Express Service Pack 3, to address multiple security
issues that exist in the earlier releases of Microsoft SQL Express.
Customers using other database solutions need not update for
these issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2008-5416, CVE-2008-0085, CVE-2008-0086,
CVE-2008-0107 and CVE-2008-0106 to the issues addressed in MS SQL
Express Service Pack 3.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 4.1 Windows Update 1
vCenter 4.0 Windows affected, patch pending
VirtualCenter 2.5 Windows affected, no patch planned
Update Manager 4.1 Windows Update 1
Update Manager 4.0 Windows affected, patch pending
Update Manager 1.0 Windows affected, no patch planned
hosted * any any not affected
ESXi any ESXi not affected
ESX any ESX not affected
- Hosted products are VMware Workstation, Player, ACE, Fusion.
b. vCenter Apache Tomcat Management Application Credential Disclosure
The Apache Tomcat Manager application configuration file contains
logon credentials that can be read by unprivileged local users.
The issue is resolved by removing the Manager application in
vCenter 4.1 Update 1.
If vCenter 4.1 is updated to vCenter 4.1 Update 1 the logon
credentials are not present in the configuration file after the
update.
VMware would like to thank Claudio Criscione of Secure Networking
for reporting this issue to us.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2010-2928 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 4.1 Windows Update 1
vCenter 4.0 Windows not affected
VirtualCenter 2.5 Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX any ESX not affected
- hosted products are VMware Workstation, Player, ACE, Fusion.
c. vCenter Server and ESX, Oracle (Sun) JRE is updated to version 1.6.0_21
Oracle (Sun) JRE update to version 1.6.0_21, which addresses
multiple security issues that existed in earlier releases of
Oracle (Sun) JRE.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following names to the security issues fixed in
Oracle (Sun) JRE 1.6.0_19: CVE-2009-3555, CVE-2010-0082,
CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088,
CVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092,
CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837,
CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841,
CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845,
CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849,
CVE-2010-0850.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following name to the security issue fixed in
Oracle (Sun) JRE 1.6.0_20: CVE-2010-0886.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 4.1 Windows Update 1
vCenter 4.0 Windows not applicable **
VirtualCenter 2.5 Windows not applicable **
Update Manager 4.1 Windows not applicable **
Update Manager 4.0 Windows not applicable **
Update Manager 1.0 Windows not applicable **
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201101201-SG
ESX 4.0 ESX not applicable **
ESX 3.5 ESX not applicable **
ESX 3.0.3 ESX not applicable **
- hosted products are VMware Workstation, Player, ACE, Fusion. ** this product uses the Oracle (Sun) JRE 1.5.0 family
d. vCenter Update Manager Oracle (Sun) JRE is updated to version 1.5.0_26
Oracle (Sun) JRE update to version 1.5.0_26, which addresses
multiple security issues that existed in earlier releases of
Oracle (Sun) JRE.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following names to the security issues fixed in
Oracle (Sun) JRE 1.5.0_26: CVE-2010-3556, CVE-2010-3566,
CVE-2010-3567, CVE-2010-3550, CVE-2010-3561, CVE-2010-3573,
CVE-2010-3565,CVE-2010-3568, CVE-2010-3569, CVE-2009-3555,
CVE-2010-1321, CVE-2010-3548, CVE-2010-3551, CVE-2010-3562,
CVE-2010-3571, CVE-2010-3554, CVE-2010-3559, CVE-2010-3572,
CVE-2010-3553, CVE-2010-3549, CVE-2010-3557, CVE-2010-3541,
CVE-2010-3574.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 4.1 Windows not applicable **
vCenter 4.0 Windows affected, patch pending
VirtualCenter 2.5 Windows affected, no patch planned
Update Manager 4.1 Windows Update 1
Update Manager 4.0 Windows affected, patch pending
Update Manager 1.0 Windows affected, no patch planned
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX not applicable **
ESX 4.0 ESX affected, patch pending
ESX 3.5 ESX affected, no patch planned
ESX 3.0.3 ESX affected, no patch planned
- hosted products are VMware Workstation, Player, ACE, Fusion. ** this product uses the Oracle (Sun) JRE 1.6.0 family
e. vCenter Server and ESX Apache Tomcat updated to version 6.0.28
Apache Tomcat updated to version 6.0.28, which addresses multiple
security issues that existed in earlier releases of Apache Tomcat
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following names to the security issues fixed in
Apache Tomcat 6.0.24: CVE-2009-2693, CVE-2009-2901, CVE-2009-2902,i
and CVE-2009-3548.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following names to the security issues fixed in
Apache Tomcat 6.0.28: CVE-2010-2227, CVE-2010-1157.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 4.1 Windows Update 1
vCenter 4.0 Windows affected, patch pending
VirtualCenter 2.5 Windows not applicable **
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201101201-SG
ESX 4.0 ESX affected, patch pending
ESX 3.5 ESX not applicable **
ESX 3.0.3 ESX not applicable **
- hosted products are VMware Workstation, Player, ACE, Fusion. ** this product uses the Apache Tomcat 5.5 family
f. vCenter Server third party component OpenSSL updated to version 0.9.8n
The version of the OpenSSL library in vCenter Server is updated to
0.9.8n.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-0740 and CVE-2010-0433 to the
issues addressed in this version of OpenSSL.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 4.1 Windows Update 1
vCenter 4.0 Windows affected, patch pending
VirtualCenter 2.5 Windows affected, no patch planned
hosted * any any not applicable
ESXi any ESXi not applicable
ESX any ESX not applicable
- hosted products are VMware Workstation, Player, ACE, Fusion.
g. ESX third party component OpenSSL updated to version 0.9.8p
The version of the ESX OpenSSL library is updated to 0.9.8p.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-3864 and CVE-2010-2939 to the
issues addressed in this update.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not applicable
hosted * any any not applicable
ESXi 4.1 ESXi ESXi410-201101201-SG
ESXi 4.0 ESXi affected, patch pending
ESXi 3.5 ESXi affected, patch pending
ESX 4.1 ESX ESX410-201101201-SG
ESX 4.0 ESX affected, patch pending
ESX 3.5 ESX affected, patch pending
ESX 3.0.3 ESX affected, patch pending
- hosted products are VMware Workstation, Player, ACE, Fusion.
h. ESXi third party component cURL updated
The version of cURL library in ESXi is updated.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-0734 to the issues addressed in
this update.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi 4.1 ESXi ESXi410-201101201-SG
ESXi 4.0 ESXi affected, patch pending
ESXi 3.5 ESXi affected, patch pending
ESX any ESX not applicable
- hosted products are VMware Workstation, Player, ACE, Fusion.
i. ESX third party component pam_krb5 updated
The version of pam_krb5 library is updated.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2008-3825 and CVE-2009-1384 to the
issues addressed in the update.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201101201-SG
ESX 4.0 ESX not affected
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
- hosted products are VMware Workstation, Player, ACE, Fusion.
j. ESX third party update for Service Console kernel
The Service Console kernel is updated to include kernel version
2.6.18-194.11.1.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-1084, CVE-2010-2066, CVE-2010-2070,
CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, CVE-2010-2524,
CVE-2010-0008, CVE-2010-0415, CVE-2010-0437, CVE-2009-4308,
CVE-2010-0003, CVE-2010-0007, CVE-2010-0307, CVE-2010-1086,
CVE-2010-0410, CVE-2010-0730, CVE-2010-1085, CVE-2010-0291,
CVE-2010-0622, CVE-2010-1087, CVE-2010-1173, CVE-2010-1437,
CVE-2010-1088, CVE-2010-1187, CVE-2010-1436, CVE-2010-1641, and
CVE-2010-3081 to the issues addressed in the update.
Note: This update also addresses the 64-bit compatibility mode
stack pointer underflow issue identified by CVE-2010-3081. This
issue was patched in an ESX 4.1 patch prior to the release of
ESX 4.1 Update 1.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201101201-SG
ESX 4.0 ESX affected, patch pending
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
-
hosted products are VMware Workstation, Player, ACE, Fusion.
-
Solution
Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
VMware vCenter Server 4.1 Update 1 and modules
http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0 Release Notes: http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html
File type: .iso md5sum: 729cf247aa5d33ceec431c86377eee1a sha1sum: c1e10a5fcbc1ae9d13348d43541d574c563d66f0
File type: .zip md5sum: fd1441bef48a153f2807f6823790e2f0 sha1sum: 31737a816ed1c08ab3a505fb6db2483f49ad7c19
VMware vSphere Client File type: .exe md5sum: cb6aa91ada1289575355d79e8c2a9f8e sha1sum: f9e3d8eb83196ae7c31aab554e344a46b722b1e4
ESXi 4.1 Installable Update 1
http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0 Release Notes:
http://downloads.vmware.com/support/vsphere4/doc/vsp_esxi41_u1_rel_notes.html http://kb.vmware.com/kb/1027919
File type: .iso MD5SUM: d68d6c2e040a87cd04cd18c04c22c998 SHA1SUM: bbaacc0d34503822c14f6ccfefb6a5b62d18ae64
ESXi 4.1 Update 1 (upgrade ZIP from ESXi 4.1) File type: .zip MD5SUM: 2f1e009c046b20042fae3b7ca42a840f SHA1SUM: 1c9c644012dec657a705ddd3d033cbfb87a1fab1
ESXi 4.1 Update 1 (upgrade ZIP from ESXi 4.0) File type: .zip MD5SUM: 67b924618d196dafaf268a7691bd1a0f SHA1SUM: 9d74b639e703259d9e49c0341158e0d4e45de516
ESXi 4.1 Update 1 (upgrade ZIP from ESXi 3.5) File type: .zip MD5SUM: a6024b9f6c6b7b2c629696afc6d07cf4 SHA1SUM: b3841de1a30617ac68d5a861882aa72de3a93488
VMware Tools CD image for Linux Guest OSes File type: .iso MD5SUM: dad66fa8ece1dd121c302f45444daa70 SHA1SUM: 56535a2cfa7799607356c6fd0a7d9f041da614af
VMware vSphere Client File type: .exe MD5SUM: cb6aa91ada1289575355d79e8c2a9f8e SHA1SUM: f9e3d8eb83196ae7c31aab554e344a46b722b1e4
ESXi Installable Update 1 contains the following security bulletins: ESXi410-201101201-SG.
ESX 4.1 Update 1
http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0 Release Notes:
http://downloads.vmware.com/support/vsphere4/doc/vsp_esx41_u1_rel_notes.html http://kb.vmware.com/kb/1029353
ESX 4.1 Update 1 (DVD ISO) File type: .iso md5sum: b9a275b419a20c7bedf31c0bf64f504e sha1sum: 2d85edcaca8218013585e1eab00bc80db6d96e11
ESX 4.1 Update 1 (upgrade ZIP from ESX 4.1) File type: .zip md5sum: 2d81a87e994aa2b329036f11d90b4c14 sha1sum: c2bfc0cf7ac03d24afd5049ddbd09a865aad1798
Pre-upgrade package for ESX 4.0 to ESX 4.1 Update 1 File type: .zip md5sum: 75f8cebfd55d8a81deb57c27def963c2 sha1sum: 889c15aa8008fe0e29439d0ab3468c2beb1c4fe2
ESX 4.1 Update 1 (upgrade ZIP from ESX 4.0) File type: .zip md5sum: 1dc9035cd10e7e60d27e7a7aef57b4c2 sha1sum: e6d3fb65d83a3e263d0f634a3572025854ff8922
VMware Tools CD image for Linux Guest OSes File type: .iso md5sum: dad66fa8ece1dd121c302f45444daa70 sha1sum: 56535a2cfa7799607356c6fd0a7d9f041da614af
VMware vSphere Client File type: .exe md5sum: cb6aa91ada1289575355d79e8c2a9f8e sha1sum: f9e3d8eb83196ae7c31aab554e344a46b722b1e4
ESX410-Update01 contains the following security bulletins: ESX410-201101201-SG (COS kernel, pam_krb5, cURL, OpenSSL, Apache Tomcat, Oracle (Sun) JRE) | http://kb.vmware.com/kb/1027904 ESX410-201101226-SG (glibc) | http://kb.vmware.com/kb/1031330
ESX410-Update01 also contains the following non-security bulletins ESX410-201101211-UG, ESX410-201101213-UG, ESX410-201101215-UG, ESX410-201101202-UG, ESX410-201101203-UG, ESX410-201101204-UG, ESX410-201101206-UG, ESX410-201101207-UG, ESX410-201101208-UG, ESX410-201101214-UG, ESX410-201101216-UG, ESX410-201101217-UG, ESX410-201101218-UG, ESX410-201101219-UG, ESX410-201101220-UG, ESX410-201101221-UG, ESX410-201101222-UG, ESX410-201101225-UG.
To install an individual bulletin use esxupdate with the -b option.
- References
CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0085 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0086 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0107 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0106 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2928 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0082 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0084 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0085 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0087 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0088 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0089 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0090 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0091 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0092 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0093 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0837 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0838 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0839 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0840 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0842 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0843 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0844 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0845 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0846 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0848 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0849 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0850 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0886 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2693 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2901 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2902 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1157 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0740 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0433 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3864 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2939 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0734 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3825 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1084 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2066 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2070 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2226 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2521 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2524 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0008 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0437 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4308 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0003 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0007 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0307 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1086 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0410 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0730 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1085 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0291 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0622 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1087 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1173 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1437 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1088 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1436 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1641 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3081 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3556 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3550 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3561 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3573 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3565 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3568 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3548 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3551 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3562 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3554 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3559 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3553 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3549 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3557 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3541 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3574
- Change log
2011-02-10 VMSA-2011-0003 Initial security advisory in conjunction with the release of vCenter Server 4.1 Update 1, vCenter Update Manager 4.1 Update 1, ESXi 4.1 Update 1, and ESX 4.1 Update 1 on 2011-02-10.
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
- security-announce at lists.vmware.com
- bugtraq at securityfocus.com
- full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories http://www.vmware.com/security/advisories
VMware security response policy http://www.vmware.com/support/policies/security_response.html
General support life cycle policy http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html
Copyright 2011 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32)
iEYEARECAAYFAk1U1eoACgkQS2KysvBH1xm3swCfeh4sWvPOubDT1K7QlRj3SjW9 dxYAmwbNLMR9IG/rKZDYh9hqcf4IldCX =2pVj -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-01
http://security.gentoo.org/
Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 09, 2011 Bugs: #303739, #308011, #322575, #332027, #345767, #347623, #354139, #382069 ID: 201110-01
Synopsis
Multiple vulnerabilities were found in OpenSSL, allowing for the execution of arbitrary code and other attacks.
Background
OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/openssl < 1.0.0e >= 1.0.0e
Description
Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.
Impact
A context-dependent attacker could cause a Denial of Service, possibly execute arbitrary code, bypass intended key requirements, force the downgrade to unintended ciphers, bypass the need for knowledge of shared secrets and successfully authenticate, bypass CRL validation, or obtain sensitive information in applications that use OpenSSL.
Workaround
There is no known workaround at this time.
Resolution
All OpenSSL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.0e"
NOTE: This is a legacy GLSA. Updates for all affected architectures are available since September 17, 2011. It is likely that your system is already no longer affected by most of these issues.
References
[ 1 ] CVE-2009-3245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3245 [ 2 ] CVE-2009-4355 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4355 [ 3 ] CVE-2010-0433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0433 [ 4 ] CVE-2010-0740 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0740 [ 5 ] CVE-2010-0742 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0742 [ 6 ] CVE-2010-1633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1633 [ 7 ] CVE-2010-2939 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2939 [ 8 ] CVE-2010-3864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3864 [ 9 ] CVE-2010-4180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4180 [ 10 ] CVE-2010-4252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4252 [ 11 ] CVE-2011-0014 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0014 [ 12 ] CVE-2011-3207 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3207 [ 13 ] CVE-2011-3210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3210
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201110-01.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02079216 Version: 1
HPSBUX02517 SSRT100058 rev.1 - HP-UX Running OpenSSL, Remote Unauthorized Information Disclosure, Unauthorized Data Modification, Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-04-13 Last Updated: 2010-04-13
Potential Security Impact: Remote unauthorized information disclosure, unauthorized data modification, Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities has been identified with HP-UX OpenSSL. These vulnerabilities could be exploited remotely for unauthorized information disclosure, unauthorized data modification, and to create a Denial of Service (DoS). HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL before vA.00.09.08n.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2009-3245 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2009-3555 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 CVE-2009-4355 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-0433 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2010-0740 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided upgrades to resolve these vulnerabilities. The upgrades are available from the following location.
Host / Account / Password
ftp.usa.hp.com / sb02517 / Secure12
HP-UX Release / Depot Name / SHA-1 digest
B.11.11 PA (32 and 64) / OpenSSL_A.00.09.08n.001_HP-UX_B.11.11_32+64.depot / 2FE85DEE859C93F9D02A69666A455E9A7442DC5D
B.11.23 (PA and IA) / OpenSSL_A.00.09.08n.002_HP-UX_B.11.23_IA-PA.depot / 69F9AEE88F89C53FFE6794822F6A843F312384CD
B.11.31 (PA and IA) / OpenSSL_A.00.09.08n.003_HP-UX_B.11.31_IA-PA.depot / 07A205AA57B4BDF98B65D31287CDCBE3B9F011D5
MANUAL ACTIONS: Yes - Update
Install OpenSSL A.00.09.08n or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08n.001 or subsequent
HP-UX B.11.23
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08n.002 or subsequent
HP-UX B.11.31
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08n.003 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) 13 April 2010 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Apache-based Web Server is contained in the Apache Web Server Suite. The upgrades are available from the following location:
URL http://software.hp.com
Note: HP-UX Web Server Suite v3.09 contains HP-UX Apache-based Web Server v2.2.8.09 Note: HP-UX Web Server Suite v2.30 contains HP-UX Apache-based Web Server v2.0.59.15
Web Server Suite Version / HP-UX Release / Depot name
Web Server v3.09 / B.11.23 and B.11.31 PA-32 / HPUXWS22ATW-B309-32.depot
Web Server v3.09 / B.11.23 and B.11.31 IA-64 / HPUXWS22ATW-B309-64.depot
Web Server v2.30 / B.11.11 PA-32 / HPUXWSATW-B230-1111.depot
Web Server v2.30 / B.11.23 PA-32 / HPUXWSATW-B230-32.depot
Web Server v2.30 / B.11.23 IA-64 / HPUXWSATW-B230-64.depot
Web Server v2.30 / B.11.31 IA-32 / HPUXWSATW-B230-32-1131.depot
Web Server v2.30 / B.11.31 IA-64 / HPUXWSATW-B230-64-1131.depot
MANUAL ACTIONS: Yes - Update
Install Apache-based Web Server from the Apache Web Server Suite v2.30 or subsequent or Install Apache-based Web Server from the Apache Web Server Suite v3.09 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check.
Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products.
Update:
Packages for 2009.0 are provided due to the Extended Maintenance Program.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3245 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0740 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0433
Updated Packages:
Mandriva Linux 2009.0: 1f42cf30ee84314be4125a070709d239 2009.0/i586/libopenssl0.9.8-0.9.8h-3.7mdv2009.0.i586.rpm 372bffd962ced1965c33b752def70b8b 2009.0/i586/libopenssl0.9.8-devel-0.9.8h-3.7mdv2009.0.i586.rpm ace965066796e71bf4ecf4af6bc831c5 2009.0/i586/libopenssl0.9.8-static-devel-0.9.8h-3.7mdv2009.0.i586.rpm a6e08ca29b012c695e0763f6fd15fac1 2009.0/i586/openssl-0.9.8h-3.7mdv2009.0.i586.rpm 1e1164ec8615415e325166d13c4248cc 2009.0/SRPMS/openssl-0.9.8h-3.7mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64: f6748700d01abc7e33053e339575cede 2009.0/x86_64/lib64openssl0.9.8-0.9.8h-3.7mdv2009.0.x86_64.rpm b53a75b4c732a3371a3bcd0e8ed47481 2009.0/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.7mdv2009.0.x86_64.rpm 187bff89c19e2d65ccc5c640a32d0cc7 2009.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.7mdv2009.0.x86_64.rpm 1d6f6fca3b51e498359cbbbde07a4a0e 2009.0/x86_64/openssl-0.9.8h-3.7mdv2009.0.x86_64.rpm 1e1164ec8615415e325166d13c4248cc 2009.0/SRPMS/openssl-0.9.8h-3.7mdv2009.0.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFLzKP9mqjQ0CJFipgRAsUVAJkBjISC/NXul8GxUaeiBPsnb6gRNQCgt+ty X3hfPZSWARaTxUmX7P/4FDM= =FrW5 -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it.
Affected versions depend on the C compiler used with OpenSSL:
- If 'short' is a 16-bit integer, this issue applies only to OpenSSL 0.9.8m.
- Otherwise, this issue applies to OpenSSL 0.9.8f through 0.9.8m. If upgrading is not immediately possible, the source code patch provided in this advisory should be applied.
Bodo Moeller and Adam Langley (Google) have identified the vulnerability and prepared the fix.
Patch
--- ssl/s3_pkt.c 24 Jan 2010 13:52:38 -0000 1.57.2.9 +++ ssl/s3_pkt.c 24 Mar 2010 00:00:00 -0000 @@ -291,9 +291,9 @@ if (version != s->version) { SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); - / Send back error using their - * version number :-) / - s->version=version; + if ((s->version & 0xFF00) == (version & 0xFF00)) + / Send back error using their minor version number :-) / + s->version = (unsigned short)version; al=SSL_AD_PROTOCOL_VERSION; goto f_err; }
References
This vulnerability is tracked as CVE-2010-0740.
URL for this Security Advisory: https://www.openssl.org/news/secadv_20100324.txt
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201003-0281", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.8j" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.8m" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.8g" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.8h" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.8k" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.8l" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.8f" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.8i" }, { "model": "vcenter", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "4.1" }, { "model": "aix", "scope": "eq", "trust": 1.1, "vendor": "ibm", "version": "5.3" }, { "model": "virtualcenter", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "2.5" }, { "model": "vcenter", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "4.0" }, { "model": "aix", "scope": "eq", "trust": 1.1, "vendor": "ibm", "version": "6.1" }, { "model": "openssl", "scope": "eq", "trust": 0.8, "vendor": "openssl", "version": "0.9.8f to 0.9.8m" }, { "model": "ace", "scope": null, "trust": 0.8, "vendor": "vmware", "version": null }, { "model": "esx", "scope": null, "trust": 0.8, "vendor": "vmware", "version": null }, { "model": "esxi", "scope": null, "trust": 0.8, "vendor": "vmware", "version": null }, { "model": "fusion", "scope": null, "trust": 0.8, "vendor": "vmware", "version": null }, { "model": "player", "scope": null, "trust": 0.8, "vendor": "vmware", "version": null }, { "model": "workstation", "scope": null, "trust": 0.8, "vendor": "vmware", "version": null }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6 to v10.6.7" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6 to v10.6.7" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.11" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.23" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.31" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "opensolaris build snv 134", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "active management technology sdk", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "2.6" }, { "model": "opensolaris build snv 41", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 104", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 83", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "coat systems blue coat reporter", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "9.2.3.1" }, { "model": "opensolaris build snv 106", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.7" }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.52" }, { "model": "project openssl 0.9.8n", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "opensolaris build snv 131", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 56", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 95", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 38", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "multi network firewall", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "2.0" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "opensolaris build snv 126", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "opensolaris build snv 125", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.6" }, { "model": "vcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.01" }, { "model": "circle", "scope": "ne", "trust": 0.3, "vendor": "voodoo", "version": "1.1.40" }, { "model": "project openssl 0.9.8f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "opensolaris build snv 133", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 54", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 129", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 93", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "5.1" }, { "model": "corporate server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "4.0" }, { "model": "opensolaris build snv 35", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "openbsd", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "4.7" }, { "model": "coat systems blue coat reporter", "scope": "ne", "trust": 0.3, "vendor": "blue", "version": "9.2.4.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.2" }, { "model": "opensolaris build snv 92", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "enterprise server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.55" }, { "model": "big-ip protocol security manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "opensolaris build snv 76", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "opensolaris build snv 130", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "opensolaris build snv 121", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.0" }, { "model": "opensolaris build snv 84", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 101a", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 105", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 99", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 111a", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "active management technology sdk", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "4.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "bigip global traffic manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "opensolaris build snv 87", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "mac os server", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "aix l", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "opensolaris build snv 88", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2008.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "opensolaris build snv 98", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "openbsd", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "4.6" }, { "model": "opensolaris build snv 117", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.0" }, { "model": "opensolaris build snv 58", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 111", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.51" }, { "model": "opensolaris build snv 113", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 100", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2009.0" }, { "model": "opensolaris build snv 124", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 118", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "bigip edge", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "opensolaris build snv 123", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 59", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 49", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "big-ip application security manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "opensolaris build snv 57", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "setup and configuration service", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "5.0" }, { "model": "coat systems blue coat reporter", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "9.1.5.1" }, { "model": "opensolaris build snv 22", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 114", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "opensolaris build snv 112", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 81", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2009.1" }, { "model": "opensolaris build snv 119", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 128", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 103", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "5.1.5" }, { "model": "opensolaris build snv 85", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 19", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 107", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "corporate server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "4.0" }, { "model": "setup and configuration service", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "6.0" }, { "model": "circle xtelnet", "scope": "eq", "trust": 0.3, "vendor": "voodoo", "version": "0.4.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.6" }, { "model": "opensolaris build snv 45", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "project openssl 0.9.8m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.7" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "virtualcenter 2.5.update build", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "31" }, { "model": "opensolaris build snv 96", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 110", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 71", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 78", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "bigip application security manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "opensolaris build snv 108", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 28", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 13", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "active management technology sdk", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "3.0" }, { "model": "opensolaris build snv 132", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "active management technology sdk", "scope": "ne", "trust": 0.3, "vendor": "intel", "version": "6.0" }, { "model": "opensolaris build snv 91", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "vcenter update", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "4.11" }, { "model": "coat systems blue coat reporter", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "8.3.3.1" }, { "model": "circle", "scope": "eq", "trust": 0.3, "vendor": "voodoo", "version": "1.1.39" }, { "model": "openbsd", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "4.5" }, { "model": "opensolaris build snv 36", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 89", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.8" }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.56" }, { "model": "opensolaris", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "0" }, { "model": "opensolaris build snv 47", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 39", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 48", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 64", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "big-ip local traffic manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "circle xtelnet", "scope": "ne", "trust": 0.3, "vendor": "voodoo", "version": "0.4.6" }, { "model": "aix l", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.10" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "opensolaris build snv 94", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 37", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "active management technology sdk", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "5.0" }, { "model": "opensolaris build snv 101", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "coat systems blue coat reporter", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "8.3.7.1" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "opensolaris build snv 122", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 115", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 90", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 68", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "opensolaris build snv 109", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 74", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 67", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 120", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 51", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 50", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 136", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "big-ip wan optimization module", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2008.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "pardus", "version": "20090" }, { "model": "opensolaris build snv 102", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.54" }, { "model": "opensolaris build snv 02", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "project openssl 0.9.8l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.0" }, { "model": "enterprise server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "opensolaris build snv 77", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "aix l", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "opensolaris build snv 61", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 137", "scope": "ne", "trust": 0.3, "vendor": "sun", "version": null }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2009.1" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2009.0" }, { "model": "opensolaris build snv 116", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 127", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.9" }, { "model": "opensolaris build snv 80", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "opensolaris build snv 82", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 135", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 01", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 29", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" } ], "sources": [ { "db": "BID", "id": "39013" }, { "db": "JVNDB", "id": "JVNDB-2010-001227" }, { "db": "CNNVD", "id": "CNNVD-201003-393" }, { "db": "NVD", "id": "CVE-2010-0740" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/o:ibm:aix", "vulnerable": true }, { "cpe22Uri": "cpe:/a:openssl:openssl", "vulnerable": true }, { "cpe22Uri": "cpe:/a:vmware:ace", "vulnerable": true }, { "cpe22Uri": "cpe:/a:vmware:esx", "vulnerable": true }, { "cpe22Uri": "cpe:/a:vmware:esxi", "vulnerable": true }, { "cpe22Uri": "cpe:/a:vmware:fusion", "vulnerable": true }, { "cpe22Uri": "cpe:/a:vmware:player", "vulnerable": true }, { "cpe22Uri": "cpe:/a:vmware:vcenter", "vulnerable": true }, { "cpe22Uri": "cpe:/a:vmware:virtualcenter", "vulnerable": true }, { "cpe22Uri": "cpe:/a:vmware:workstation", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:hp:hp-ux", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-001227" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Bodo Moeller and Adam Langley", "sources": [ { "db": "BID", "id": "39013" } ], "trust": 0.3 }, "cve": "CVE-2010-0740", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2010-0740", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2010-0740", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2010-0740", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201003-393", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2010-0740", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2010-0740" }, { "db": "JVNDB", "id": "JVNDB-2010-001227" }, { "db": "CNNVD", "id": "CNNVD-201003-393" }, { "db": "NVD", "id": "CVE-2010-0740" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information. OpenSSL is prone to a denial-of-service vulnerability caused by a NULL-pointer dereference. \nAn attacker can exploit this issue to crash the affected application, denying service to legitimate users. \nOpenSSL versions 0.9.8f through 0.9.8m are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\n VMware Security Advisory\n\nAdvisory ID: VMSA-2011-0003\nSynopsis: Third party component updates for VMware vCenter\n Server, vCenter Update Manager, ESXi and ESX\nIssue date: 2011-02-10\nUpdated on: 2011-02-10 (initial release of advisory)\nCVE numbers: --- Apache Tomcat ---\n CVE-2009-2693 CVE-2009-2901 CVE-2009-2902\n CVE-2009-3548 CVE-2010-2227 CVE-2010-1157\n --- Apache Tomcat Manager ---\n CVE-2010-2928\n --- cURL ---\n CVE-2010-0734\n --- COS Kernel ---\n CVE-2010-1084 CVE-2010-2066 CVE-2010-2070\n CVE-2010-2226 CVE-2010-2248 CVE-2010-2521\n CVE-2010-2524 CVE-2010-0008 CVE-2010-0415\n CVE-2010-0437 CVE-2009-4308 CVE-2010-0003\n CVE-2010-0007 CVE-2010-0307 CVE-2010-1086\n CVE-2010-0410 CVE-2010-0730 CVE-2010-1085\n CVE-2010-0291 CVE-2010-0622 CVE-2010-1087\n CVE-2010-1173 CVE-2010-1437 CVE-2010-1088\n CVE-2010-1187 CVE-2010-1436 CVE-2010-1641\n CVE-2010-3081\n --- Microsoft SQL Express ---\n CVE-2008-5416 CVE-2008-0085 CVE-2008-0086\n CVE-2008-0107 CVE-2008-0106\n --- OpenSSL ---\n CVE-2010-0740 CVE-2010-0433\n CVE-2010-3864 CVE-2010-2939\n --- Oracle (Sun) JRE ---\n CVE-2009-3555 CVE-2010-0082 CVE-2010-0084\n CVE-2010-0085 CVE-2010-0087 CVE-2010-0088\n CVE-2010-0089 CVE-2010-0090 CVE-2010-0091\n CVE-2010-0092 CVE-2010-0093 CVE-2010-0094\n CVE-2010-0095 CVE-2010-0837 CVE-2010-0838\n CVE-2010-0839 CVE-2010-0840 CVE-2010-0841\n CVE-2010-0842 CVE-2010-0843 CVE-2010-0844\n CVE-2010-0845 CVE-2010-0846 CVE-2010-0847\n CVE-2010-0848 CVE-2010-0849 CVE-2010-0850\n CVE-2010-0886 CVE-2010-3556 CVE-2010-3566\n CVE-2010-3567 CVE-2010-3550 CVE-2010-3561\n CVE-2010-3573 CVE-2010-3565 CVE-2010-3568\n CVE-2010-3569 CVE-2010-1321 CVE-2010-3548\n CVE-2010-3551 CVE-2010-3562 CVE-2010-3571\n CVE-2010-3554 CVE-2010-3559 CVE-2010-3572\n CVE-2010-3553 CVE-2010-3549 CVE-2010-3557\n CVE-2010-3541 CVE-2010-3574\n --- pam_krb5 ---\n CVE-2008-3825 CVE-2009-1384\n- ------------------------------------------------------------------------\n\n1. Summary\n\n Update 1 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere\n Hypervisor (ESXi) 4.1, ESXi 4.1, addresses several security issues. \n\n\n2. Relevant releases\n\n vCenter Server 4.1 without Update 1,\n\n vCenter Update Manager 4.1 without Update 1,\n\n ESXi 4.1 without patch ESXi410-201101201-SG,\n\n ESX 4.1 without patch ESX410-201101201-SG. \n\n\n3. Problem Description\n\n a. vCenter Server and vCenter Update Manager update Microsoft\n SQL Server 2005 Express Edition to Service Pack 3\n\n Microsoft SQL Server 2005 Express Edition (SQL Express)\n distributed with vCenter Server 4.1 Update 1 and vCenter Update\n Manager 4.1 Update 1 is upgraded from SQL Express Service Pack 2\n to SQL Express Service Pack 3, to address multiple security\n issues that exist in the earlier releases of Microsoft SQL Express. \n\n Customers using other database solutions need not update for\n these issues. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2008-5416, CVE-2008-0085, CVE-2008-0086,\n CVE-2008-0107 and CVE-2008-0106 to the issues addressed in MS SQL\n Express Service Pack 3. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter 4.1 Windows Update 1\n vCenter 4.0 Windows affected, patch pending\n VirtualCenter 2.5 Windows affected, no patch planned\n\n Update Manager 4.1 Windows Update 1\n Update Manager 4.0 Windows affected, patch pending\n Update Manager 1.0 Windows affected, no patch planned\n\n hosted * any any not affected\n\n ESXi any ESXi not affected\n\n ESX any ESX not affected\n\n * Hosted products are VMware Workstation, Player, ACE, Fusion. \n\n b. vCenter Apache Tomcat Management Application Credential Disclosure\n\n The Apache Tomcat Manager application configuration file contains\n logon credentials that can be read by unprivileged local users. \n\n The issue is resolved by removing the Manager application in\n vCenter 4.1 Update 1. \n\n If vCenter 4.1 is updated to vCenter 4.1 Update 1 the logon\n credentials are not present in the configuration file after the\n update. \n\n VMware would like to thank Claudio Criscione of Secure Networking\n for reporting this issue to us. \n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2010-2928 to this issue. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter 4.1 Windows Update 1\n vCenter 4.0 Windows not affected\n VirtualCenter 2.5 Windows not affected\n\n hosted * any any not affected\n\n ESXi any ESXi not affected\n\n ESX any ESX not affected\n\n * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n c. vCenter Server and ESX, Oracle (Sun) JRE is updated to version\n 1.6.0_21\n\n Oracle (Sun) JRE update to version 1.6.0_21, which addresses\n multiple security issues that existed in earlier releases of\n Oracle (Sun) JRE. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the following names to the security issues fixed in\n Oracle (Sun) JRE 1.6.0_19: CVE-2009-3555, CVE-2010-0082,\n CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088,\n CVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092,\n CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837,\n CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841,\n CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845,\n CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849,\n CVE-2010-0850. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the following name to the security issue fixed in\n Oracle (Sun) JRE 1.6.0_20: CVE-2010-0886. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter 4.1 Windows Update 1\n vCenter 4.0 Windows not applicable **\n VirtualCenter 2.5 Windows not applicable **\n\n Update Manager 4.1 Windows not applicable **\n Update Manager 4.0 Windows not applicable **\n Update Manager 1.0 Windows not applicable **\n\n\n hosted * any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.1 ESX ESX410-201101201-SG\n ESX 4.0 ESX not applicable **\n ESX 3.5 ESX not applicable **\n ESX 3.0.3 ESX not applicable **\n\n * hosted products are VMware Workstation, Player, ACE, Fusion. \n ** this product uses the Oracle (Sun) JRE 1.5.0 family\n\nd. vCenter Update Manager Oracle (Sun) JRE is updated to version\n 1.5.0_26\n\n Oracle (Sun) JRE update to version 1.5.0_26, which addresses\n multiple security issues that existed in earlier releases of\n Oracle (Sun) JRE. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the following names to the security issues fixed in\n Oracle (Sun) JRE 1.5.0_26: CVE-2010-3556, CVE-2010-3566,\n CVE-2010-3567, CVE-2010-3550, CVE-2010-3561, CVE-2010-3573,\n CVE-2010-3565,CVE-2010-3568, CVE-2010-3569, CVE-2009-3555,\n CVE-2010-1321, CVE-2010-3548, CVE-2010-3551, CVE-2010-3562,\n CVE-2010-3571, CVE-2010-3554, CVE-2010-3559, CVE-2010-3572,\n CVE-2010-3553, CVE-2010-3549, CVE-2010-3557, CVE-2010-3541,\n CVE-2010-3574. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter 4.1 Windows not applicable **\n vCenter 4.0 Windows affected, patch pending\n VirtualCenter 2.5 Windows affected, no patch planned\n\n Update Manager 4.1 Windows Update 1\n Update Manager 4.0 Windows affected, patch pending\n Update Manager 1.0 Windows affected, no patch planned\n\n hosted * any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.1 ESX not applicable **\n ESX 4.0 ESX affected, patch pending\n ESX 3.5 ESX affected, no patch planned\n ESX 3.0.3 ESX affected, no patch planned\n\n * hosted products are VMware Workstation, Player, ACE, Fusion. \n ** this product uses the Oracle (Sun) JRE 1.6.0 family\n\n e. vCenter Server and ESX Apache Tomcat updated to version 6.0.28\n\n Apache Tomcat updated to version 6.0.28, which addresses multiple\n security issues that existed in earlier releases of Apache Tomcat\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the following names to the security issues fixed in\n Apache Tomcat 6.0.24: CVE-2009-2693, CVE-2009-2901, CVE-2009-2902,i\n and CVE-2009-3548. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the following names to the security issues fixed in\n Apache Tomcat 6.0.28: CVE-2010-2227, CVE-2010-1157. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter 4.1 Windows Update 1\n vCenter 4.0 Windows affected, patch pending\n VirtualCenter 2.5 Windows not applicable **\n\n hosted * any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.1 ESX ESX410-201101201-SG\n ESX 4.0 ESX affected, patch pending\n ESX 3.5 ESX not applicable **\n ESX 3.0.3 ESX not applicable **\n\n * hosted products are VMware Workstation, Player, ACE, Fusion. \n ** this product uses the Apache Tomcat 5.5 family\n\n f. vCenter Server third party component OpenSSL updated to version\n 0.9.8n\n\n The version of the OpenSSL library in vCenter Server is updated to\n 0.9.8n. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2010-0740 and CVE-2010-0433 to the\n issues addressed in this version of OpenSSL. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter 4.1 Windows Update 1\n vCenter 4.0 Windows affected, patch pending\n VirtualCenter 2.5 Windows affected, no patch planned\n\n hosted * any any not applicable\n\n ESXi any ESXi not applicable\n\n ESX any ESX not applicable\n\n * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n g. ESX third party component OpenSSL updated to version 0.9.8p\n\n The version of the ESX OpenSSL library is updated to 0.9.8p. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2010-3864 and CVE-2010-2939 to the\n issues addressed in this update. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not applicable\n\n hosted * any any not applicable\n ESXi 4.1 ESXi ESXi410-201101201-SG\n ESXi 4.0 ESXi affected, patch pending\n ESXi 3.5 ESXi affected, patch pending\n\n ESX 4.1 ESX ESX410-201101201-SG\n ESX 4.0 ESX affected, patch pending\n ESX 3.5 ESX affected, patch pending\n ESX 3.0.3 ESX affected, patch pending\n\n * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n h. ESXi third party component cURL updated\n\n The version of cURL library in ESXi is updated. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2010-0734 to the issues addressed in\n this update. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not affected\n\n hosted * any any not affected\n\n ESXi 4.1 ESXi ESXi410-201101201-SG\n ESXi 4.0 ESXi affected, patch pending\n ESXi 3.5 ESXi affected, patch pending\n\n ESX any ESX not applicable\n\n * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n i. ESX third party component pam_krb5 updated\n\n The version of pam_krb5 library is updated. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2008-3825 and CVE-2009-1384 to the\n issues addressed in the update. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not affected\n\n hosted * any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.1 ESX ESX410-201101201-SG\n ESX 4.0 ESX not affected\n ESX 3.5 ESX not affected\n ESX 3.0.3 ESX not affected\n\n * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n j. ESX third party update for Service Console kernel\n\n The Service Console kernel is updated to include kernel version\n 2.6.18-194.11.1. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2010-1084, CVE-2010-2066, CVE-2010-2070,\n CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, CVE-2010-2524,\n CVE-2010-0008, CVE-2010-0415, CVE-2010-0437, CVE-2009-4308,\n CVE-2010-0003, CVE-2010-0007, CVE-2010-0307, CVE-2010-1086,\n CVE-2010-0410, CVE-2010-0730, CVE-2010-1085, CVE-2010-0291,\n CVE-2010-0622, CVE-2010-1087, CVE-2010-1173, CVE-2010-1437,\n CVE-2010-1088, CVE-2010-1187, CVE-2010-1436, CVE-2010-1641, and\n CVE-2010-3081 to the issues addressed in the update. \n\n Note: This update also addresses the 64-bit compatibility mode\n stack pointer underflow issue identified by CVE-2010-3081. This\n issue was patched in an ESX 4.1 patch prior to the release of\n ESX 4.1 Update 1. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not affected\n\n hosted * any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.1 ESX ESX410-201101201-SG\n ESX 4.0 ESX affected, patch pending\n ESX 3.5 ESX not applicable\n ESX 3.0.3 ESX not applicable\n\n * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n\n4. Solution\n\n Please review the patch/release notes for your product and version\n and verify the checksum of your downloaded file. \n\n VMware vCenter Server 4.1 Update 1 and modules\n ----------------------------------------------\n\nhttp://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0\n Release Notes:\n http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html\n\n File type: .iso\n md5sum: 729cf247aa5d33ceec431c86377eee1a\n sha1sum: c1e10a5fcbc1ae9d13348d43541d574c563d66f0\n\n File type: .zip\n md5sum: fd1441bef48a153f2807f6823790e2f0\n sha1sum: 31737a816ed1c08ab3a505fb6db2483f49ad7c19\n\n VMware vSphere Client\n File type: .exe\n md5sum: cb6aa91ada1289575355d79e8c2a9f8e\n sha1sum: f9e3d8eb83196ae7c31aab554e344a46b722b1e4\n\n ESXi 4.1 Installable Update 1\n -----------------------------\n\nhttp://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0\n Release Notes:\n\nhttp://downloads.vmware.com/support/vsphere4/doc/vsp_esxi41_u1_rel_notes.html\n http://kb.vmware.com/kb/1027919\n\n File type: .iso\n MD5SUM: d68d6c2e040a87cd04cd18c04c22c998\n SHA1SUM: bbaacc0d34503822c14f6ccfefb6a5b62d18ae64\n\n ESXi 4.1 Update 1 (upgrade ZIP from ESXi 4.1)\n File type: .zip\n MD5SUM: 2f1e009c046b20042fae3b7ca42a840f\n SHA1SUM: 1c9c644012dec657a705ddd3d033cbfb87a1fab1\n\n ESXi 4.1 Update 1 (upgrade ZIP from ESXi 4.0)\n File type: .zip\n MD5SUM: 67b924618d196dafaf268a7691bd1a0f\n SHA1SUM: 9d74b639e703259d9e49c0341158e0d4e45de516 \t\n\n ESXi 4.1 Update 1 (upgrade ZIP from ESXi 3.5)\n File type: .zip\n MD5SUM: a6024b9f6c6b7b2c629696afc6d07cf4\n SHA1SUM: b3841de1a30617ac68d5a861882aa72de3a93488 \t\n\n VMware Tools CD image for Linux Guest OSes\n File type: .iso\n MD5SUM: dad66fa8ece1dd121c302f45444daa70\n SHA1SUM: 56535a2cfa7799607356c6fd0a7d9f041da614af \t\n\n VMware vSphere Client\n File type: .exe\n MD5SUM: cb6aa91ada1289575355d79e8c2a9f8e\n SHA1SUM: f9e3d8eb83196ae7c31aab554e344a46b722b1e4\n\n ESXi Installable Update 1 contains the following security bulletins:\n ESXi410-201101201-SG. \n\n ESX 4.1 Update 1\n ----------------\n\nhttp://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0\n Release Notes:\n\nhttp://downloads.vmware.com/support/vsphere4/doc/vsp_esx41_u1_rel_notes.html\n http://kb.vmware.com/kb/1029353\n\n ESX 4.1 Update 1 (DVD ISO)\n File type: .iso\n md5sum: b9a275b419a20c7bedf31c0bf64f504e\n sha1sum: 2d85edcaca8218013585e1eab00bc80db6d96e11 \t\n\n ESX 4.1 Update 1 (upgrade ZIP from ESX 4.1)\n File type: .zip\n md5sum: 2d81a87e994aa2b329036f11d90b4c14\n sha1sum: c2bfc0cf7ac03d24afd5049ddbd09a865aad1798 \t\n\n Pre-upgrade package for ESX 4.0 to ESX 4.1 Update 1\n File type: .zip\n md5sum: 75f8cebfd55d8a81deb57c27def963c2\n sha1sum: 889c15aa8008fe0e29439d0ab3468c2beb1c4fe2 \t\n\n ESX 4.1 Update 1 (upgrade ZIP from ESX 4.0)\n File type: .zip\n md5sum: 1dc9035cd10e7e60d27e7a7aef57b4c2\n sha1sum: e6d3fb65d83a3e263d0f634a3572025854ff8922 \t\n\n VMware Tools CD image for Linux Guest OSes\n File type: .iso\n md5sum: dad66fa8ece1dd121c302f45444daa70\n sha1sum: 56535a2cfa7799607356c6fd0a7d9f041da614af \t\n\n VMware vSphere Client\n File type: .exe\n md5sum: cb6aa91ada1289575355d79e8c2a9f8e\n sha1sum: f9e3d8eb83196ae7c31aab554e344a46b722b1e4\n\n ESX410-Update01 contains the following security bulletins:\n ESX410-201101201-SG (COS kernel, pam_krb5, cURL, OpenSSL,\n Apache Tomcat, Oracle (Sun) JRE) | http://kb.vmware.com/kb/1027904\n ESX410-201101226-SG (glibc) | http://kb.vmware.com/kb/1031330\n\n ESX410-Update01 also contains the following non-security bulletins\n ESX410-201101211-UG, ESX410-201101213-UG, ESX410-201101215-UG,\n ESX410-201101202-UG, ESX410-201101203-UG, ESX410-201101204-UG,\n ESX410-201101206-UG, ESX410-201101207-UG, ESX410-201101208-UG,\n ESX410-201101214-UG, ESX410-201101216-UG, ESX410-201101217-UG,\n ESX410-201101218-UG, ESX410-201101219-UG, ESX410-201101220-UG,\n ESX410-201101221-UG, ESX410-201101222-UG, ESX410-201101225-UG. \n\n To install an individual bulletin use esxupdate with the -b option. \n\n\n5. References\n\n CVE numbers\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5416\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0085\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0086\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0107\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0106\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2928\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0082\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0084\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0085\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0087\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0088\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0089\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0090\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0091\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0092\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0093\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0094\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0095\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0837\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0838\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0839\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0840\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0841\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0842\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0843\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0844\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0845\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0846\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0847\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0848\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0849\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0850\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0886\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2693\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2901\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2902\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1157\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0740\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0433\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3864\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2939\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0734\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3825\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1384\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1084\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2066\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2070\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2226\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2248\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2521\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2524\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0008\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0415\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0437\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4308\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0003\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0007\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0307\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1086\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0410\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0730\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1085\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0291\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0622\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1087\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1173\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1437\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1088\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1187\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1436\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1641\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3081\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3556\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3566\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3567\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3550\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3561\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3573\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3565\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3568\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3548\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3551\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3562\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3554\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3559\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3553\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3549\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3557\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3541\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3574\n\n- ------------------------------------------------------------------------\n6. Change log\n\n2011-02-10 VMSA-2011-0003\nInitial security advisory in conjunction with the release of vCenter\nServer 4.1 Update 1, vCenter Update Manager 4.1 Update 1, ESXi 4.1\nUpdate 1, and ESX 4.1 Update 1 on 2011-02-10. \n\n- -----------------------------------------------------------------------\n7. Contact\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n * security-announce at lists.vmware.com\n * bugtraq at securityfocus.com\n * full-disclosure at lists.grok.org.uk\n\nE-mail: security at vmware.com\nPGP key at: http://kb.vmware.com/kb/1055\n\nVMware Security Advisories\nhttp://www.vmware.com/security/advisories\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2011 VMware Inc. All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (MingW32)\n\niEYEARECAAYFAk1U1eoACgkQS2KysvBH1xm3swCfeh4sWvPOubDT1K7QlRj3SjW9\ndxYAmwbNLMR9IG/rKZDYh9hqcf4IldCX\n=2pVj\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201110-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: OpenSSL: Multiple vulnerabilities\n Date: October 09, 2011\n Bugs: #303739, #308011, #322575, #332027, #345767, #347623,\n #354139, #382069\n ID: 201110-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities were found in OpenSSL, allowing for the\nexecution of arbitrary code and other attacks. \n\nBackground\n==========\n\nOpenSSL is an Open Source toolkit implementing the Secure Sockets Layer\n(SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general\npurpose cryptography library. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/openssl \u003c 1.0.0e \u003e= 1.0.0e\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nA context-dependent attacker could cause a Denial of Service, possibly\nexecute arbitrary code, bypass intended key requirements, force the\ndowngrade to unintended ciphers, bypass the need for knowledge of\nshared secrets and successfully authenticate, bypass CRL validation, or\nobtain sensitive information in applications that use OpenSSL. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.0e\"\n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are\navailable since September 17, 2011. It is likely that your system is\nalready no longer affected by most of these issues. \n\nReferences\n==========\n\n[ 1 ] CVE-2009-3245\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3245\n[ 2 ] CVE-2009-4355\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4355\n[ 3 ] CVE-2010-0433\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0433\n[ 4 ] CVE-2010-0740\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0740\n[ 5 ] CVE-2010-0742\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0742\n[ 6 ] CVE-2010-1633\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1633\n[ 7 ] CVE-2010-2939\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2939\n[ 8 ] CVE-2010-3864\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3864\n[ 9 ] CVE-2010-4180\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4180\n[ 10 ] CVE-2010-4252\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4252\n[ 11 ] CVE-2011-0014\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0014\n[ 12 ] CVE-2011-3207\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3207\n[ 13 ] CVE-2011-3210\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3210\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201110-01.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c02079216\nVersion: 1\n\nHPSBUX02517 SSRT100058 rev.1 - HP-UX Running OpenSSL, Remote Unauthorized Information Disclosure, Unauthorized Data Modification, Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2010-04-13\nLast Updated: 2010-04-13\n\nPotential Security Impact: Remote unauthorized information disclosure, unauthorized data modification, Denial of Service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities has been identified with HP-UX OpenSSL. These vulnerabilities could be exploited remotely for unauthorized information disclosure, unauthorized data modification, and to create a Denial of Service (DoS). \nHP-UX B.11.11, B.11.23, B.11.31 running OpenSSL before vA.00.09.08n. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2009-3245 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2009-3555 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4\nCVE-2009-4355 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2010-0433 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2010-0740 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided upgrades to resolve these vulnerabilities. \nThe upgrades are available from the following location. \n\nHost / Account / Password\n\nftp.usa.hp.com / sb02517 / Secure12\n\nHP-UX Release / Depot Name / SHA-1 digest\n\nB.11.11 PA (32 and 64) / OpenSSL_A.00.09.08n.001_HP-UX_B.11.11_32+64.depot /\n 2FE85DEE859C93F9D02A69666A455E9A7442DC5D\n\nB.11.23 (PA and IA) / OpenSSL_A.00.09.08n.002_HP-UX_B.11.23_IA-PA.depot /\n 69F9AEE88F89C53FFE6794822F6A843F312384CD\n\nB.11.31 (PA and IA) / OpenSSL_A.00.09.08n.003_HP-UX_B.11.31_IA-PA.depot /\n 07A205AA57B4BDF98B65D31287CDCBE3B9F011D5\n\nMANUAL ACTIONS: Yes - Update\n\nInstall OpenSSL A.00.09.08n or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.00.09.08n.001 or subsequent\n\nHP-UX B.11.23\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.00.09.08n.002 or subsequent\n\nHP-UX B.11.31\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.00.09.08n.003 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) 13 April 2010 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com\n Subject: get key\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n -verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin\nrelates to is represented by the 5th and 6th characters\nof the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\nCopyright 2009 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Apache-based Web Server is contained in the Apache Web Server Suite. \nThe upgrades are available from the following location:\n\nURL http://software.hp.com\n\nNote: HP-UX Web Server Suite v3.09 contains HP-UX Apache-based Web Server v2.2.8.09\nNote: HP-UX Web Server Suite v2.30 contains HP-UX Apache-based Web Server v2.0.59.15\n\nWeb Server Suite Version / HP-UX Release / Depot name\n\nWeb Server v3.09 / B.11.23 and B.11.31 PA-32 / HPUXWS22ATW-B309-32.depot\n\nWeb Server v3.09 / B.11.23 and B.11.31 IA-64 / HPUXWS22ATW-B309-64.depot\n\nWeb Server v2.30 / B.11.11 PA-32 / HPUXWSATW-B230-1111.depot\n\nWeb Server v2.30 / B.11.23 PA-32 / HPUXWSATW-B230-32.depot\n\nWeb Server v2.30 / B.11.23 IA-64 / HPUXWSATW-B230-64.depot\n\nWeb Server v2.30 / B.11.31 IA-32 / HPUXWSATW-B230-32-1131.depot\n\nWeb Server v2.30 / B.11.31 IA-64 / HPUXWSATW-B230-64-1131.depot\n\nMANUAL ACTIONS: Yes - Update\n\nInstall Apache-based Web Server from the Apache Web Server Suite v2.30 or subsequent\nor\nInstall Apache-based Web Server from the Apache Web Server Suite v3.09 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. \n \n Packages for 2008.0 and 2009.0 are provided due to the Extended\n Maintenance Program for those products. \n\n Update:\n\n Packages for 2009.0 are provided due to the Extended Maintenance\n Program. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3245\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0740\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0433\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2009.0:\n 1f42cf30ee84314be4125a070709d239 2009.0/i586/libopenssl0.9.8-0.9.8h-3.7mdv2009.0.i586.rpm\n 372bffd962ced1965c33b752def70b8b 2009.0/i586/libopenssl0.9.8-devel-0.9.8h-3.7mdv2009.0.i586.rpm\n ace965066796e71bf4ecf4af6bc831c5 2009.0/i586/libopenssl0.9.8-static-devel-0.9.8h-3.7mdv2009.0.i586.rpm\n a6e08ca29b012c695e0763f6fd15fac1 2009.0/i586/openssl-0.9.8h-3.7mdv2009.0.i586.rpm \n 1e1164ec8615415e325166d13c4248cc 2009.0/SRPMS/openssl-0.9.8h-3.7mdv2009.0.src.rpm\n\n Mandriva Linux 2009.0/X86_64:\n f6748700d01abc7e33053e339575cede 2009.0/x86_64/lib64openssl0.9.8-0.9.8h-3.7mdv2009.0.x86_64.rpm\n b53a75b4c732a3371a3bcd0e8ed47481 2009.0/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.7mdv2009.0.x86_64.rpm\n 187bff89c19e2d65ccc5c640a32d0cc7 2009.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.7mdv2009.0.x86_64.rpm\n 1d6f6fca3b51e498359cbbbde07a4a0e 2009.0/x86_64/openssl-0.9.8h-3.7mdv2009.0.x86_64.rpm \n 1e1164ec8615415e325166d13c4248cc 2009.0/SRPMS/openssl-0.9.8h-3.7mdv2009.0.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFLzKP9mqjQ0CJFipgRAsUVAJkBjISC/NXul8GxUaeiBPsnb6gRNQCgt+ty\nX3hfPZSWARaTxUmX7P/4FDM=\n=FrW5\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \n\nAffected versions depend on the C compiler used with OpenSSL:\n\n- If \u0027short\u0027 is a 16-bit integer, this issue applies only to OpenSSL 0.9.8m. \n- Otherwise, this issue applies to OpenSSL 0.9.8f through 0.9.8m. If upgrading is not immediately possible, the\nsource code patch provided in this advisory should be applied. \n\nBodo Moeller and Adam Langley (Google) have identified the vulnerability\nand prepared the fix. \n\n\nPatch\n-----\n\n--- ssl/s3_pkt.c\t24 Jan 2010 13:52:38 -0000\t1.57.2.9\n+++ ssl/s3_pkt.c\t24 Mar 2010 00:00:00 -0000\n@@ -291,9 +291,9 @@\n \t\t\tif (version != s-\u003eversion)\n \t\t\t\t{\n \t\t\t\tSSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);\n-\t\t\t\t/* Send back error using their\n-\t\t\t\t * version number :-) */\n-\t\t\t\ts-\u003eversion=version;\n+ if ((s-\u003eversion \u0026 0xFF00) == (version \u0026 0xFF00))\n+ \t/* Send back error using their minor version number :-) */\n+\t\t\t\t\ts-\u003eversion = (unsigned short)version;\n \t\t\t\tal=SSL_AD_PROTOCOL_VERSION;\n \t\t\t\tgoto f_err;\n \t\t\t\t}\n\n\nReferences\n----------\n\nThis vulnerability is tracked as CVE-2010-0740. \n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20100324.txt\n", "sources": [ { "db": "NVD", "id": "CVE-2010-0740" }, { "db": "JVNDB", "id": "JVNDB-2010-001227" }, { "db": "BID", "id": "39013" }, { "db": "VULMON", "id": "CVE-2010-0740" }, { "db": "PACKETSTORM", "id": "98419" }, { "db": "PACKETSTORM", "id": "105638" }, { "db": "PACKETSTORM", "id": "88387" }, { "db": "PACKETSTORM", "id": "90263" }, { "db": "PACKETSTORM", "id": "88698" }, { "db": "PACKETSTORM", "id": "169649" } ], "trust": 2.52 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=12334", "trust": 0.1, "type": "exploit" } ], "sources": [ { "db": "VULMON", "id": "CVE-2010-0740" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2010-0740", "trust": 3.4 }, { "db": "VUPEN", "id": "ADV-2010-0710", "trust": 2.5 }, { "db": "SECTRACK", "id": "1023748", "trust": 2.5 }, { "db": "VUPEN", "id": "ADV-2010-1216", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2010-0933", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2010-0839", "trust": 1.7 }, { "db": "SECUNIA", "id": "42733", "trust": 1.7 }, { "db": "SECUNIA", "id": "39932", "trust": 1.7 }, { "db": "SECUNIA", "id": "42724", "trust": 1.7 }, { "db": "SECUNIA", "id": "43311", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2010-001227", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2022.0696", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201003-393", "trust": 0.6 }, { "db": "BID", "id": "39013", "trust": 0.3 }, { "db": "EXPLOIT-DB", "id": "12334", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2010-0740", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "98419", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "105638", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "88387", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "90263", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "88698", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169649", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2010-0740" }, { "db": "BID", "id": "39013" }, { "db": "JVNDB", "id": "JVNDB-2010-001227" }, { "db": "PACKETSTORM", "id": "98419" }, { "db": "PACKETSTORM", "id": "105638" }, { "db": "PACKETSTORM", "id": "88387" }, { "db": "PACKETSTORM", "id": "90263" }, { "db": "PACKETSTORM", "id": "88698" }, { "db": "PACKETSTORM", "id": "169649" }, { "db": "CNNVD", "id": "CNNVD-201003-393" }, { "db": "NVD", "id": "CVE-2010-0740" } ] }, "id": "VAR-201003-0281", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.44448256 }, "last_update_date": "2024-09-19T19:42:33.017000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "HT4723", "trust": 0.8, "url": "http://support.apple.com/kb/HT4723" }, { "title": "HPSBUX02517", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02079216" }, { "title": "HPSBUX02531", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02160663" }, { "title": "5092", "trust": 0.8, "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=5092" }, { "title": "5101", "trust": 0.8, "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=5101" }, { "title": "secadv_20100324", "trust": 0.8, "url": "http://www.openssl.org/news/secadv_20100324.txt" }, { "title": "VMSA-2011-0003", "trust": 0.8, "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" }, { "title": "openssl-0.9.8n", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=155" }, { "title": "Debian CVElist Bug Report Logs: CVE-2010-0740: openssl denial-of-service", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=f6760a316bfc017e8e4b03c469542809" }, { "title": "Symantec Security Advisories: SA50 : Multiple SSL/TLS vulnerabilities in Reporter", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=1e934b8269c86666c1ebc108ca0e3d35" }, { "title": "VMware Security Advisories: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=ea953b0a91a1816979ec1d304d5e3d93" }, { "title": "deepdig", "trust": 0.1, "url": "https://github.com/cyberdeception/deepdig " } ], "sources": [ { "db": "VULMON", "id": "CVE-2010-0740" }, { "db": "JVNDB", "id": "JVNDB-2010-001227" }, { "db": "CNNVD", "id": "CNNVD-201003-393" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-001227" }, { "db": "NVD", "id": "CVE-2010-0740" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "http://www.vupen.com/english/advisories/2010/0710" }, { "trust": 2.5, "url": "http://www.securitytracker.com/id?1023748" }, { "trust": 2.0, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc" }, { "trust": 2.0, "url": "https://kb.bluecoat.com/index?page=content\u0026id=sa50" }, { "trust": 1.8, "url": "http://www.openssl.org/news/secadv_20100324.txt" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2010/0839" }, { "trust": 1.7, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-april/038587.html" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2010/0933" }, { "trust": 1.7, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:076" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2010/1216" }, { "trust": 1.7, "url": "http://secunia.com/advisories/39932" }, { "trust": 1.7, "url": "http://secunia.com/advisories/42733" }, { "trust": 1.7, "url": "http://secunia.com/advisories/42724" }, { "trust": 1.7, "url": "http://www.vmware.com/security/advisories/vmsa-2011-0003.html" }, { "trust": 1.7, "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" }, { "trust": 1.7, "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-january/000101.html" }, { "trust": 1.7, "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-january/000102.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/43311" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce/2011//jun/msg00000.html" }, { "trust": 1.7, "url": "http://support.apple.com/kb/ht4723" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=127557640302499\u0026w=2" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11731" }, { "trust": 1.7, "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" }, { "trust": 1.0, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0740" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu976710" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0740" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0696" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0740" }, { "trust": 0.3, "url": "http://blogs.sun.com/security/entry/cve_2010_0433_openssl_with" }, { "trust": 0.3, "url": "http://www.openbsd.org/errata45.html" }, { "trust": 0.3, "url": "http://www.openbsd.org/errata46.html" }, { "trust": 0.3, "url": "http://www.openbsd.org/errata47.html" }, { "trust": 0.3, "url": "http://www.openssl.org" }, { "trust": 0.3, "url": "http://security-center.intel.com/advisory.aspx?intelid=intel-sa-00024\u0026languageid=en-fr" }, { "trust": 0.3, "url": "/archive/1/510726" }, { "trust": 0.3, "url": "http://voodoo-circle.sourceforge.net/sa/sa-20100624-02.html" }, { "trust": 0.3, "url": "https://support.f5.com/kb/en-us/solutions/public/11000/500/sol11504.html" }, { "trust": 0.3, "url": "https://support.f5.com/kb/en-us/solutions/public/11000/500/sol11533.html" }, { "trust": 0.3, "url": "http://openssl.org/news/secadv_20100324.txt" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3245" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0433" }, { "trust": 0.2, "url": "http://secunia.com/" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3555" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0433" }, { "trust": 0.2, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-4355" }, { "trust": 0.2, "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do" }, { "trust": 0.2, "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc" }, { "trust": 0.2, "url": "https://www.hp.com/go/swa" }, { "trust": 0.2, "url": "http://h30046.www3.hp.com/subsignin.php" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=20139" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.exploit-db.com/exploits/12334/" }, { "trust": 0.1, "url": "https://github.com/cyberdeception/deepdig" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3556" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0086" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0085" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1086" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0730" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1088" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1027919" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2939" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1055" }, { "trust": 0.1, "url": "http://downloads.vmware.com/support/vsphere4/doc/vsp_esxi41_u1_rel_notes.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3571" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0095" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0307" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0092" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0093" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3548" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1031330" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3554" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3562" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0088" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0084" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0091" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0089" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3557" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3550" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0085" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1384" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3567" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0838" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0086" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0003" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0837" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3553" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0106" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/eos_vi.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2227" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0107" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2902" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2901" }, { "trust": 0.1, "url": "http://downloads.vmware.com/support/vsphere4/doc/vsp_esx41_u1_rel_notes.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1085" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0091" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0841" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0840" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0291" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2248" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0415" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3561" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3541" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3559" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3565" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1027904" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0107" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0093" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0842" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/eos.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0082" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3574" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0886" }, { "trust": 0.1, "url": "http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0734" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1157" }, { "trust": 0.1, "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0094" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0007" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0850" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2524" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0839" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1087" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0622" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0090" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-3825" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3573" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1084" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-5416" }, { "trust": 0.1, "url": "http://www.vmware.com/security/advisories" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1384" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0008" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0088" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0849" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2070" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4308" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3549" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3548" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2693" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-4308" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0007" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3568" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/security_response.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0084" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5416" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3864" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3825" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0410" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1321" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3572" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0092" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1437" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0003" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0094" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3566" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0847" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0082" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0437" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0844" }, { "trust": 0.1, "url": "http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3548" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2066" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0089" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2902" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0087" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0087" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1436" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2693" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1029353" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0085" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0846" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2226" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1173" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0008" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1641" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2928" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0106" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0845" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0848" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0095" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1187" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2521" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3569" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0085" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0090" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2901" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3081" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3551" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0843" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0742" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-4355" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4180" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3207" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3864" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2939" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1633" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3210" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0740" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201110-01.xml" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3245" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0433" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0014" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4252" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3095" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0434" }, { "trust": 0.1, "url": "http://software.hp.com" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3094" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0408" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/advisories" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3245" } ], "sources": [ { "db": "VULMON", "id": "CVE-2010-0740" }, { "db": "BID", "id": "39013" }, { "db": "JVNDB", "id": "JVNDB-2010-001227" }, { "db": "PACKETSTORM", "id": "98419" }, { "db": "PACKETSTORM", "id": "105638" }, { "db": "PACKETSTORM", "id": "88387" }, { "db": "PACKETSTORM", "id": "90263" }, { "db": "PACKETSTORM", "id": "88698" }, { "db": "PACKETSTORM", "id": "169649" }, { "db": "CNNVD", "id": "CNNVD-201003-393" }, { "db": "NVD", "id": "CVE-2010-0740" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2010-0740" }, { "db": "BID", "id": "39013" }, { "db": "JVNDB", "id": "JVNDB-2010-001227" }, { "db": "PACKETSTORM", "id": "98419" }, { "db": "PACKETSTORM", "id": "105638" }, { "db": "PACKETSTORM", "id": "88387" }, { "db": "PACKETSTORM", "id": "90263" }, { "db": "PACKETSTORM", "id": "88698" }, { "db": "PACKETSTORM", "id": "169649" }, { "db": "CNNVD", "id": "CNNVD-201003-393" }, { "db": "NVD", "id": "CVE-2010-0740" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2010-03-26T00:00:00", "db": "VULMON", "id": "CVE-2010-0740" }, { "date": "2010-03-24T00:00:00", "db": "BID", "id": "39013" }, { "date": "2010-04-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-001227" }, { "date": "2011-02-11T13:13:00", "db": "PACKETSTORM", "id": "98419" }, { "date": "2011-10-09T16:42:00", "db": "PACKETSTORM", "id": "105638" }, { "date": "2010-04-15T22:26:05", "db": "PACKETSTORM", "id": "88387" }, { "date": "2010-06-04T04:25:14", "db": "PACKETSTORM", "id": "90263" }, { "date": "2010-04-20T15:07:58", "db": "PACKETSTORM", "id": "88698" }, { "date": "2010-03-24T12:12:12", "db": "PACKETSTORM", "id": "169649" }, { "date": "2010-03-26T00:00:00", "db": "CNNVD", "id": "CNNVD-201003-393" }, { "date": "2010-03-26T18:30:00.467000", "db": "NVD", "id": "CVE-2010-0740" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-10-10T00:00:00", "db": "VULMON", "id": "CVE-2010-0740" }, { "date": "2015-04-13T22:05:00", "db": "BID", "id": "39013" }, { "date": "2011-06-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-001227" }, { "date": "2023-04-27T00:00:00", "db": "CNNVD", "id": "CNNVD-201003-393" }, { "date": "2023-11-07T02:05:08.907000", "db": "NVD", "id": "CVE-2010-0740" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "88698" }, { "db": "CNNVD", "id": "CNNVD-201003-393" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL of ssl3_get_record Service disruption in functions (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-001227" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201003-393" } ], "trust": 0.6 } }
var-200906-0603
Vulnerability from variot
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request. Apache Tomcat is prone to a remote information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. The following versions of Apache Tomcat are vulnerable: 6.0.0-6.0.18 5.5.0-5.5.27 4.1.0-4.1.39.
References: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783, CVE-2009-2693, CVE-2009-2902, CVE-2009-3548, CVE-2010-1157, CVE-2010-2227, CVE-2010-3718, CVE-2010-4476, CVE-2011-0013, CVE-2011-1184, CVE-2011-2204, CVE-2011-2526, CVE-2011-2729, CVE-2011-3190, CVE-2011-4858, CVE-2012-0022, CVE-2012-5885. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Modification, Denial of Service (DoS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02515878 Version: 1
HPSBUX02579 SSRT100203 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Unauthorized
Modification, Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-11-23 Last Updated: 2010-11-23
Potential Security Impact: Remote information disclosure, unauthorized modification, or Denial of Service (DoS).
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX Apache Running Tomcat Servlet Engine. These
vulnerabilities could be exploited remotely to disclose information, allows unauthorized modification, or create a Denial
of Service (DoS). The Tomcat-based Servlet Engine is contained in the HP-UX Apache Web Server Suite.
References: CVE-2010-2227, CVE-2010-1157, CVE-2009-0783, CVE-2009-0781, CVE-2009-0580, CVE-2009-0033, CVE-2008-5515
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.12 or earlier
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2010-2227 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2010-1157 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2009-0783 (AV:L/AC:L/Au:N/C:P/I:P/A:N) 3.6 CVE-2009-0781 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-0580 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2009-0033 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2008-5515 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following software updates to resolve the vulnerabilities. The updates are available for download from http://software.hp.com Note: HP-UX Web Server Suite v3.13 contains HP-UX Tomcat-based Servlet Engine v5.5.30.01
Web Server Suite Version / Apache Depot name
HP-UX Web Server Suite v.3.13 HPUXWS22ATW-B313-32.depot
HPUXWS22ATW-B313-64.depot
MANUAL ACTIONS: Yes - Update Install HP-UX Web Server Suite v3.13 or subsequent.
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX Web Server Suite
HP-UX B.11.23 HP-UX B.11.31 ================== hpuxws22TOMCAT.TOMCAT action: install revision B.5.5.30.01 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) - 23 November 2010 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2010 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkzsg8IACgkQ4B86/C0qfVlFEQCg1wPaYQ84EkeiOjNAkrLGPVnQ 1aQAoK/qC5XheL13hyynXvA/jfWdKwQ0 =jKnI -----END PGP SIGNATURE----- .
For the oldstable distribution (lenny), this problem has been fixed in version 5.5.26-5lenny2.
The stable distribution (squeeze) no longer contains tomcat5.5. tomcat6 is already fixed.
The unstable distribution (sid) no longer contains tomcat5.5. tomcat6 is already fixed. =========================================================== Ubuntu Security Notice USN-788-1 June 15, 2009 tomcat6 vulnerabilities CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.10 Ubuntu 9.04
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 8.10: libtomcat6-java 6.0.18-0ubuntu3.2 tomcat6-examples 6.0.18-0ubuntu3.2
Ubuntu 9.04: libtomcat6-java 6.0.18-0ubuntu6.1 tomcat6-examples 6.0.18-0ubuntu6.1
In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
Iida Minehiko discovered that Tomcat did not properly normalise paths. A remote attacker could send specially crafted requests to the server and bypass security restrictions, gaining access to sensitive content. (CVE-2008-5515)
Yoshihito Fukuyama discovered that Tomcat did not properly handle errors when the Java AJP connector and mod_jk load balancing are used. A remote attacker could send specially crafted requests containing invalid headers to the server and cause a temporary denial of service. (CVE-2009-0033)
D. Matscheko and T. Hackner discovered that Tomcat did not properly handle malformed URL encoding of passwords when FORM authentication is used. A remote attacker could exploit this in order to enumerate valid usernames. (CVE-2009-0580)
Deniz Cevik discovered that Tomcat did not properly escape certain parameters in the example calendar application which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. (CVE-2009-0781)
Philippe Prados discovered that Tomcat allowed web applications to replace the XML parser used by other web applications. Local users could exploit this to bypass security restrictions and gain access to certain sensitive files. (CVE-2009-0783)
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu3.2.diff.gz
Size/MD5: 22010 87c6105cd78ea5a8dbf62054fc4ba0aa
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu3.2.dsc
Size/MD5: 1378 823c008ffc927c0f3f5686fc6f5188d0
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18.orig.tar.gz
Size/MD5: 3484249 9bdbb1c1d79302c80057a70b18fe6721
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.18-0ubuntu3.2_all.deb
Size/MD5: 174164 dd24331b2709bd6641b4055d0b052eae
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.18-0ubuntu3.2_all.deb
Size/MD5: 2961944 63c8c3e0300ed70a240b79ddd3299efb
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.18-0ubuntu3.2_all.deb
Size/MD5: 37370 b9b1bd6dc9cfb52107811295401c09e4
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.18-0ubuntu3.2_all.deb
Size/MD5: 53488 5006e5c394ec815f6d36c335d9f0abaf
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.18-0ubuntu3.2_all.deb
Size/MD5: 714516 768cacbb74453b1a2a49e55d61b7bedd
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.18-0ubuntu3.2_all.deb
Size/MD5: 419180 0663de0611fb9792d44aebad8aa24cc4
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.18-0ubuntu3.2_all.deb
Size/MD5: 18612 95544319007f1f90321469c5d314c72e
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu3.2_all.deb
Size/MD5: 24156 9f4d7a0671e9330ff2fa1a1c13a20c58
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.1.diff.gz
Size/MD5: 24779 221e0f51259495fd01da2a6b67358b17
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.1.dsc
Size/MD5: 1411 e3bac3c39b2e6db3267699a533b17add
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18.orig.tar.gz
Size/MD5: 3484249 9bdbb1c1d79302c80057a70b18fe6721
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java-doc_6.0.18-0ubuntu6.1_all.deb
Size/MD5: 246196 54e990e7893923b8b6df4bcce9f3ba22
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.18-0ubuntu6.1_all.deb
Size/MD5: 172500 abf989790a45def65d5de9a7f9b010df
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.18-0ubuntu6.1_all.deb
Size/MD5: 2846254 c1c0180751500ce58c51b97de9f2d6d9
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.18-0ubuntu6.1_all.deb
Size/MD5: 37874 e7d401faba215af22ecff31b4a675fad
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.18-0ubuntu6.1_all.deb
Size/MD5: 53184 194153ab21adac9a47baaf92ea8d2acb
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.18-0ubuntu6.1_all.deb
Size/MD5: 714212 d52e9abc75108a8f059346e09d47b511
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.18-0ubuntu6.1_all.deb
Size/MD5: 418316 3a7110c9da4bd72a7019cbb75651da73
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.18-0ubuntu6.1_all.deb
Size/MD5: 20520 ea5e54c91e7055e281d61e63f0e140f2
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.1_all.deb
Size/MD5: 24952 ec80f910d6c8e606c090ba8dd737bc4c
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201206-24
http://security.gentoo.org/
Severity: Normal Title: Apache Tomcat: Multiple vulnerabilities Date: June 24, 2012 Bugs: #272566, #273662, #303719, #320963, #329937, #373987, #374619, #382043, #386213, #396401, #399227 ID: 201206-24
Synopsis
Multiple vulnerabilities were found in Apache Tomcat, the worst of which allowing to read, modify and overwrite arbitrary files.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/tomcat < 5.5.34 >= 6.0.35 *< 6.0.35 >= 7.0.23 < 7.0.23
Description
Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details.
Impact
The vulnerabilities allow an attacker to cause a Denial of Service, to hijack a session, to bypass authentication, to inject webscript, to enumerate valid usernames, to read, modify and overwrite arbitrary files, to bypass intended access restrictions, to delete work-directory files, to discover the server's hostname or IP, to bypass read permissions for files or HTTP headers, to read or write files outside of the intended working directory, and to obtain sensitive information by reading a log file.
Workaround
There is no known workaround at this time.
Resolution
All Apache Tomcat 6.0.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-6.0.35"
All Apache Tomcat 7.0.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-7.0.23"
References
[ 1 ] CVE-2008-5515 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5515 [ 2 ] CVE-2009-0033 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0033 [ 3 ] CVE-2009-0580 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0580 [ 4 ] CVE-2009-0781 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0781 [ 5 ] CVE-2009-0783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0783 [ 6 ] CVE-2009-2693 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2693 [ 7 ] CVE-2009-2901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2901 [ 8 ] CVE-2009-2902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2902 [ 9 ] CVE-2010-1157 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1157 [ 10 ] CVE-2010-2227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2227 [ 11 ] CVE-2010-3718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3718 [ 12 ] CVE-2010-4172 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4172 [ 13 ] CVE-2010-4312 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4312 [ 14 ] CVE-2011-0013 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0013 [ 15 ] CVE-2011-0534 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0534 [ 16 ] CVE-2011-1088 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1088 [ 17 ] CVE-2011-1183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1183 [ 18 ] CVE-2011-1184 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1184 [ 19 ] CVE-2011-1419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1419 [ 20 ] CVE-2011-1475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1475 [ 21 ] CVE-2011-1582 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1582 [ 22 ] CVE-2011-2204 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2204 [ 23 ] CVE-2011-2481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2481 [ 24 ] CVE-2011-2526 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2526 [ 25 ] CVE-2011-2729 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2729 [ 26 ] CVE-2011-3190 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3190 [ 27 ] CVE-2011-3375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3375 [ 28 ] CVE-2011-4858 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4858 [ 29 ] CVE-2011-5062 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5062 [ 30 ] CVE-2011-5063 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5063 [ 31 ] CVE-2011-5064 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5064 [ 32 ] CVE-2012-0022 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0022
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201206-24.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 .
The calendar application in the examples web application contains an XSS flaw due to invalid HTML which renders the XSS filtering protection ineffective (CVE-2009-0781).
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783 http://tomcat.apache.org/security-5.html
Updated Packages:
Mandriva Enterprise Server 5: eeaa9d6a2b616db100f1e206bb06b2d6 mes5/i586/tomcat5-5.5.27-0.3.0.2mdvmes5.noarch.rpm a641e0f379b1c37a1475b8528a6d8ecf mes5/i586/tomcat5-admin-webapps-5.5.27-0.3.0.2mdvmes5.noarch.rpm 743727d3628613d6968850ffd1ae092d mes5/i586/tomcat5-common-lib-5.5.27-0.3.0.2mdvmes5.noarch.rpm c9e66f0251d48d08f1df2dbca1973aad mes5/i586/tomcat5-jasper-5.5.27-0.3.0.2mdvmes5.noarch.rpm 0fcaf3a02861505fd8afec7c94344b34 mes5/i586/tomcat5-jasper-eclipse-5.5.27-0.3.0.2mdvmes5.noarch.rpm 6b013f381aad7eec77f82021fa897bb1 mes5/i586/tomcat5-jasper-javadoc-5.5.27-0.3.0.2mdvmes5.noarch.rpm 56a14766bd5d56beaf05914442329b8e mes5/i586/tomcat5-jsp-2.0-api-5.5.27-0.3.0.2mdvmes5.noarch.rpm 6244961329d56d9854c27fb643180af7 mes5/i586/tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.2mdvmes5.noarch.rpm 389011360b165d51ed7bb760aed77fef mes5/i586/tomcat5-server-lib-5.5.27-0.3.0.2mdvmes5.noarch.rpm 644fdfef4854b94a6a645b4a5df19430 mes5/i586/tomcat5-servlet-2.4-api-5.5.27-0.3.0.2mdvmes5.noarch.rpm 69601123fe318d20c8e050fb294563a4 mes5/i586/tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.2mdvmes5.noarch.rpm 19cbeea920983a8ba6a9f739c13f1162 mes5/i586/tomcat5-webapps-5.5.27-0.3.0.2mdvmes5.noarch.rpm 30f1fc3e67154e56ba2fe78c7f17cf02 mes5/SRPMS/tomcat5-5.5.27-0.3.0.2mdvmes5.src.rpm
Mandriva Enterprise Server 5/X86_64: c25b7d09498779d75041bc7f613130a0 mes5/x86_64/tomcat5-5.5.27-0.3.0.2mdvmes5.noarch.rpm d7674924e3c8b7c84e5024869c1b69a3 mes5/x86_64/tomcat5-admin-webapps-5.5.27-0.3.0.2mdvmes5.noarch.rpm 84d805f41359b28390638787cfc06d12 mes5/x86_64/tomcat5-common-lib-5.5.27-0.3.0.2mdvmes5.noarch.rpm 8d7ed6ceffa3cc3f03a8a7abd05c470b mes5/x86_64/tomcat5-jasper-5.5.27-0.3.0.2mdvmes5.noarch.rpm 4f1b9387b5c5e77fcac86104815ae33a mes5/x86_64/tomcat5-jasper-eclipse-5.5.27-0.3.0.2mdvmes5.noarch.rpm 23350f016f88897bd966721c156c7c73 mes5/x86_64/tomcat5-jasper-javadoc-5.5.27-0.3.0.2mdvmes5.noarch.rpm 0e187a53ffadf553705425de115e48e6 mes5/x86_64/tomcat5-jsp-2.0-api-5.5.27-0.3.0.2mdvmes5.noarch.rpm 50b42a84acf2b2d989655c2f7dd5ae1f mes5/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.2mdvmes5.noarch.rpm 16ca5f053c9221b48aea5e73ce7b6a06 mes5/x86_64/tomcat5-server-lib-5.5.27-0.3.0.2mdvmes5.noarch.rpm cf3d9d6d4cc876aef1fcbbf1b7d53950 mes5/x86_64/tomcat5-servlet-2.4-api-5.5.27-0.3.0.2mdvmes5.noarch.rpm 32f514581f311783fc5a673231558567 mes5/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.2mdvmes5.noarch.rpm d21b39762b5a108dacdaf58a91ce5dac mes5/x86_64/tomcat5-webapps-5.5.27-0.3.0.2mdvmes5.noarch.rpm 30f1fc3e67154e56ba2fe78c7f17cf02 mes5/SRPMS/tomcat5-5.5.27-0.3.0.2mdvmes5.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD4DBQFKbyKZmqjQ0CJFipgRAsjOAJ46WIT6KshXhK11pw/dmFR3Vuz5OQCYzzQM 8kHZGORcpqDWK1qWCdiY9A== =XhQl -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200906-0603", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "tomcat", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "4.1.22" }, { "model": "tomcat", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "4.1.18" }, { "model": "tomcat", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "4.1.17" }, { "model": "tomcat", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "4.1.23" }, { "model": "tomcat", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "4.1.20" }, { "model": "tomcat", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "4.1.26" }, { "model": "tomcat", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "4.1.19" }, { "model": "tomcat", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "4.1.25" }, { "model": "tomcat", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "4.1.21" }, { "model": "tomcat", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "4.1.2" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "6.0.18" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "6.0.16" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "6.0.15" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "6.0.14" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "6.0.13" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "6.0.12" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "6.0.10" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "6.0.9" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "6.0.7" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "6.0.6" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "6.0.5" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "6.0.4" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "6.0.3" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "6.0.2" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "6.0.1" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "6.0" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.27" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.26" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.25" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.24" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.23" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.22" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.21" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.20" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.19" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.18" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.17" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.16" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.15" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.14" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.13" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.12" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.11" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.10" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.2" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.1" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.39" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.38" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.37" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.36" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.35" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.34" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.32" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.31" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.30" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.29" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.28" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.24" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.12" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.10" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.3" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.0" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "5.5.3" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "5.5.9" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.27" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "5.5.0" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "5.5.6" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.16" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "5.5.7" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.15" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.0" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "5.5.4" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.13" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.33" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.1" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.17" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.11" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "5.5.8" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.14" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "5.5.5" }, { "model": "virtualcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.0.2" }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.55" }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.52" }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.51" }, { "model": "virtualcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5" }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.0.25" }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.0.24" }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.0.23" }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.0.22" }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.0.21" }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.0.2" }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.0.1" }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.0" }, { "model": "esx server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.0.3" }, { "model": "esx server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.0.2" }, { "model": "esx server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.0.1" }, { "model": "esx server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.0" }, { "model": "esx server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "esx server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.5" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.04" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.04" }, { "model": "linux lpia", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.04" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.04" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.04" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.10" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.10" }, { "model": "linux lpia", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.10" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.10" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.10" }, { "model": "linux enterprise server", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "solaris 9 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "solaris 9 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "solaris 10 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "solaris 10 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 99", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 96", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 95", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 94", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 93", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 92", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 91", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 90", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 89", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 88", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 87", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 85", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 84", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 83", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 82", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 81", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 80", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 78", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 77", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 76", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 68", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 67", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 64", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 61", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 59", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 58", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 57", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 54", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 50", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 49", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 47", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 45", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 41", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 39", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 36", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 29", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 22", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 19", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 13", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 117", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 116", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 115", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 114", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 113", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 112", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 111a", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 111", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 110", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 109", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 108", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 107", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 106", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 105", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 104", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 103", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 102", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 101a", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 101", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 100", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 02", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 01", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.1" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.0" }, { "model": "blackberry enterprise server for novell groupwise", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "5.0.1" }, { "model": "blackberry enterprise server for novell groupwise", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "4.1.7" }, { "model": "blackberry enterprise server for novell groupwise", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "4.1.4" }, { "model": "blackberry enterprise server for exchange mr1", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "5.0.2" }, { "model": "blackberry enterprise server for exchange", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "5.0.2" }, { "model": "blackberry enterprise server for exchange", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "5.0.1" }, { "model": "blackberry enterprise server for exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "5.0" }, { "model": "blackberry enterprise server for exchange", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "5.0" }, { "model": "blackberry enterprise server for exchange", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "4.1.7" }, { "model": "blackberry enterprise server for exchange", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "4.1.4" }, { "model": "blackberry enterprise server for domino mr1", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "5.0.2" }, { "model": "blackberry enterprise server for domino", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "4.1.4" }, { "model": "blackberry enterprise server express for exchange mr1", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "5.0.2" }, { "model": "blackberry enterprise server express for exchange", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "5.0.2" }, { "model": "blackberry enterprise server express for exchange", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "5.0.1" }, { "model": "blackberry enterprise server express for exchange", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "4.1.4" }, { "model": "blackberry enterprise server express for domino mr1", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "5.0.2" }, { "model": "blackberry enterprise server express for domino", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "5.0.2" }, { "model": "blackberry enterprise server express for domino", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "4.1.4" }, { "model": "red hat network satellite (for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4)5.1" }, { "model": "network satellite", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "45.3" }, { "model": "network satellite", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "45.2" }, { "model": "jboss enterprise web server el4", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "0" }, { "model": "jboss enterprise web server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5.0" }, { "model": "jboss enterprise application platform el5", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4.3" }, { "model": "jboss enterprise application platform el4", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4.3" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4.3" }, { "model": "jboss enterprise application platform el5", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4.2" }, { "model": "jboss enterprise application platform el4", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4.2" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4.2" }, { "model": "enterprise linux eus 5.3.z server", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "enterprise linux desktop workstation client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "developer suite as4", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3" }, { "model": "certificate server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7.3" }, { "model": "application server ws4", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2" }, { "model": "application server es4", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2" }, { "model": "application server as4", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2009.1" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2009.1" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2009.0" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2009.0" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2008.0" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2008.0" }, { "model": "enterprise server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "enterprise server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "tivoli netcool/webtop fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.19" }, { "model": "tivoli netcool/webtop fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.15" }, { "model": "tivoli netcool/webtop fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.14" }, { "model": "tivoli netcool/webtop", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "rational quality manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "performance manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.21" }, { "model": "performance manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.20" }, { "model": "performance manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.10" }, { "model": "hp-ux web server suite", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.22" }, { "model": "hp-ux web server suite", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.21" }, { "model": "hp-ux web server suite", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.18" }, { "model": "hp-ux web server suite", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.17" }, { "model": "hp-ux web server suite", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.12" }, { "model": "hp-ux web server suite", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.10" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage business application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.0" }, { "model": "interstage apworks modelers-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage apworks modelers-j edition 6.0a", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks modelers-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.1" }, { "model": "interstage application server standard-j edition a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.1" }, { "model": "interstage application server enterprise edition a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux mipsel", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux m68k", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux hppa", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux armel", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux alpha", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "coat systems intelligence center", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "3.2.1" }, { "model": "coat systems intelligence center", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "3.1.2" }, { "model": "coat systems intelligence center", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "3.1.1" }, { "model": "coat systems intelligence center", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "2.1.2" }, { "model": "coat systems intelligence center", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "2.1.1" }, { "model": "coat systems intelligence center", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "2.1" }, { "model": "coat systems intelligence center", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "2.0.1" }, { "model": "coat systems intelligence center", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "2.0" }, { "model": "coat systems intelligence center", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "3.2" }, { "model": "coat systems intelligence center", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "3.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.8" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.11" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.8" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5" }, { "model": "tomcat beta", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "4.1.3" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "4.1" }, { "model": "virtualcenter update", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "2.56" }, { "model": "vcenter update", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "4.01" }, { "model": "opensolaris build snv 118", "scope": "ne", "trust": 0.3, "vendor": "sun", "version": null }, { "model": "tivoli netcool/webtop fix pack", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.110" }, { "model": "rational quality manager", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.0.1" }, { "model": "hp-ux web server suite", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "3.13" }, { "model": "coat systems intelligence center", "scope": "ne", "trust": 0.3, "vendor": "blue", "version": "3.2.2.1" }, { "model": "mac os server", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "tomcat", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "6.0.20" }, { "model": "tomcat", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "5.5.28" }, { "model": "tomcat", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "4.1.40" } ], "sources": [ { "db": "BID", "id": "35263" }, { "db": "CNNVD", "id": "CNNVD-200906-265" }, { "db": "NVD", "id": "CVE-2008-5515" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Iida Minehiko", "sources": [ { "db": "CNNVD", "id": "CNNVD-200906-265" } ], "trust": 0.6 }, "cve": "CVE-2008-5515", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2008-5515", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.1, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2008-5515", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-200906-265", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2008-5515", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2008-5515" }, { "db": "CNNVD", "id": "CNNVD-200906-265" }, { "db": "NVD", "id": "CVE-2008-5515" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request. Apache Tomcat is prone to a remote information-disclosure vulnerability. \nAttackers can exploit this issue to obtain sensitive information that may lead to further attacks. \nThe following versions of Apache Tomcat are vulnerable:\n6.0.0-6.0.18\n5.5.0-5.5.27\n4.1.0-4.1.39. \n\nReferences: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781,\nCVE-2009-0783, CVE-2009-2693, CVE-2009-2902, CVE-2009-3548, CVE-2010-1157,\nCVE-2010-2227, CVE-2010-3718, CVE-2010-4476, CVE-2011-0013, CVE-2011-1184,\nCVE-2011-2204, CVE-2011-2526, CVE-2011-2729, CVE-2011-3190, CVE-2011-4858,\nCVE-2012-0022, CVE-2012-5885. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. Modification, Denial of Service (DoS)\n\n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c02515878\nVersion: 1\n\nHPSBUX02579 SSRT100203 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Unauthorized\n\nModification, Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2010-11-23\nLast Updated: 2010-11-23\n\n ------------------------------------------------------------------------------\n\nPotential Security Impact: Remote information disclosure, unauthorized modification, or Denial of Service (DoS). \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX Apache Running Tomcat Servlet Engine. These\n\nvulnerabilities could be exploited remotely to disclose information, allows unauthorized modification, or create a Denial\n\nof Service (DoS). The Tomcat-based Servlet Engine is contained in the HP-UX Apache Web Server Suite. \n\nReferences: CVE-2010-2227, CVE-2010-1157, CVE-2009-0783, CVE-2009-0781, CVE-2009-0580, CVE-2009-0033, CVE-2008-5515\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.12 or earlier\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2010-2227 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4\nCVE-2010-1157 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2009-0783 (AV:L/AC:L/Au:N/C:P/I:P/A:N) 3.6\nCVE-2009-0781 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2009-0580 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2009-0033 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2008-5515 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following software updates to resolve the vulnerabilities. \nThe updates are available for download from http://software.hp.com\nNote: HP-UX Web Server Suite v3.13 contains HP-UX Tomcat-based Servlet Engine v5.5.30.01\n\nWeb Server Suite Version / Apache Depot name\n\nHP-UX Web Server Suite v.3.13\n HPUXWS22ATW-B313-32.depot\n\n HPUXWS22ATW-B313-64.depot\n\nMANUAL ACTIONS: Yes - Update\nInstall HP-UX Web Server Suite v3.13 or subsequent. \n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX Web Server Suite\n\nHP-UX B.11.23\nHP-UX B.11.31\n==================\nhpuxws22TOMCAT.TOMCAT\naction: install revision B.5.5.30.01 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 23 November 2010 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com\n Subject: get key\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n -verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin\nrelates to is represented by the 5th and 6th characters\nof the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\nCopyright 2010 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (GNU/Linux)\n\niEYEARECAAYFAkzsg8IACgkQ4B86/C0qfVlFEQCg1wPaYQ84EkeiOjNAkrLGPVnQ\n1aQAoK/qC5XheL13hyynXvA/jfWdKwQ0\n=jKnI\n-----END PGP SIGNATURE-----\n. \n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 5.5.26-5lenny2. \n\nThe stable distribution (squeeze) no longer contains tomcat5.5. tomcat6\nis already fixed. \n\nThe unstable distribution (sid) no longer contains tomcat5.5. tomcat6\nis already fixed. ===========================================================\nUbuntu Security Notice USN-788-1 June 15, 2009\ntomcat6 vulnerabilities\nCVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781,\nCVE-2009-0783\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 8.10\nUbuntu 9.04\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 8.10:\n libtomcat6-java 6.0.18-0ubuntu3.2\n tomcat6-examples 6.0.18-0ubuntu3.2\n\nUbuntu 9.04:\n libtomcat6-java 6.0.18-0ubuntu6.1\n tomcat6-examples 6.0.18-0ubuntu6.1\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes. \n\nDetails follow:\n\nIida Minehiko discovered that Tomcat did not properly normalise paths. A\nremote attacker could send specially crafted requests to the server and\nbypass security restrictions, gaining access to sensitive content. \n(CVE-2008-5515)\n\nYoshihito Fukuyama discovered that Tomcat did not properly handle errors\nwhen the Java AJP connector and mod_jk load balancing are used. A remote\nattacker could send specially crafted requests containing invalid headers\nto the server and cause a temporary denial of service. (CVE-2009-0033)\n\nD. Matscheko and T. Hackner discovered that Tomcat did not properly handle\nmalformed URL encoding of passwords when FORM authentication is used. A\nremote attacker could exploit this in order to enumerate valid usernames. \n(CVE-2009-0580)\n\nDeniz Cevik discovered that Tomcat did not properly escape certain\nparameters in the example calendar application which could result in\nbrowsers becoming vulnerable to cross-site scripting attacks when\nprocessing the output. With cross-site scripting vulnerabilities, if a user\nwere tricked into viewing server output during a crafted server request, a\nremote attacker could exploit this to modify the contents, or steal\nconfidential data (such as passwords), within the same domain. \n(CVE-2009-0781)\n\nPhilippe Prados discovered that Tomcat allowed web applications to replace\nthe XML parser used by other web applications. Local users could exploit\nthis to bypass security restrictions and gain access to certain sensitive\nfiles. (CVE-2009-0783)\n\n\nUpdated packages for Ubuntu 8.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu3.2.diff.gz\n Size/MD5: 22010 87c6105cd78ea5a8dbf62054fc4ba0aa\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu3.2.dsc\n Size/MD5: 1378 823c008ffc927c0f3f5686fc6f5188d0\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18.orig.tar.gz\n Size/MD5: 3484249 9bdbb1c1d79302c80057a70b18fe6721\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.18-0ubuntu3.2_all.deb\n Size/MD5: 174164 dd24331b2709bd6641b4055d0b052eae\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.18-0ubuntu3.2_all.deb\n Size/MD5: 2961944 63c8c3e0300ed70a240b79ddd3299efb\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.18-0ubuntu3.2_all.deb\n Size/MD5: 37370 b9b1bd6dc9cfb52107811295401c09e4\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.18-0ubuntu3.2_all.deb\n Size/MD5: 53488 5006e5c394ec815f6d36c335d9f0abaf\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.18-0ubuntu3.2_all.deb\n Size/MD5: 714516 768cacbb74453b1a2a49e55d61b7bedd\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.18-0ubuntu3.2_all.deb\n Size/MD5: 419180 0663de0611fb9792d44aebad8aa24cc4\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.18-0ubuntu3.2_all.deb\n Size/MD5: 18612 95544319007f1f90321469c5d314c72e\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu3.2_all.deb\n Size/MD5: 24156 9f4d7a0671e9330ff2fa1a1c13a20c58\n\nUpdated packages for Ubuntu 9.04:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.1.diff.gz\n Size/MD5: 24779 221e0f51259495fd01da2a6b67358b17\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.1.dsc\n Size/MD5: 1411 e3bac3c39b2e6db3267699a533b17add\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18.orig.tar.gz\n Size/MD5: 3484249 9bdbb1c1d79302c80057a70b18fe6721\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java-doc_6.0.18-0ubuntu6.1_all.deb\n Size/MD5: 246196 54e990e7893923b8b6df4bcce9f3ba22\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.18-0ubuntu6.1_all.deb\n Size/MD5: 172500 abf989790a45def65d5de9a7f9b010df\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.18-0ubuntu6.1_all.deb\n Size/MD5: 2846254 c1c0180751500ce58c51b97de9f2d6d9\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.18-0ubuntu6.1_all.deb\n Size/MD5: 37874 e7d401faba215af22ecff31b4a675fad\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.18-0ubuntu6.1_all.deb\n Size/MD5: 53184 194153ab21adac9a47baaf92ea8d2acb\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.18-0ubuntu6.1_all.deb\n Size/MD5: 714212 d52e9abc75108a8f059346e09d47b511\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.18-0ubuntu6.1_all.deb\n Size/MD5: 418316 3a7110c9da4bd72a7019cbb75651da73\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.18-0ubuntu6.1_all.deb\n Size/MD5: 20520 ea5e54c91e7055e281d61e63f0e140f2\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.1_all.deb\n Size/MD5: 24952 ec80f910d6c8e606c090ba8dd737bc4c\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201206-24\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Apache Tomcat: Multiple vulnerabilities\n Date: June 24, 2012\n Bugs: #272566, #273662, #303719, #320963, #329937, #373987,\n #374619, #382043, #386213, #396401, #399227\n ID: 201206-24\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities were found in Apache Tomcat, the worst of\nwhich allowing to read, modify and overwrite arbitrary files. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/tomcat *\u003c 5.5.34 *\u003e= 6.0.35\n *\u003c 6.0.35 \u003e= 7.0.23\n \u003c 7.0.23\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Apache Tomcat. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n======\n\nThe vulnerabilities allow an attacker to cause a Denial of Service, to\nhijack a session, to bypass authentication, to inject webscript, to\nenumerate valid usernames, to read, modify and overwrite arbitrary\nfiles, to bypass intended access restrictions, to delete work-directory\nfiles, to discover the server\u0027s hostname or IP, to bypass read\npermissions for files or HTTP headers, to read or write files outside\nof the intended working directory, and to obtain sensitive information\nby reading a log file. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Apache Tomcat 6.0.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/tomcat-6.0.35\"\n\nAll Apache Tomcat 7.0.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/tomcat-7.0.23\"\n\nReferences\n==========\n\n[ 1 ] CVE-2008-5515\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5515\n[ 2 ] CVE-2009-0033\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0033\n[ 3 ] CVE-2009-0580\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0580\n[ 4 ] CVE-2009-0781\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0781\n[ 5 ] CVE-2009-0783\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0783\n[ 6 ] CVE-2009-2693\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2693\n[ 7 ] CVE-2009-2901\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2901\n[ 8 ] CVE-2009-2902\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2902\n[ 9 ] CVE-2010-1157\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1157\n[ 10 ] CVE-2010-2227\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2227\n[ 11 ] CVE-2010-3718\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3718\n[ 12 ] CVE-2010-4172\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4172\n[ 13 ] CVE-2010-4312\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4312\n[ 14 ] CVE-2011-0013\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0013\n[ 15 ] CVE-2011-0534\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0534\n[ 16 ] CVE-2011-1088\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1088\n[ 17 ] CVE-2011-1183\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1183\n[ 18 ] CVE-2011-1184\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1184\n[ 19 ] CVE-2011-1419\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1419\n[ 20 ] CVE-2011-1475\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1475\n[ 21 ] CVE-2011-1582\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1582\n[ 22 ] CVE-2011-2204\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2204\n[ 23 ] CVE-2011-2481\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2481\n[ 24 ] CVE-2011-2526\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2526\n[ 25 ] CVE-2011-2729\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2729\n[ 26 ] CVE-2011-3190\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3190\n[ 27 ] CVE-2011-3375\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3375\n[ 28 ] CVE-2011-4858\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4858\n[ 29 ] CVE-2011-5062\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5062\n[ 30 ] CVE-2011-5063\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5063\n[ 31 ] CVE-2011-5064\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5064\n[ 32 ] CVE-2012-0022\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0022\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201206-24.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n \n The calendar application in the examples web application contains an\n XSS flaw due to invalid HTML which renders the XSS filtering protection\n ineffective (CVE-2009-0781). \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783\n http://tomcat.apache.org/security-5.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Enterprise Server 5:\n eeaa9d6a2b616db100f1e206bb06b2d6 mes5/i586/tomcat5-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n a641e0f379b1c37a1475b8528a6d8ecf mes5/i586/tomcat5-admin-webapps-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 743727d3628613d6968850ffd1ae092d mes5/i586/tomcat5-common-lib-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n c9e66f0251d48d08f1df2dbca1973aad mes5/i586/tomcat5-jasper-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 0fcaf3a02861505fd8afec7c94344b34 mes5/i586/tomcat5-jasper-eclipse-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 6b013f381aad7eec77f82021fa897bb1 mes5/i586/tomcat5-jasper-javadoc-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 56a14766bd5d56beaf05914442329b8e mes5/i586/tomcat5-jsp-2.0-api-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 6244961329d56d9854c27fb643180af7 mes5/i586/tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 389011360b165d51ed7bb760aed77fef mes5/i586/tomcat5-server-lib-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 644fdfef4854b94a6a645b4a5df19430 mes5/i586/tomcat5-servlet-2.4-api-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 69601123fe318d20c8e050fb294563a4 mes5/i586/tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 19cbeea920983a8ba6a9f739c13f1162 mes5/i586/tomcat5-webapps-5.5.27-0.3.0.2mdvmes5.noarch.rpm \n 30f1fc3e67154e56ba2fe78c7f17cf02 mes5/SRPMS/tomcat5-5.5.27-0.3.0.2mdvmes5.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n c25b7d09498779d75041bc7f613130a0 mes5/x86_64/tomcat5-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n d7674924e3c8b7c84e5024869c1b69a3 mes5/x86_64/tomcat5-admin-webapps-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 84d805f41359b28390638787cfc06d12 mes5/x86_64/tomcat5-common-lib-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 8d7ed6ceffa3cc3f03a8a7abd05c470b mes5/x86_64/tomcat5-jasper-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 4f1b9387b5c5e77fcac86104815ae33a mes5/x86_64/tomcat5-jasper-eclipse-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 23350f016f88897bd966721c156c7c73 mes5/x86_64/tomcat5-jasper-javadoc-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 0e187a53ffadf553705425de115e48e6 mes5/x86_64/tomcat5-jsp-2.0-api-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 50b42a84acf2b2d989655c2f7dd5ae1f mes5/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 16ca5f053c9221b48aea5e73ce7b6a06 mes5/x86_64/tomcat5-server-lib-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n cf3d9d6d4cc876aef1fcbbf1b7d53950 mes5/x86_64/tomcat5-servlet-2.4-api-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 32f514581f311783fc5a673231558567 mes5/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n d21b39762b5a108dacdaf58a91ce5dac mes5/x86_64/tomcat5-webapps-5.5.27-0.3.0.2mdvmes5.noarch.rpm \n 30f1fc3e67154e56ba2fe78c7f17cf02 mes5/SRPMS/tomcat5-5.5.27-0.3.0.2mdvmes5.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD4DBQFKbyKZmqjQ0CJFipgRAsjOAJ46WIT6KshXhK11pw/dmFR3Vuz5OQCYzzQM\n8kHZGORcpqDWK1qWCdiY9A==\n=XhQl\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n", "sources": [ { "db": "NVD", "id": "CVE-2008-5515" }, { "db": "BID", "id": "35263" }, { "db": "VULMON", "id": "CVE-2008-5515" }, { "db": "PACKETSTORM", "id": "121037" }, { "db": "PACKETSTORM", "id": "96122" }, { "db": "PACKETSTORM", "id": "99870" }, { "db": "PACKETSTORM", "id": "78409" }, { "db": "PACKETSTORM", "id": "114139" }, { "db": "PACKETSTORM", "id": "89679" }, { "db": "PACKETSTORM", "id": "79715" } ], "trust": 1.89 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2008-5515", "trust": 2.7 }, { "db": "BID", "id": "35263", "trust": 2.0 }, { "db": "SECUNIA", "id": "44183", "trust": 1.7 }, { "db": "SECUNIA", "id": "35685", "trust": 1.7 }, { "db": "SECUNIA", "id": "35393", "trust": 1.7 }, { "db": "SECUNIA", "id": "37460", "trust": 1.7 }, { "db": "SECUNIA", "id": "39317", "trust": 1.7 }, { "db": "SECUNIA", "id": "42368", "trust": 1.7 }, { "db": "SECUNIA", "id": "35788", "trust": 1.7 }, { "db": "JVN", "id": "JVN63832775", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2010-3056", "trust": 1.6 }, { "db": "VUPEN", "id": "ADV-2009-1535", "trust": 1.6 }, { "db": "VUPEN", "id": "ADV-2009-1856", "trust": 1.6 }, { "db": "VUPEN", "id": "ADV-2009-3316", "trust": 1.6 }, { "db": "VUPEN", "id": "ADV-2009-1520", "trust": 1.6 }, { "db": "CNNVD", "id": "CNNVD-200906-265", "trust": 0.6 }, { "db": "VUPEN", "id": "2009/1856", "trust": 0.1 }, { "db": "VUPEN", "id": "2009/3316", "trust": 0.1 }, { "db": "VUPEN", "id": "2009/1520", "trust": 0.1 }, { "db": "VUPEN", "id": "2010/3056", "trust": 0.1 }, { "db": "VUPEN", "id": "2009/1535", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2008-5515", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "121037", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "96122", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "99870", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "78409", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "114139", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "89679", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "79715", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2008-5515" }, { "db": "BID", "id": "35263" }, { "db": "PACKETSTORM", "id": "121037" }, { "db": "PACKETSTORM", "id": "96122" }, { "db": "PACKETSTORM", "id": "99870" }, { "db": "PACKETSTORM", "id": "78409" }, { "db": "PACKETSTORM", "id": "114139" }, { "db": "PACKETSTORM", "id": "89679" }, { "db": "PACKETSTORM", "id": "79715" }, { "db": "CNNVD", "id": "CNNVD-200906-265" }, { "db": "NVD", "id": "CVE-2008-5515" } ] }, "id": "VAR-200906-0603", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.16519225 }, "last_update_date": "2024-09-19T21:15:02.715000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Red Hat: Important: JBoss Enterprise Application Platform 4.3.0.CP05 update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20091145 - Security Advisory" }, { "title": "Red Hat: Important: tomcat security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20091164 - Security Advisory" }, { "title": "Ubuntu Security Notice: tomcat6 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-788-1" }, { "title": "Debian CVElist Bug Report Logs: CVE-2009-0033 CVE-2009-0580 CVE-2009-0783 CVE-2009-0781: Apache Tomcat 6 Multiple Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=ac49c4dcad19730a5b7d72eba69e3550" }, { "title": "Debian CVElist Bug Report Logs: CVE-2009-0033 CVE-2009-0580 CVE-2009-0783 CVE-2009-0781: Apache Tomcat 5 Multiple Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=b4688be3241a5693241135af6523bb48" }, { "title": "Symantec Security Advisories: SA66 : Multiple Tomcat vulnerabilities in IntelligenceCenter", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=ce6312b51b7767e26422e4b3dbf8f5cd" }, { "title": "VMware Security Advisories: VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=4675848a694e2124743f676a2c827ef7" } ], "sources": [ { "db": "VULMON", "id": "CVE-2008-5515" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-22", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2008-5515" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "http://www.securityfocus.com/bid/35263" }, { "trust": 2.3, "url": "http://www.vmware.com/security/advisories/vmsa-2009-0016.html" }, { "trust": 2.3, "url": "http://www.debian.org/security/2011/dsa-2207" }, { "trust": 2.1, "url": "http://tomcat.apache.org/security-5.html" }, { "trust": 2.0, "url": "http://tomcat.apache.org/security-4.html" }, { "trust": 2.0, "url": "http://tomcat.apache.org/security-6.html" }, { "trust": 2.0, "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2009/1520" }, { "trust": 1.7, "url": "http://jvn.jp/en/jp/jvn63832775/index.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/35393" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2009/1535" }, { "trust": 1.7, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2009:138" }, { "trust": 1.7, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2009:136" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/35685" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2009/1856" }, { "trust": 1.7, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1" }, { "trust": 1.7, "url": "http://secunia.com/advisories/35788" }, { "trust": 1.7, "url": "http://secunia.com/advisories/37460" }, { "trust": 1.7, "url": "https://www.redhat.com/archives/fedora-package-announce/2009-november/msg01156.html" }, { "trust": 1.7, "url": "https://www.redhat.com/archives/fedora-package-announce/2009-november/msg01246.html" }, { "trust": 1.7, "url": "https://www.redhat.com/archives/fedora-package-announce/2009-november/msg01216.html" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2009/3316" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce/2010//mar/msg00001.html" }, { "trust": 1.7, "url": "http://support.apple.com/kb/ht4077" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/39317" }, { "trust": 1.7, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:176" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=129070310906557\u0026w=2" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2010/3056" }, { "trust": 1.7, "url": "http://secunia.com/advisories/42368" }, { "trust": 1.7, "url": "http://secunia.com/advisories/44183" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a6445" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a19452" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10422" }, { "trust": 1.7, "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" }, { "trust": 1.7, "url": "http://www.securityfocus.com/archive/1/504202/100/0/threaded" }, { "trust": 1.7, "url": "http://www.securityfocus.com/archive/1/504170/100/0/threaded" }, { "trust": 1.6, "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.6, "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.6, "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.6, "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.6, "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.6, "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.6, "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3cdev.tomcat.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-5515" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0033" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0580" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0781" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0783" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2902" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2693" }, { "trust": 0.3, "url": "http://jakarta.apache.org/tomcat/" }, { "trust": 0.3, "url": "/archive/1/504170" }, { "trust": 0.3, "url": "/archive/1/504202" }, { "trust": 0.3, "url": "/archive/1/507985" }, { "trust": 0.3, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-263529-1" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27012048" }, { "trust": 0.3, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01908935" }, { "trust": 0.3, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c02515878" }, { "trust": 0.3, "url": "http://h20566.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?javax.portlet.endcachetok=com.vignette.cachetoken\u0026javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalsta" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025919" }, { "trust": 0.3, "url": "https://kb.bluecoat.com/index?page=content\u0026id=sa66" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2009-1164.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2009-1506.html" }, { "trust": 0.3, "url": "http://www.blackberry.com/btsc/dynamickc.do?externalid=kb25966\u0026sliceid=1\u0026command=show\u0026forward=nonthreadedkc\u0026kcid=kb25966" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2227" }, { "trust": 0.3, "url": "https://www.hp.com/go/swa" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1157" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2204" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3548" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2526" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3718" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4858" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3190" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1184" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0013" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2729" }, { "trust": 0.2, "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do" }, { "trust": 0.2, "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc" }, { "trust": 0.2, "url": "http://h30046.www3.hp.com/subsignin.php" }, { "trust": 0.2, "url": "http://secunia.com/" }, { "trust": 0.2, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2901" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/22.html" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2009:1145" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/788-1/" }, { "trust": 0.1, "url": "https://h20392.www2.hp.com/portal" }, { "trust": 0.1, "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.1, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4476" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0022" }, { "trust": 0.1, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-5885" }, { "trust": 0.1, "url": "http://software.hp.com" }, { "trust": 0.1, "url": "http://tomcat.apache.org/security-5.html." }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "http://www.debian.org/security/" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.18-0ubuntu3.2_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.18-0ubuntu3.2_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.18-0ubuntu6.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.1.dsc" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.18-0ubuntu6.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.18-0ubuntu6.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu3.2_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.18-0ubuntu6.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.1.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.18-0ubuntu6.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.18-0ubuntu6.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu3.2.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18.orig.tar.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.18-0ubuntu3.2_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu3.2.dsc" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.18-0ubuntu3.2_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java-doc_6.0.18-0ubuntu6.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.18-0ubuntu3.2_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.18-0ubuntu3.2_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.18-0ubuntu6.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.18-0ubuntu3.2_all.deb" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0783" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0033" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0781" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2729" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2902" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-5062" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0534" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1183" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3718" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1475" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0534" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0013" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-5063" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1582" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4172" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-5064" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4312" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1475" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1088" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0580" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2901" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2526" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1183" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1184" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2204" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0022" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3375" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2693" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1157" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4172" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1088" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2481" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4312" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4858" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2227" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2481" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5515" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3190" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1419" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3375" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201206-24.xml" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1582" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1419" }, { "trust": 0.1, "url": "http://support.openview.hp.com/selfsolve/patches" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5515" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0580" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0033" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0781" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/advisories" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0783" } ], "sources": [ { "db": "VULMON", "id": "CVE-2008-5515" }, { "db": "BID", "id": "35263" }, { "db": "PACKETSTORM", "id": "121037" }, { "db": "PACKETSTORM", "id": "96122" }, { "db": "PACKETSTORM", "id": "99870" }, { "db": "PACKETSTORM", "id": "78409" }, { "db": "PACKETSTORM", "id": "114139" }, { "db": "PACKETSTORM", "id": "89679" }, { "db": "PACKETSTORM", "id": "79715" }, { "db": "CNNVD", "id": "CNNVD-200906-265" }, { "db": "NVD", "id": "CVE-2008-5515" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2008-5515" }, { "db": "BID", "id": "35263" }, { "db": "PACKETSTORM", "id": "121037" }, { "db": "PACKETSTORM", "id": "96122" }, { "db": "PACKETSTORM", "id": "99870" }, { "db": "PACKETSTORM", "id": "78409" }, { "db": "PACKETSTORM", "id": "114139" }, { "db": "PACKETSTORM", "id": "89679" }, { "db": "PACKETSTORM", "id": "79715" }, { "db": "CNNVD", "id": "CNNVD-200906-265" }, { "db": "NVD", "id": "CVE-2008-5515" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2009-06-16T00:00:00", "db": "VULMON", "id": "CVE-2008-5515" }, { "date": "2009-06-08T00:00:00", "db": "BID", "id": "35263" }, { "date": "2013-04-01T15:55:00", "db": "PACKETSTORM", "id": "121037" }, { "date": "2010-11-27T18:01:33", "db": "PACKETSTORM", "id": "96122" }, { "date": "2011-03-30T00:19:03", "db": "PACKETSTORM", "id": "99870" }, { "date": "2009-06-15T20:42:09", "db": "PACKETSTORM", "id": "78409" }, { "date": "2012-06-24T23:54:31", "db": "PACKETSTORM", "id": "114139" }, { "date": "2010-05-19T06:15:08", "db": "PACKETSTORM", "id": "89679" }, { "date": "2009-07-28T19:23:06", "db": "PACKETSTORM", "id": "79715" }, { "date": "2009-06-16T00:00:00", "db": "CNNVD", "id": "CNNVD-200906-265" }, { "date": "2009-06-16T21:00:00.313000", "db": "NVD", "id": "CVE-2008-5515" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-03-25T00:00:00", "db": "VULMON", "id": "CVE-2008-5515" }, { "date": "2015-04-13T22:12:00", "db": "BID", "id": "35263" }, { "date": "2023-02-14T00:00:00", "db": "CNNVD", "id": "CNNVD-200906-265" }, { "date": "2023-02-13T02:19:34.757000", "db": "NVD", "id": "CVE-2008-5515" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200906-265" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache Tomcat Path traversal vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-200906-265" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "path traversal", "sources": [ { "db": "CNNVD", "id": "CNNVD-200906-265" } ], "trust": 0.6 } }
var-201110-0385
Vulnerability from variot
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors. The vulnerability can be exploited over multiple protocols. This issue affects the 'Java Runtime Environment' sub-component. This vulnerability affects the following supported versions: JDK and JRE 7, 6 Update 27, 5.0 Update 31. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201111-02
http://security.gentoo.org/
Severity: Normal Title: Oracle JRE/JDK: Multiple vulnerabilities Date: November 05, 2011 Bugs: #340421, #354213, #370559, #387851 ID: 201111-02
Synopsis
Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/sun-jre-bin < 1.6.0.29 >= 1.6.0.29 * 2 app-emulation/emul-linux-x86-java < 1.6.0.29 >= 1.6.0.29 * 3 dev-java/sun-jdk < 1.6.0.29 >= 1.6.0.29 * ------------------------------------------------------------------- NOTE: Packages marked with asterisks require manual intervention! ------------------------------------------------------------------- 3 affected packages -------------------------------------------------------------------
Description
Multiple vulnerabilities have been reported in the Oracle Java implementation.
Impact
A remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code.
Workaround
There is no known workaround at this time.
Resolution
All Oracle JDK 1.6 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.6.0.29"
All Oracle JRE 1.6 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.6.0.29"
All users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to the latest version:
# emerge --sync # emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.6.0.29"
NOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically. This limitation is not present on a non-fetch restricted implementation such as dev-java/icedtea-bin.
References
[ 1 ] CVE-2010-3541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541 [ 2 ] CVE-2010-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548 [ 3 ] CVE-2010-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549 [ 4 ] CVE-2010-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550 [ 5 ] CVE-2010-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551 [ 6 ] CVE-2010-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552 [ 7 ] CVE-2010-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553 [ 8 ] CVE-2010-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554 [ 9 ] CVE-2010-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555 [ 10 ] CVE-2010-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556 [ 11 ] CVE-2010-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557 [ 12 ] CVE-2010-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558 [ 13 ] CVE-2010-3559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559 [ 14 ] CVE-2010-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560 [ 15 ] CVE-2010-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561 [ 16 ] CVE-2010-3562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562 [ 17 ] CVE-2010-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563 [ 18 ] CVE-2010-3565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565 [ 19 ] CVE-2010-3566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566 [ 20 ] CVE-2010-3567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567 [ 21 ] CVE-2010-3568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568 [ 22 ] CVE-2010-3569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569 [ 23 ] CVE-2010-3570 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570 [ 24 ] CVE-2010-3571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571 [ 25 ] CVE-2010-3572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572 [ 26 ] CVE-2010-3573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573 [ 27 ] CVE-2010-3574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574 [ 28 ] CVE-2010-4422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422 [ 29 ] CVE-2010-4447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447 [ 30 ] CVE-2010-4448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448 [ 31 ] CVE-2010-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450 [ 32 ] CVE-2010-4451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451 [ 33 ] CVE-2010-4452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452 [ 34 ] CVE-2010-4454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454 [ 35 ] CVE-2010-4462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462 [ 36 ] CVE-2010-4463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463 [ 37 ] CVE-2010-4465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465 [ 38 ] CVE-2010-4466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466 [ 39 ] CVE-2010-4467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467 [ 40 ] CVE-2010-4468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468 [ 41 ] CVE-2010-4469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469 [ 42 ] CVE-2010-4470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470 [ 43 ] CVE-2010-4471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471 [ 44 ] CVE-2010-4472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472 [ 45 ] CVE-2010-4473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473 [ 46 ] CVE-2010-4474 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474 [ 47 ] CVE-2010-4475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475 [ 48 ] CVE-2010-4476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476 [ 49 ] CVE-2011-0802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802 [ 50 ] CVE-2011-0814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814 [ 51 ] CVE-2011-0815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815 [ 52 ] CVE-2011-0862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862 [ 53 ] CVE-2011-0863 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863 [ 54 ] CVE-2011-0864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864 [ 55 ] CVE-2011-0865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865 [ 56 ] CVE-2011-0867 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867 [ 57 ] CVE-2011-0868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868 [ 58 ] CVE-2011-0869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869 [ 59 ] CVE-2011-0871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871 [ 60 ] CVE-2011-0872 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872 [ 61 ] CVE-2011-0873 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873 [ 62 ] CVE-2011-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389 [ 63 ] CVE-2011-3516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516 [ 64 ] CVE-2011-3521 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521 [ 65 ] CVE-2011-3544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544 [ 66 ] CVE-2011-3545 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545 [ 67 ] CVE-2011-3546 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546 [ 68 ] CVE-2011-3547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547 [ 69 ] CVE-2011-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548 [ 70 ] CVE-2011-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549 [ 71 ] CVE-2011-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550 [ 72 ] CVE-2011-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551 [ 73 ] CVE-2011-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552 [ 74 ] CVE-2011-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553 [ 75 ] CVE-2011-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554 [ 76 ] CVE-2011-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555 [ 77 ] CVE-2011-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556 [ 78 ] CVE-2011-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557 [ 79 ] CVE-2011-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558 [ 80 ] CVE-2011-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560 [ 81 ] CVE-2011-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201111-02.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Hitachi Cosminexus Products Java Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA46694
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46694/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46694
RELEASE DATE: 2011-11-08
DISCUSS ADVISORY: http://secunia.com/advisories/46694/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46694/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46694
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Hitachi has acknowledged multiple vulnerabilities in Hitachi Cosminexus products, which can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
The vulnerabilities are caused due to vulnerabilities in the bundled version of Cosminexus Developer's Kit for Java.
For more information: SA46512
Please see the vendor's advisory for a list of affected products. Please see the vendor's advisory for details.
ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-024/index.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. This combines the two previous openjdk-6 advisories, DSA-2311-1 and DSA-2356-1.
CVE-2011-0862 Integer overflow errors in the JPEG and font parser allow untrusted code (including applets) to elevate its privileges.
CVE-2011-0864 Hotspot, the just-in-time compiler in OpenJDK, mishandled certain byte code instructions, allowing untrusted code (including applets) to crash the virtual machine.
CVE-2011-0865 A race condition in signed object deserialization could allow untrusted code to modify signed content, apparently leaving its signature intact.
CVE-2011-0867 Untrusted code (including applets) could access information about network interfaces which was not intended to be public. (Note that the interface MAC address is still available to untrusted code.)
CVE-2011-0868 A float-to-long conversion could overflow, , allowing untrusted code (including applets) to crash the virtual machine.
CVE-2011-0869 Untrusted code (including applets) could intercept HTTP requests by reconfiguring proxy settings through a SOAP connection.
CVE-2011-0871 Untrusted code (including applets) could elevate its privileges through the Swing MediaTracker code.
CVE-2011-3521 The CORBA implementation contains a deserialization vulnerability in the IIOP implementation, allowing untrusted Java code (such as applets) to elevate its privileges.
CVE-2011-3547 The skip() method in java.io.InputStream uses a shared buffer, allowing untrusted Java code (such as applets) to access data that is skipped by other code.
CVE-2011-3553 JAX-WS enables stack traces for certain server responses by default, potentially leaking sensitive information.
For the oldstable distribution (lenny), these problems have been fixed in version 6b18-1.8.10-0~lenny1.
IcedTea6 prior to 1.10.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D (CVE-2011-3551).
IcedTea6 prior to 1.10.4 allows remote attackers to affect integrity via unknown vectors related to Networking (CVE-2011-3552).
IcedTea6 prior to 1.10.4 allows remote authenticated users to affect confidentiality, related to JAXWS (CVE-2011-3553).
IcedTea6 prior to 1.10.4 allows remote attackers to affect confidentiality, integrity, and availability, related to RMI (CVE-2011-3556).
IcedTea6 prior to 1.10.4 allows remote attackers to affect confidentiality, integrity, and availability, related to RMI (CVE-2011-3557).
Deepak Bhole discovered a flaw in the Same Origin Policy (SOP) implementation in the IcedTea project Web browser plugin. A malicious applet could use this flaw to bypass SOP protection and open connections to any sub-domain of the second-level domain of the applet's origin, as well as any sub-domain of the domain that is the suffix of the origin second-level domain. For example, IcedTea-Web plugin allowed applet from some.host.example.com to connect to other.host.example.com, www.example.com, and example.com, as well as www.ample.com or ample.com. (CVE-2011-3377). The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFOvSWxmqjQ0CJFipgRAnk1AKDUddZYCqwkfhoUpLxEL0BT3mDf0ACfbuTI aaF2JGTyfceBABs92un/yVA= =yPsD -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: java-1.6.0-openjdk security update Advisory ID: RHSA-2011:1380-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1380.html Issue date: 2011-10-18 CVE Names: CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3547 CVE-2011-3548 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 CVE-2011-3560 =====================================================================
- Summary:
Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
A flaw was found in the Java RMI (Remote Method Invocation) registry implementation. A remote RMI client could use this flaw to execute arbitrary code on the RMI server running the registry. (CVE-2011-3556)
A flaw was found in the Java RMI registry implementation. A remote RMI client could use this flaw to execute code on the RMI server with unrestricted privileges. (CVE-2011-3557)
A flaw was found in the IIOP (Internet Inter-Orb Protocol) deserialization code. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions by deserializing specially-crafted input. (CVE-2011-3521)
It was found that the Java ScriptingEngine did not properly restrict the privileges of sandboxed applications. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3544)
A flaw was found in the AWTKeyStroke implementation. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3548)
An integer overflow flaw, leading to a heap-based buffer overflow, was found in the Java2D code used to perform transformations of graphic shapes and images. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3551)
An insufficient error checking flaw was found in the unpacker for JAR files in pack200 format. A specially-crafted JAR file could use this flaw to crash the Java Virtual Machine (JVM) or, possibly, execute arbitrary code with JVM privileges. (CVE-2011-3554)
It was found that HttpsURLConnection did not perform SecurityManager checks in the setSSLSocketFactory method. An untrusted Java application or applet running in a sandbox could use this flaw to bypass connection restrictions defined in the policy. (CVE-2011-3560)
A flaw was found in the way the SSL 3 and TLS 1.0 protocols used block ciphers in cipher-block chaining (CBC) mode. An attacker able to perform a chosen plain text attack against a connection mixing trusted and untrusted data could use this flaw to recover portions of the trusted data sent over the connection. (CVE-2011-3389)
Note: This update mitigates the CVE-2011-3389 issue by splitting the first application data record byte to a separate SSL/TLS protocol record. This mitigation may cause compatibility issues with some SSL/TLS implementations and can be disabled using the jsse.enableCBCProtection boolean property. This can be done on the command line by appending the flag "-Djsse.enableCBCProtection=false" to the java command.
An information leak flaw was found in the InputStream.skip implementation. An untrusted Java application or applet could possibly use this flaw to obtain bytes skipped by other threads. (CVE-2011-3547)
A flaw was found in the Java HotSpot virtual machine. An untrusted Java application or applet could use this flaw to disclose portions of the VM memory, or cause it to crash. (CVE-2011-3558)
The Java API for XML Web Services (JAX-WS) implementation in OpenJDK was configured to include the stack trace in error messages sent to clients. A remote client could possibly use this flaw to obtain sensitive information. (CVE-2011-3553)
It was found that Java applications running with SecurityManager restrictions were allowed to use too many UDP sockets by default. If multiple instances of a malicious application were started at the same time, they could exhaust all available UDP sockets on the system. (CVE-2011-3552)
This erratum also upgrades the OpenJDK package to IcedTea6 1.9.10. Refer to the NEWS file, linked to in the References, for further information.
All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
- Bugs fixed (http://bugzilla.redhat.com/):
737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) 745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936) 745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600) 745391 - CVE-2011-3551 OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640) 745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417) 745399 - CVE-2011-3544 OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823) 745442 - CVE-2011-3521 OpenJDK: IIOP deserialization code execution (Deserialization, 7055902) 745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857) 745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466) 745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012) 745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773) 745476 - CVE-2011-3553 OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794) 745492 - CVE-2011-3558 OpenJDK: Hotspot unspecified issue (Hotspot, 7070134)
- Package List:
Red Hat Enterprise Linux Desktop (v. 5 client):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.src.rpm
i386: java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm
x86_64: java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.src.rpm
i386: java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm
x86_64: java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm
Red Hat Enterprise Linux Desktop (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm
i386: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm
x86_64: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm
i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm
x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm
x86_64: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm
x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm
i386: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm
x86_64: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm
i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm
x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm
i386: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm
x86_64: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm
i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm
x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-3389.html https://www.redhat.com/security/data/cve/CVE-2011-3521.html https://www.redhat.com/security/data/cve/CVE-2011-3544.html https://www.redhat.com/security/data/cve/CVE-2011-3547.html https://www.redhat.com/security/data/cve/CVE-2011-3548.html https://www.redhat.com/security/data/cve/CVE-2011-3551.html https://www.redhat.com/security/data/cve/CVE-2011-3552.html https://www.redhat.com/security/data/cve/CVE-2011-3553.html https://www.redhat.com/security/data/cve/CVE-2011-3554.html https://www.redhat.com/security/data/cve/CVE-2011-3556.html https://www.redhat.com/security/data/cve/CVE-2011-3557.html https://www.redhat.com/security/data/cve/CVE-2011-3558.html https://www.redhat.com/security/data/cve/CVE-2011-3560.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html http://icedtea.classpath.org/hg/release/icedtea6-1.9/file/328afd896e3e/NEWS
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFOngvzXlSAg2UNWIIRArb8AKCaS923HYBco1E2eOOedT1aefjmyACgherU 1E1DMZpv3ExBmKhD4Emi2no= =sMXo -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201110-0385", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jre", "scope": "eq", "trust": 1.6, "vendor": "sun", "version": "1.6.0" }, { "model": "jre", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "jdk", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "jre", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jdk", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.7.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.7.0" }, { "model": "jre 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.5.0 32", "scope": "ne", "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 28", "scope": "ne", "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0 17", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 16", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 32", "scope": "ne", "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.5.0 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 27", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 23", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 18", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.5.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 12", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 27", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 16", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 12", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.5.0 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.7" }, { "model": "jre 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 01", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 28", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 22", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.5.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 28", "scope": "ne", "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0 23", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 10", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 28", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 26", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 30", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 26", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 24", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.5.0 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 22", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 11", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 18", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.7" }, { "model": "jdk 1.5.0 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 24", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 30", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk .0 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 0 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 24", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0.0 11", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.5.0.0 09", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 11-b03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0 12", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk .0 04", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 01-b06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.6" }, { "model": "jdk .0 03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0.0 08", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0.0 09", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.5.0.0 07", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 2", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 01", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 07-b03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0.0 08", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 20", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0.0 12", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "cosminexus server web edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "java se sr8 fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8" }, { "model": "linux enterprise sdk sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "trio tview software", "scope": "eq", "trust": 0.3, "vendor": "schneider electric", "version": "3.27.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.1" }, { "model": "antivirus update19", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "processing kit for xml", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.16.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.19.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr11 pf1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "enterprise linux as extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.10" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "jdk 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6" }, { "model": "nonstop server j06.08.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus studio web edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "nonstop server h06.15.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.06" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "trio tview software", "scope": "ne", "trust": 0.3, "vendor": "schneider electric", "version": "3.29.0" }, { "model": "nonstop server j06.06.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "15.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1" }, { "model": "nonstop server j06.14", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "antivirus update17", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5" }, { "model": "ucosminexus application server express", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-70" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.8" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server j06.09.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.26", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.06" }, { "model": "java se sr10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "nonstop server j06.04.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system platform sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.2" }, { "model": "nonstop server j06.13", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr13", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "linux enterprise server sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "java se sr12", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.0" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "nonstop server j06.09.04", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.2" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0.0.52" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "cosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "nonstop server h06.18.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.15.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.22.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.014" }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server j06.12.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ir", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "esx", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.5" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server j06.05.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.011" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.02" }, { "model": "nonstop server j06.08.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus server standard edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server j06.09.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "jdk update14", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "antivirus update23", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "jdk update24", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.01" }, { "model": "nonstop server j06.16", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "ucosminexus client for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "java se sr6", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "nonstop server j6.0.14.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "freeflow print server 73.c0.41", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.011" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.2" }, { "model": "enterprise linux desktop supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "010" }, { "model": "antivirus update14", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "jdk 1.5.0 11", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "ucosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "ucosminexus service platform messaging", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "antivirus update22", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "antivirus update24", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0" }, { "model": "nonstop server j06.07.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2011" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "nonstop server j06.09.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk 1.5.0.0 04", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "nonstop server j06.10.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "nonstop server j06.06.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.012" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "nonstop server h06.24.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "jdk 1.5.0.0 06", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.0" }, { "model": "nonstop server h06.25", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "messaging storage server sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.012" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.04" }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.0.2" }, { "model": "ucosminexus application server light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.15.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "freeflow print server 73.b3.61", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "linux enterprise software development kit sp1 for sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "antivirus update16", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "antivirus update18", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.04" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "virtualcenter update 6b", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "2.5" }, { "model": "java se sr12-fp5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "openjdk", "scope": "eq", "trust": 0.3, "vendor": "openjdk", "version": "6" }, { "model": "security appscan standard", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "jre 1.5.0 09", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "enterprise linux ws extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "java se sr9", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "nonstop server j06.07.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "enterprise linux es extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "jre beta", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "message networking sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux enterprise server for vmware sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "openjdk", "scope": "eq", "trust": 0.3, "vendor": "openjdk", "version": "1.6" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.010" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.013" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "nonstop server j06.08.04", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "nonstop server j06.08.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura system manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "messaging storage server sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "esx", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "enterprise server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "jdk 07", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.015" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.010" }, { "model": "nonstop server h06.15.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.24", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.013" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.018" }, { "model": "cosminexus primary server base", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.019" }, { "model": "antivirus update20", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "java se sr10", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "nonstop server h06.16.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus developer professional for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.18.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.20.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "java se sr11", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "enterprise linux hpc node optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.6" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.015" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "nonstop server j06.13.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update13", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "nonstop server h06.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.014" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.019" }, { "model": "enterprise server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "jdk 1.5.0 11-b03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "nonstop server h06.19.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "java se sr7", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "esx", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "antivirus update21", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "jdk update16", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "jdk update19", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "openpages grc platform", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.2.1" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "nonstop server h06.22.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "enterprise linux workstation optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.020" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "cosminexus studio standard edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "nonstop server h06.19.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update23", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "linux enterprise server sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.03" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.7" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.05" }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.1" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.020" }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "interactive response", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.1" }, { "model": "nonstop server j06.11.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr9-fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0" }, { "model": "nonstop server j06.15", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.03" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2011" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "2008" }, { "model": "messaging application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "update manager update", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "5.01" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.21.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "virtualcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "antivirus update25", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "nonstop server h06.20.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-80" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "cosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0" }, { "model": "messaging storage server sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "nonstop server j06.05.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "jre 07", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "nonstop server j06.07.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cms server aux", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "15.0" }, { "model": "nonstop server h06.21.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server h06.19.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk 0 09", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "linux enterprise java sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "jre 1.5.0 08", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "hirdb for java", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.2" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.10" }, { "model": "ucosminexus application server smart edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.7" }, { "model": "nonstop server j06.11.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "nonstop server h06.26.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "cosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "linux enterprise server sp1 for sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.021" }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "enterprise linux server optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "desktop extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "nonstop server j06.04.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "nonstop server j06.04.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "nonstop server j06.06.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus primary server base", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.016" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "nonstop server h06.21.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.021" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.07" }, { "model": "nonstop server j06.06.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.17.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk 1.5.0 07-b03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "jdk update25", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "jdk update21", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.016" }, { "model": "network node manager i", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.1" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.018" }, { "model": "update manager", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura system platform sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "jdk 1.6.0 01-b06", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "cosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.07" }, { "model": "nonstop server h06.20.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "nonstop server j06.10.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "enterprise linux desktop optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server h06.17.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.017" }, { "model": "enterprise linux hpc node supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "ucosminexus application server standard-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "nonstop server h06.16.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update17", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "jdk 1.5.0.0 03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.4" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "antivirus update15", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.2" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "nonstop server j06.05.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "linux enterprise java sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.017" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "jdk update22", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "java se sr1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "nonstop server h06.20.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update15", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "cosminexus developer no version", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5" }, { "model": "jdk 0 03", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "jdk update18", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "jdk update20", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "nonstop server j06.09.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0.1" }, { "model": "linux enterprise desktop sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "nonstop server h06.17.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.08.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura conferencing standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server j06.10.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "nonstop server h06.25.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.18.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus application server no version", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.27", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.05" }, { "model": "nonstop server h06.17.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.14.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.2" } ], "sources": [ { "db": "BID", "id": "50216" }, { "db": "CNNVD", "id": "CNNVD-201110-488" }, { "db": "NVD", "id": "CVE-2011-3554" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Oracle", "sources": [ { "db": "BID", "id": "50216" }, { "db": "CNNVD", "id": "CNNVD-201110-488" } ], "trust": 0.9 }, "cve": "CVE-2011-3554", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CVE-2011-3554", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.1, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2011-3554", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201110-488", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULMON", "id": "CVE-2011-3554", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3554" }, { "db": "CNNVD", "id": "CNNVD-201110-488" }, { "db": "NVD", "id": "CVE-2011-3554" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors. \nThe vulnerability can be exploited over multiple protocols. This issue affects the \u0027Java Runtime Environment\u0027 sub-component. \nThis vulnerability affects the following supported versions:\nJDK and JRE 7, 6 Update 27, 5.0 Update 31. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201111-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Oracle JRE/JDK: Multiple vulnerabilities\n Date: November 05, 2011\n Bugs: #340421, #354213, #370559, #387851\n ID: 201111-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in the Oracle JRE/JDK,\nallowing attackers to cause unspecified impact. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-java/sun-jre-bin \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n 2 app-emulation/emul-linux-x86-java\n \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n 3 dev-java/sun-jdk \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n -------------------------------------------------------------------\n NOTE: Packages marked with asterisks require manual intervention!\n -------------------------------------------------------------------\n 3 affected packages\n -------------------------------------------------------------------\n\nDescription\n===========\n\nMultiple vulnerabilities have been reported in the Oracle Java\nimplementation. \n\nImpact\n======\n\nA remote attacker could exploit these vulnerabilities to cause\nunspecified impact, possibly including remote execution of arbitrary\ncode. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Oracle JDK 1.6 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-java/sun-jdk-1.6.0.29\"\n\nAll Oracle JRE 1.6 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-java/sun-jre-bin-1.6.0.29\"\n\nAll users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to\nthe latest version:\n\n # emerge --sync\n # emerge -a -1 -v \"\u003e=app-emulation/emul-linux-x86-java-1.6.0.29\"\n\nNOTE: As Oracle has revoked the DLJ license for its Java\nimplementation, the packages can no longer be updated automatically. \nThis limitation is not present on a non-fetch restricted implementation\nsuch as dev-java/icedtea-bin. \n\nReferences\n==========\n\n[ 1 ] CVE-2010-3541\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541\n[ 2 ] CVE-2010-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548\n[ 3 ] CVE-2010-3549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549\n[ 4 ] CVE-2010-3550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550\n[ 5 ] CVE-2010-3551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551\n[ 6 ] CVE-2010-3552\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552\n[ 7 ] CVE-2010-3553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553\n[ 8 ] CVE-2010-3554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554\n[ 9 ] CVE-2010-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555\n[ 10 ] CVE-2010-3556\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556\n[ 11 ] CVE-2010-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557\n[ 12 ] CVE-2010-3558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558\n[ 13 ] CVE-2010-3559\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559\n[ 14 ] CVE-2010-3560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560\n[ 15 ] CVE-2010-3561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561\n[ 16 ] CVE-2010-3562\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562\n[ 17 ] CVE-2010-3563\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563\n[ 18 ] CVE-2010-3565\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565\n[ 19 ] CVE-2010-3566\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566\n[ 20 ] CVE-2010-3567\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567\n[ 21 ] CVE-2010-3568\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568\n[ 22 ] CVE-2010-3569\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569\n[ 23 ] CVE-2010-3570\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570\n[ 24 ] CVE-2010-3571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571\n[ 25 ] CVE-2010-3572\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572\n[ 26 ] CVE-2010-3573\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573\n[ 27 ] CVE-2010-3574\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574\n[ 28 ] CVE-2010-4422\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422\n[ 29 ] CVE-2010-4447\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447\n[ 30 ] CVE-2010-4448\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448\n[ 31 ] CVE-2010-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450\n[ 32 ] CVE-2010-4451\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451\n[ 33 ] CVE-2010-4452\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452\n[ 34 ] CVE-2010-4454\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454\n[ 35 ] CVE-2010-4462\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462\n[ 36 ] CVE-2010-4463\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463\n[ 37 ] CVE-2010-4465\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465\n[ 38 ] CVE-2010-4466\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466\n[ 39 ] CVE-2010-4467\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467\n[ 40 ] CVE-2010-4468\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468\n[ 41 ] CVE-2010-4469\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469\n[ 42 ] CVE-2010-4470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470\n[ 43 ] CVE-2010-4471\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471\n[ 44 ] CVE-2010-4472\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472\n[ 45 ] CVE-2010-4473\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473\n[ 46 ] CVE-2010-4474\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474\n[ 47 ] CVE-2010-4475\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475\n[ 48 ] CVE-2010-4476\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476\n[ 49 ] CVE-2011-0802\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802\n[ 50 ] CVE-2011-0814\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814\n[ 51 ] CVE-2011-0815\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815\n[ 52 ] CVE-2011-0862\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862\n[ 53 ] CVE-2011-0863\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863\n[ 54 ] CVE-2011-0864\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864\n[ 55 ] CVE-2011-0865\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865\n[ 56 ] CVE-2011-0867\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867\n[ 57 ] CVE-2011-0868\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868\n[ 58 ] CVE-2011-0869\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869\n[ 59 ] CVE-2011-0871\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871\n[ 60 ] CVE-2011-0872\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872\n[ 61 ] CVE-2011-0873\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873\n[ 62 ] CVE-2011-3389\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389\n[ 63 ] CVE-2011-3516\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516\n[ 64 ] CVE-2011-3521\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521\n[ 65 ] CVE-2011-3544\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544\n[ 66 ] CVE-2011-3545\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545\n[ 67 ] CVE-2011-3546\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546\n[ 68 ] CVE-2011-3547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547\n[ 69 ] CVE-2011-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548\n[ 70 ] CVE-2011-3549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549\n[ 71 ] CVE-2011-3550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550\n[ 72 ] CVE-2011-3551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551\n[ 73 ] CVE-2011-3552\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552\n[ 74 ] CVE-2011-3553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553\n[ 75 ] CVE-2011-3554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554\n[ 76 ] CVE-2011-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555\n[ 77 ] CVE-2011-3556\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556\n[ 78 ] CVE-2011-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557\n[ 79 ] CVE-2011-3558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558\n[ 80 ] CVE-2011-3560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560\n[ 81 ] CVE-2011-3561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201111-02.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nHitachi Cosminexus Products Java Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA46694\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46694/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46694\n\nRELEASE DATE:\n2011-11-08\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46694/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46694/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46694\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nHitachi has acknowledged multiple vulnerabilities in Hitachi\nCosminexus products, which can be exploited by malicious users to\ndisclose certain information and by malicious people to disclose\npotentially sensitive information, hijack a user\u0027s session, conduct\nDNS cache poisoning attacks, manipulate certain data, cause a DoS\n(Denial of Service), and compromise a vulnerable system. \n\nThe vulnerabilities are caused due to vulnerabilities in the bundled\nversion of Cosminexus Developer\u0027s Kit for Java. \n\nFor more information:\nSA46512\n\nPlease see the vendor\u0027s advisory for a list of affected products. Please see the vendor\u0027s advisory for\ndetails. \n\nORIGINAL ADVISORY:\nhttp://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-024/index.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. In a typical operating environment, these are of low security risk as\nthe runtime is not used on untrusted applets. This combines the two previous\nopenjdk-6 advisories, DSA-2311-1 and DSA-2356-1. \n\nCVE-2011-0862\n\tInteger overflow errors in the JPEG and font parser allow\n\tuntrusted code (including applets) to elevate its privileges. \n\nCVE-2011-0864\n\tHotspot, the just-in-time compiler in OpenJDK, mishandled\n\tcertain byte code instructions, allowing untrusted code\n\t(including applets) to crash the virtual machine. \n\nCVE-2011-0865\n\tA race condition in signed object deserialization could\n\tallow untrusted code to modify signed content, apparently\n\tleaving its signature intact. \n\nCVE-2011-0867\n\tUntrusted code (including applets) could access information\n\tabout network interfaces which was not intended to be public. \n\t(Note that the interface MAC address is still available to\n\tuntrusted code.)\n\nCVE-2011-0868\n\tA float-to-long conversion could overflow, , allowing\n\tuntrusted code (including applets) to crash the virtual\n\tmachine. \n\nCVE-2011-0869\n\tUntrusted code (including applets) could intercept HTTP\n\trequests by reconfiguring proxy settings through a SOAP\n\tconnection. \n\nCVE-2011-0871\n\tUntrusted code (including applets) could elevate its\n\tprivileges through the Swing MediaTracker code. \n\nCVE-2011-3521\n\tThe CORBA implementation contains a deserialization\n\tvulnerability in the IIOP implementation, allowing untrusted\n\tJava code (such as applets) to elevate its privileges. \n\nCVE-2011-3547\n\tThe skip() method in java.io.InputStream uses a shared buffer,\n\tallowing untrusted Java code (such as applets) to access data\n\tthat is skipped by other code. \n\nCVE-2011-3553\n\tJAX-WS enables stack traces for certain server responses by\n\tdefault, potentially leaking sensitive information. \n\nFor the oldstable distribution (lenny), these problems have been fixed\nin version 6b18-1.8.10-0~lenny1. \n \n IcedTea6 prior to 1.10.4 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown vectors\n related to 2D (CVE-2011-3551). \n \n IcedTea6 prior to 1.10.4 allows remote attackers to affect integrity\n via unknown vectors related to Networking (CVE-2011-3552). \n \n IcedTea6 prior to 1.10.4 allows remote authenticated users to affect\n confidentiality, related to JAXWS (CVE-2011-3553). \n \n IcedTea6 prior to 1.10.4 allows remote attackers to affect\n confidentiality, integrity, and availability, related to RMI\n (CVE-2011-3556). \n \n IcedTea6 prior to 1.10.4 allows remote attackers to affect\n confidentiality, integrity, and availability, related to RMI\n (CVE-2011-3557). \n \n Deepak Bhole discovered a flaw in the Same Origin Policy (SOP)\n implementation in the IcedTea project Web browser plugin. A\n malicious applet could use this flaw to bypass SOP protection and\n open connections to any sub-domain of the second-level domain of\n the applet\u0026#039;s origin, as well as any sub-domain of the domain that\n is the suffix of the origin second-level domain. For example,\n IcedTea-Web plugin allowed applet from some.host.example.com to\n connect to other.host.example.com, www.example.com, and example.com,\n as well as www.ample.com or ample.com. (CVE-2011-3377). The verification\n of md5 checksums and GPG signatures is performed automatically for you. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niD8DBQFOvSWxmqjQ0CJFipgRAnk1AKDUddZYCqwkfhoUpLxEL0BT3mDf0ACfbuTI\naaF2JGTyfceBABs92un/yVA=\n=yPsD\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. Further\ninformation about these flaws can be found on the Oracle Java SE Critical\nPatch page, listed in the References section. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: java-1.6.0-openjdk security update\nAdvisory ID: RHSA-2011:1380-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2011-1380.html\nIssue date: 2011-10-18\nCVE Names: CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 \n CVE-2011-3547 CVE-2011-3548 CVE-2011-3551 \n CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 \n CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 \n CVE-2011-3560 \n=====================================================================\n\n1. Summary:\n\nUpdated java-1.6.0-openjdk packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5 and 6. \n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux (v. 5 server) - i386, x86_64\nRed Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. \n\nA flaw was found in the Java RMI (Remote Method Invocation) registry\nimplementation. A remote RMI client could use this flaw to execute\narbitrary code on the RMI server running the registry. (CVE-2011-3556)\n\nA flaw was found in the Java RMI registry implementation. A remote RMI\nclient could use this flaw to execute code on the RMI server with\nunrestricted privileges. (CVE-2011-3557)\n\nA flaw was found in the IIOP (Internet Inter-Orb Protocol) deserialization\ncode. An untrusted Java application or applet running in a sandbox could\nuse this flaw to bypass sandbox restrictions by deserializing\nspecially-crafted input. (CVE-2011-3521)\n\nIt was found that the Java ScriptingEngine did not properly restrict the\nprivileges of sandboxed applications. An untrusted Java application or\napplet running in a sandbox could use this flaw to bypass sandbox\nrestrictions. (CVE-2011-3544)\n\nA flaw was found in the AWTKeyStroke implementation. An untrusted Java\napplication or applet running in a sandbox could use this flaw to bypass\nsandbox restrictions. (CVE-2011-3548)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the Java2D code used to perform transformations of graphic shapes\nand images. An untrusted Java application or applet running in a sandbox\ncould use this flaw to bypass sandbox restrictions. (CVE-2011-3551)\n\nAn insufficient error checking flaw was found in the unpacker for JAR files\nin pack200 format. A specially-crafted JAR file could use this flaw to\ncrash the Java Virtual Machine (JVM) or, possibly, execute arbitrary code\nwith JVM privileges. (CVE-2011-3554)\n\nIt was found that HttpsURLConnection did not perform SecurityManager checks\nin the setSSLSocketFactory method. An untrusted Java application or applet\nrunning in a sandbox could use this flaw to bypass connection restrictions\ndefined in the policy. (CVE-2011-3560)\n\nA flaw was found in the way the SSL 3 and TLS 1.0 protocols used block\nciphers in cipher-block chaining (CBC) mode. An attacker able to perform a\nchosen plain text attack against a connection mixing trusted and untrusted\ndata could use this flaw to recover portions of the trusted data sent over\nthe connection. (CVE-2011-3389)\n\nNote: This update mitigates the CVE-2011-3389 issue by splitting the first\napplication data record byte to a separate SSL/TLS protocol record. This\nmitigation may cause compatibility issues with some SSL/TLS implementations\nand can be disabled using the jsse.enableCBCProtection boolean property. \nThis can be done on the command line by appending the flag\n\"-Djsse.enableCBCProtection=false\" to the java command. \n\nAn information leak flaw was found in the InputStream.skip implementation. \nAn untrusted Java application or applet could possibly use this flaw to\nobtain bytes skipped by other threads. (CVE-2011-3547)\n\nA flaw was found in the Java HotSpot virtual machine. An untrusted Java\napplication or applet could use this flaw to disclose portions of the VM\nmemory, or cause it to crash. (CVE-2011-3558)\n\nThe Java API for XML Web Services (JAX-WS) implementation in OpenJDK was\nconfigured to include the stack trace in error messages sent to clients. A\nremote client could possibly use this flaw to obtain sensitive information. \n(CVE-2011-3553)\n\nIt was found that Java applications running with SecurityManager\nrestrictions were allowed to use too many UDP sockets by default. If\nmultiple instances of a malicious application were started at the same\ntime, they could exhaust all available UDP sockets on the system. \n(CVE-2011-3552)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.9.10. Refer to\nthe NEWS file, linked to in the References, for further information. \n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)\n745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936)\n745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600)\n745391 - CVE-2011-3551 OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640)\n745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417)\n745399 - CVE-2011-3544 OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823)\n745442 - CVE-2011-3521 OpenJDK: IIOP deserialization code execution (Deserialization, 7055902)\n745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857)\n745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466)\n745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012)\n745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773)\n745476 - CVE-2011-3553 OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794)\n745492 - CVE-2011-3558 OpenJDK: Hotspot unspecified issue (Hotspot, 7070134)\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm\n\ni386:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm\n\ni386:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm\n\ni386:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3389.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3521.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3544.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3547.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3548.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3551.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3552.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3553.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3554.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3556.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3557.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3558.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3560.html\nhttps://access.redhat.com/security/updates/classification/#critical\nhttp://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html\nhttp://icedtea.classpath.org/hg/release/icedtea6-1.9/file/328afd896e3e/NEWS\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2011 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFOngvzXlSAg2UNWIIRArb8AKCaS923HYBco1E2eOOedT1aefjmyACgherU\n1E1DMZpv3ExBmKhD4Emi2no=\n=sMXo\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2011-3554" }, { "db": "BID", "id": "50216" }, { "db": "VULMON", "id": "CVE-2011-3554" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "107305" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "123734" }, { "db": "PACKETSTORM", "id": "107532" }, { "db": "PACKETSTORM", "id": "106868" }, { "db": "PACKETSTORM", "id": "105998" }, { "db": "PACKETSTORM", "id": "105967" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-3554", "trust": 2.7 }, { "db": "BID", "id": "50216", "trust": 2.0 }, { "db": "SECUNIA", "id": "48308", "trust": 1.1 }, { "db": "SECUNIA", "id": "48692", "trust": 1.1 }, { "db": "OSVDB", "id": "76498", "trust": 1.1 }, { "db": "SECTRACK", "id": "1026215", "trust": 1.0 }, { "db": "NSFOCUS", "id": "19032", "trust": 0.6 }, { "db": "NSFOCUS", "id": "19819", "trust": 0.6 }, { "db": "NSFOCUS", "id": "18003", "trust": 0.6 }, { "db": "NSFOCUS", "id": "19096", "trust": 0.6 }, { "db": "NSFOCUS", "id": "20539", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201110-488", "trust": 0.6 }, { "db": "HITACHI", "id": "HS11-024", "trust": 0.4 }, { "db": "ICS CERT", "id": "ICSA-17-213-02", "trust": 0.3 }, { "db": "SECUNIA", "id": "46694", "trust": 0.2 }, { "db": "VULMON", "id": "CVE-2011-3554", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106640", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "107305", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106747", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "123734", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "107532", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106868", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "105998", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "105967", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3554" }, { "db": "BID", "id": "50216" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "107305" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "123734" }, { "db": "PACKETSTORM", "id": "107532" }, { "db": "PACKETSTORM", "id": "106868" }, { "db": "PACKETSTORM", "id": "105998" }, { "db": "PACKETSTORM", "id": "105967" }, { "db": "CNNVD", "id": "CNNVD-201110-488" }, { "db": "NVD", "id": "CVE-2011-3554" } ] }, "id": "VAR-201110-0385", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 1.0 }, "last_update_date": "2024-09-19T20:22:25.393000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Red Hat: Critical: java-1.5.0-ibm security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20111478 - Security Advisory" }, { "title": "Red Hat: Critical: java-1.6.0-ibm security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120034 - Security Advisory" }, { "title": "Ubuntu Security Notice: openjdk-6, openjdk-6b18 regression", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1263-2" }, { "title": "Ubuntu Security Notice: icedtea-web, openjdk-6, openjdk-6b18 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1263-1" }, { "title": "Debian Security Advisories: DSA-2356-1 openjdk-6 -- several vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a48d7ee302b835c97c950b74a371fcfe" }, { "title": "Amazon Linux AMI: ALAS-2011-010", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2011-010" }, { "title": "Red Hat: Low: Red Hat Network Satellite server IBM Java Runtime security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20131455 - Security Advisory" } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3554" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2011-3554" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" }, { "trust": 1.8, "url": "http://www.securityfocus.com/bid/50216" }, { "trust": 1.8, "url": "http://www.ibm.com/developerworks/java/jdk/alerts/" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2013-1455.html" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2011-1384.html" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2011-1478.html" }, { "trust": 1.1, "url": "http://osvdb.org/76498" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id?1026215" }, { "trust": 1.1, "url": "http://secunia.com/advisories/48692" }, { "trust": 1.1, "url": "http://www.ubuntu.com/usn/usn-1263-1" }, { "trust": 1.1, "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2" }, { "trust": 1.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70839" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14524" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2" }, { "trust": 1.1, "url": "http://secunia.com/advisories/48308" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3554" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3552" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3556" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3548" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3547" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/18003" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/19096" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/19032" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/19819" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/20539" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3521" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3553" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3389" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3551" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3560" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3544" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3557" }, { "trust": 0.4, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs11-024/index.html" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2011-3547.html" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2011-3548.html" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2011-3554.html" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2011-3556.html" }, { "trust": 0.4, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.4, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2011-3552.html" }, { "trust": 0.4, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.4, "url": "http://bugzilla.redhat.com/):" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-213-02" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100151219" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100150852" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100154049" }, { "trust": 0.3, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03358587" }, { "trust": 0.3, "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?docid=emr_na-c03909126-1\u0026ac.admitted=1378134276525.876444892.492883150" }, { "trust": 0.3, "url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03266681\u0026ac.admitted=1333452464452.876444892.492883150" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643845" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21641966" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21609004" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21609022" }, { "trust": 0.3, "url": "http://lists.vmware.com/pipermail/security-announce/2012/000162.html" }, { "trust": 0.3, "url": "http://www.vmware.com/security/advisories/vmsa-2012-0005.html" }, { "trust": 0.3, "url": "http://www.xerox.com/download/security/security-bulletin/1284333-14afb-4baadb5bccb00/cert_xrx12-002_v1.1.pdf" }, { "trust": 0.3, "url": "https://access.redhat.com/kb/docs/doc-11259" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3549" }, { "trust": 0.3, "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3549.html" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3545" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3545.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3551.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3389.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3521.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3553.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3544.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3560.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3557.html" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3558" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3546" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3561.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0862" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3516.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3516" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3561" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0867" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0869" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3550" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0865" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3546.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3550.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0871" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0868" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3558.html" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2011:1478" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/1263-2/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4474" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3565" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0814" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3563" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3570" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0864" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3553" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4451" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3516" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3557" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3550" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0865" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4471" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3550" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3557" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3562" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3567" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3556" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3550" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4447" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4476" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3549" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3554" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3563" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0862" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4466" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3568" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4467" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3567" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4465" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4472" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3556" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0863" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3568" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3548" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3558" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3566" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3549" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3562" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3556" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3573" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3552" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4462" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4469" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4448" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3521" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3546" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3569" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3559" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0871" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0815" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3561" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3554" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4475" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3569" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3559" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3573" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3549" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3565" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0872" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3552" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3554" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3552" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4470" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4422" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3553" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0867" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4468" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3551" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4463" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3544" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3570" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3545" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3547" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0869" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3566" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4452" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0802" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3551" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4422" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3553" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4473" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3558" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201111-02.xml" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0873" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0868" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4454" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3389" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3551" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3557" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2011-1478.html" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46694/#comments" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/products/corporate/vim/ovum_2011_request/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46694" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46694/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2468.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0873.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1540.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1476.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2463.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2446.html" }, { "trust": 0.1, "url": "https://access.redhat.com/site/articles/11258" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1500.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0428.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1480.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2419.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3563.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0401.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2444.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0425.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2454.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5089.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1722.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5079.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0497.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0500.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0419.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2422.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1721.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5081.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0409.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5071.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0863.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0423.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1532.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3216.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5069.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0499.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0867.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5084.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0443.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0507.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2451.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0809.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1487.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0351.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0814.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-4820.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0503.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0427.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0433.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1493.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1569.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5073.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-4823.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2435.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2456.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-3743.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#low" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2407.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0871.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2470.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5068.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1541.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0868.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-4822.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0873" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3159.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1557.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5075.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2471.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2429.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2443.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1713.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3213.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0441.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2457.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2412.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5072.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1718.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0432.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0446.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1481.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1537.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1717.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1531.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2432.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2447.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0802.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2452.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0865.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0450.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1491.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2464.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0862.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1571.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2383.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2418.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1473.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0547.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1563.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2465.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2472.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2466.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2424.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2453.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2473.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2433.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2437.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1716.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0506.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5083.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0501.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1533.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3342.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0426.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2450.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3143.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0440.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1725.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0502.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2417.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0445.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2394.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2455.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0498.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1682.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2442.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2459.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2430.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0442.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0551.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0424.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0869.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2448.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0863" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1719.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1486.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-5035.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2384.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0169.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0505.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2469.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0438.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1478.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0435.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0434.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0802" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0814" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2420.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2440.html" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0864" }, { "trust": 0.1, "url": "http://www.debian.org/security/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3377" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3556" }, { "trust": 0.1, "url": "http://secunia.com/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3552" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3558" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3560" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3553" }, { "trust": 0.1, "url": "https://www.ample.com" }, { "trust": 0.1, "url": "https://www.example.com," }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3389" }, { "trust": 0.1, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3557" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3554" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/advisories" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3551" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3377" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3544" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3521" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3548" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3547" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3555" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2011-1384.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3555.html" }, { "trust": 0.1, "url": "http://icedtea.classpath.org/hg/release/icedtea6-1.9/file/328afd896e3e/news" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2011-1380.html" } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3554" }, { "db": "BID", "id": "50216" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "107305" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "123734" }, { "db": "PACKETSTORM", "id": "107532" }, { "db": "PACKETSTORM", "id": "106868" }, { "db": "PACKETSTORM", "id": "105998" }, { "db": "PACKETSTORM", "id": "105967" }, { "db": "CNNVD", "id": "CNNVD-201110-488" }, { "db": "NVD", "id": "CVE-2011-3554" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2011-3554" }, { "db": "BID", "id": "50216" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "107305" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "123734" }, { "db": "PACKETSTORM", "id": "107532" }, { "db": "PACKETSTORM", "id": "106868" }, { "db": "PACKETSTORM", "id": "105998" }, { "db": "PACKETSTORM", "id": "105967" }, { "db": "CNNVD", "id": "CNNVD-201110-488" }, { "db": "NVD", "id": "CVE-2011-3554" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-10-19T00:00:00", "db": "VULMON", "id": "CVE-2011-3554" }, { "date": "2011-10-18T00:00:00", "db": "BID", "id": "50216" }, { "date": "2011-11-06T01:01:42", "db": "PACKETSTORM", "id": "106640" }, { "date": "2011-11-24T19:22:00", "db": "PACKETSTORM", "id": "107305" }, { "date": "2011-11-08T04:55:18", "db": "PACKETSTORM", "id": "106747" }, { "date": "2013-10-23T22:57:57", "db": "PACKETSTORM", "id": "123734" }, { "date": "2011-12-05T14:44:00", "db": "PACKETSTORM", "id": "107532" }, { "date": "2011-11-12T00:06:50", "db": "PACKETSTORM", "id": "106868" }, { "date": "2011-10-19T22:54:10", "db": "PACKETSTORM", "id": "105998" }, { "date": "2011-10-19T00:58:21", "db": "PACKETSTORM", "id": "105967" }, { "date": "1900-01-01T00:00:00", "db": "CNNVD", "id": "CNNVD-201110-488" }, { "date": "2011-10-19T21:55:01.517000", "db": "NVD", "id": "CVE-2011-3554" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-01-06T00:00:00", "db": "VULMON", "id": "CVE-2011-3554" }, { "date": "2017-08-02T18:09:00", "db": "BID", "id": "50216" }, { "date": "2012-11-02T00:00:00", "db": "CNNVD", "id": "CNNVD-201110-488" }, { "date": "2018-01-06T02:29:20.597000", "db": "NVD", "id": "CVE-2011-3554" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "106868" }, { "db": "PACKETSTORM", "id": "105967" }, { "db": "CNNVD", "id": "CNNVD-201110-488" } ], "trust": 0.8 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Oracle \u2018 Java Runtime Environment \u0027Component security vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-201110-488" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-201110-488" } ], "trust": 0.6 } }
var-201011-0251
Vulnerability from variot
Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography. Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o). OpenSSL is prone to a heap-based buffer-overflow vulnerability because the library fails to properly perform bounds-checks on user-supplied input before copying it to an insufficiently sized memory buffer. Successfully exploiting this issue may allow attackers to execute arbitrary code in the context of applications that use the affected library, but this has not been confirmed. Failed exploit attempts may crash applications, denying service to legitimate users. OpenSSL 0.9.8f to 0.9.8o, 1.0.0, and 1.0.0a are vulnerable. NOTE: This issue affects servers which are multi-threaded and use OpenSSL's internal caching mechanism. Multi-processed servers or servers with disabled internal caching (like Apache HTTP server and Stunnel) are not affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
VMware Security Advisory
Advisory ID: VMSA-2011-0003 Synopsis: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX Issue date: 2011-02-10 Updated on: 2011-02-10 (initial release of advisory) CVE numbers: --- Apache Tomcat --- CVE-2009-2693 CVE-2009-2901 CVE-2009-2902 CVE-2009-3548 CVE-2010-2227 CVE-2010-1157 --- Apache Tomcat Manager --- CVE-2010-2928 --- cURL --- CVE-2010-0734 --- COS Kernel --- CVE-2010-1084 CVE-2010-2066 CVE-2010-2070 CVE-2010-2226 CVE-2010-2248 CVE-2010-2521 CVE-2010-2524 CVE-2010-0008 CVE-2010-0415 CVE-2010-0437 CVE-2009-4308 CVE-2010-0003 CVE-2010-0007 CVE-2010-0307 CVE-2010-1086 CVE-2010-0410 CVE-2010-0730 CVE-2010-1085 CVE-2010-0291 CVE-2010-0622 CVE-2010-1087 CVE-2010-1173 CVE-2010-1437 CVE-2010-1088 CVE-2010-1187 CVE-2010-1436 CVE-2010-1641 CVE-2010-3081 --- Microsoft SQL Express --- CVE-2008-5416 CVE-2008-0085 CVE-2008-0086 CVE-2008-0107 CVE-2008-0106 --- OpenSSL --- CVE-2010-0740 CVE-2010-0433 CVE-2010-3864 CVE-2010-2939 --- Oracle (Sun) JRE --- CVE-2009-3555 CVE-2010-0082 CVE-2010-0084 CVE-2010-0085 CVE-2010-0087 CVE-2010-0088 CVE-2010-0089 CVE-2010-0090 CVE-2010-0091 CVE-2010-0092 CVE-2010-0093 CVE-2010-0094 CVE-2010-0095 CVE-2010-0837 CVE-2010-0838 CVE-2010-0839 CVE-2010-0840 CVE-2010-0841 CVE-2010-0842 CVE-2010-0843 CVE-2010-0844 CVE-2010-0845 CVE-2010-0846 CVE-2010-0847 CVE-2010-0848 CVE-2010-0849 CVE-2010-0850 CVE-2010-0886 CVE-2010-3556 CVE-2010-3566 CVE-2010-3567 CVE-2010-3550 CVE-2010-3561 CVE-2010-3573 CVE-2010-3565 CVE-2010-3568 CVE-2010-3569 CVE-2010-1321 CVE-2010-3548 CVE-2010-3551 CVE-2010-3562 CVE-2010-3571 CVE-2010-3554 CVE-2010-3559 CVE-2010-3572 CVE-2010-3553 CVE-2010-3549 CVE-2010-3557 CVE-2010-3541 CVE-2010-3574 --- pam_krb5 --- CVE-2008-3825 CVE-2009-1384
- Summary
Update 1 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere Hypervisor (ESXi) 4.1, ESXi 4.1, addresses several security issues.
- Relevant releases
vCenter Server 4.1 without Update 1,
vCenter Update Manager 4.1 without Update 1,
ESXi 4.1 without patch ESXi410-201101201-SG,
ESX 4.1 without patch ESX410-201101201-SG.
- Problem Description
a. vCenter Server and vCenter Update Manager update Microsoft SQL Server 2005 Express Edition to Service Pack 3
Microsoft SQL Server 2005 Express Edition (SQL Express)
distributed with vCenter Server 4.1 Update 1 and vCenter Update
Manager 4.1 Update 1 is upgraded from SQL Express Service Pack 2
to SQL Express Service Pack 3, to address multiple security
issues that exist in the earlier releases of Microsoft SQL Express.
Customers using other database solutions need not update for
these issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2008-5416, CVE-2008-0085, CVE-2008-0086,
CVE-2008-0107 and CVE-2008-0106 to the issues addressed in MS SQL
Express Service Pack 3.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 4.1 Windows Update 1
vCenter 4.0 Windows affected, patch pending
VirtualCenter 2.5 Windows affected, no patch planned
Update Manager 4.1 Windows Update 1
Update Manager 4.0 Windows affected, patch pending
Update Manager 1.0 Windows affected, no patch planned
hosted * any any not affected
ESXi any ESXi not affected
ESX any ESX not affected
- Hosted products are VMware Workstation, Player, ACE, Fusion.
b. vCenter Apache Tomcat Management Application Credential Disclosure
The Apache Tomcat Manager application configuration file contains
logon credentials that can be read by unprivileged local users.
The issue is resolved by removing the Manager application in
vCenter 4.1 Update 1.
If vCenter 4.1 is updated to vCenter 4.1 Update 1 the logon
credentials are not present in the configuration file after the
update.
VMware would like to thank Claudio Criscione of Secure Networking
for reporting this issue to us.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2010-2928 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 4.1 Windows Update 1
vCenter 4.0 Windows not affected
VirtualCenter 2.5 Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX any ESX not affected
- hosted products are VMware Workstation, Player, ACE, Fusion.
c. vCenter Server and ESX, Oracle (Sun) JRE is updated to version 1.6.0_21
Oracle (Sun) JRE update to version 1.6.0_21, which addresses
multiple security issues that existed in earlier releases of
Oracle (Sun) JRE.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following names to the security issues fixed in
Oracle (Sun) JRE 1.6.0_19: CVE-2009-3555, CVE-2010-0082,
CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088,
CVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092,
CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837,
CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841,
CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845,
CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849,
CVE-2010-0850.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following name to the security issue fixed in
Oracle (Sun) JRE 1.6.0_20: CVE-2010-0886.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 4.1 Windows Update 1
vCenter 4.0 Windows not applicable **
VirtualCenter 2.5 Windows not applicable **
Update Manager 4.1 Windows not applicable **
Update Manager 4.0 Windows not applicable **
Update Manager 1.0 Windows not applicable **
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201101201-SG
ESX 4.0 ESX not applicable **
ESX 3.5 ESX not applicable **
ESX 3.0.3 ESX not applicable **
- hosted products are VMware Workstation, Player, ACE, Fusion. ** this product uses the Oracle (Sun) JRE 1.5.0 family
d. vCenter Update Manager Oracle (Sun) JRE is updated to version 1.5.0_26
Oracle (Sun) JRE update to version 1.5.0_26, which addresses
multiple security issues that existed in earlier releases of
Oracle (Sun) JRE.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following names to the security issues fixed in
Oracle (Sun) JRE 1.5.0_26: CVE-2010-3556, CVE-2010-3566,
CVE-2010-3567, CVE-2010-3550, CVE-2010-3561, CVE-2010-3573,
CVE-2010-3565,CVE-2010-3568, CVE-2010-3569, CVE-2009-3555,
CVE-2010-1321, CVE-2010-3548, CVE-2010-3551, CVE-2010-3562,
CVE-2010-3571, CVE-2010-3554, CVE-2010-3559, CVE-2010-3572,
CVE-2010-3553, CVE-2010-3549, CVE-2010-3557, CVE-2010-3541,
CVE-2010-3574.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 4.1 Windows not applicable **
vCenter 4.0 Windows affected, patch pending
VirtualCenter 2.5 Windows affected, no patch planned
Update Manager 4.1 Windows Update 1
Update Manager 4.0 Windows affected, patch pending
Update Manager 1.0 Windows affected, no patch planned
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX not applicable **
ESX 4.0 ESX affected, patch pending
ESX 3.5 ESX affected, no patch planned
ESX 3.0.3 ESX affected, no patch planned
- hosted products are VMware Workstation, Player, ACE, Fusion. ** this product uses the Oracle (Sun) JRE 1.6.0 family
e. vCenter Server and ESX Apache Tomcat updated to version 6.0.28
Apache Tomcat updated to version 6.0.28, which addresses multiple
security issues that existed in earlier releases of Apache Tomcat
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following names to the security issues fixed in
Apache Tomcat 6.0.24: CVE-2009-2693, CVE-2009-2901, CVE-2009-2902,i
and CVE-2009-3548.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following names to the security issues fixed in
Apache Tomcat 6.0.28: CVE-2010-2227, CVE-2010-1157.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 4.1 Windows Update 1
vCenter 4.0 Windows affected, patch pending
VirtualCenter 2.5 Windows not applicable **
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201101201-SG
ESX 4.0 ESX affected, patch pending
ESX 3.5 ESX not applicable **
ESX 3.0.3 ESX not applicable **
- hosted products are VMware Workstation, Player, ACE, Fusion. ** this product uses the Apache Tomcat 5.5 family
f. vCenter Server third party component OpenSSL updated to version 0.9.8n
The version of the OpenSSL library in vCenter Server is updated to
0.9.8n.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-0740 and CVE-2010-0433 to the
issues addressed in this version of OpenSSL.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 4.1 Windows Update 1
vCenter 4.0 Windows affected, patch pending
VirtualCenter 2.5 Windows affected, no patch planned
hosted * any any not applicable
ESXi any ESXi not applicable
ESX any ESX not applicable
- hosted products are VMware Workstation, Player, ACE, Fusion.
g. ESX third party component OpenSSL updated to version 0.9.8p
The version of the ESX OpenSSL library is updated to 0.9.8p.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-3864 and CVE-2010-2939 to the
issues addressed in this update.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not applicable
hosted * any any not applicable
ESXi 4.1 ESXi ESXi410-201101201-SG
ESXi 4.0 ESXi affected, patch pending
ESXi 3.5 ESXi affected, patch pending
ESX 4.1 ESX ESX410-201101201-SG
ESX 4.0 ESX affected, patch pending
ESX 3.5 ESX affected, patch pending
ESX 3.0.3 ESX affected, patch pending
- hosted products are VMware Workstation, Player, ACE, Fusion.
h. ESXi third party component cURL updated
The version of cURL library in ESXi is updated.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-0734 to the issues addressed in
this update.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi 4.1 ESXi ESXi410-201101201-SG
ESXi 4.0 ESXi affected, patch pending
ESXi 3.5 ESXi affected, patch pending
ESX any ESX not applicable
- hosted products are VMware Workstation, Player, ACE, Fusion.
i. ESX third party component pam_krb5 updated
The version of pam_krb5 library is updated.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2008-3825 and CVE-2009-1384 to the
issues addressed in the update.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201101201-SG
ESX 4.0 ESX not affected
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
- hosted products are VMware Workstation, Player, ACE, Fusion.
j. ESX third party update for Service Console kernel
The Service Console kernel is updated to include kernel version
2.6.18-194.11.1.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-1084, CVE-2010-2066, CVE-2010-2070,
CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, CVE-2010-2524,
CVE-2010-0008, CVE-2010-0415, CVE-2010-0437, CVE-2009-4308,
CVE-2010-0003, CVE-2010-0007, CVE-2010-0307, CVE-2010-1086,
CVE-2010-0410, CVE-2010-0730, CVE-2010-1085, CVE-2010-0291,
CVE-2010-0622, CVE-2010-1087, CVE-2010-1173, CVE-2010-1437,
CVE-2010-1088, CVE-2010-1187, CVE-2010-1436, CVE-2010-1641, and
CVE-2010-3081 to the issues addressed in the update.
Note: This update also addresses the 64-bit compatibility mode
stack pointer underflow issue identified by CVE-2010-3081. This
issue was patched in an ESX 4.1 patch prior to the release of
ESX 4.1 Update 1.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201101201-SG
ESX 4.0 ESX affected, patch pending
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
-
hosted products are VMware Workstation, Player, ACE, Fusion.
-
Solution
Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
VMware vCenter Server 4.1 Update 1 and modules
http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0 Release Notes: http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html
File type: .iso md5sum: 729cf247aa5d33ceec431c86377eee1a sha1sum: c1e10a5fcbc1ae9d13348d43541d574c563d66f0
File type: .zip md5sum: fd1441bef48a153f2807f6823790e2f0 sha1sum: 31737a816ed1c08ab3a505fb6db2483f49ad7c19
VMware vSphere Client File type: .exe md5sum: cb6aa91ada1289575355d79e8c2a9f8e sha1sum: f9e3d8eb83196ae7c31aab554e344a46b722b1e4
ESXi 4.1 Installable Update 1
http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0 Release Notes:
http://downloads.vmware.com/support/vsphere4/doc/vsp_esxi41_u1_rel_notes.html http://kb.vmware.com/kb/1027919
File type: .iso MD5SUM: d68d6c2e040a87cd04cd18c04c22c998 SHA1SUM: bbaacc0d34503822c14f6ccfefb6a5b62d18ae64
ESXi 4.1 Update 1 (upgrade ZIP from ESXi 4.1) File type: .zip MD5SUM: 2f1e009c046b20042fae3b7ca42a840f SHA1SUM: 1c9c644012dec657a705ddd3d033cbfb87a1fab1
ESXi 4.1 Update 1 (upgrade ZIP from ESXi 4.0) File type: .zip MD5SUM: 67b924618d196dafaf268a7691bd1a0f SHA1SUM: 9d74b639e703259d9e49c0341158e0d4e45de516
ESXi 4.1 Update 1 (upgrade ZIP from ESXi 3.5) File type: .zip MD5SUM: a6024b9f6c6b7b2c629696afc6d07cf4 SHA1SUM: b3841de1a30617ac68d5a861882aa72de3a93488
VMware Tools CD image for Linux Guest OSes File type: .iso MD5SUM: dad66fa8ece1dd121c302f45444daa70 SHA1SUM: 56535a2cfa7799607356c6fd0a7d9f041da614af
VMware vSphere Client File type: .exe MD5SUM: cb6aa91ada1289575355d79e8c2a9f8e SHA1SUM: f9e3d8eb83196ae7c31aab554e344a46b722b1e4
ESXi Installable Update 1 contains the following security bulletins: ESXi410-201101201-SG.
ESX 4.1 Update 1
http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0 Release Notes:
http://downloads.vmware.com/support/vsphere4/doc/vsp_esx41_u1_rel_notes.html http://kb.vmware.com/kb/1029353
ESX 4.1 Update 1 (DVD ISO) File type: .iso md5sum: b9a275b419a20c7bedf31c0bf64f504e sha1sum: 2d85edcaca8218013585e1eab00bc80db6d96e11
ESX 4.1 Update 1 (upgrade ZIP from ESX 4.1) File type: .zip md5sum: 2d81a87e994aa2b329036f11d90b4c14 sha1sum: c2bfc0cf7ac03d24afd5049ddbd09a865aad1798
Pre-upgrade package for ESX 4.0 to ESX 4.1 Update 1 File type: .zip md5sum: 75f8cebfd55d8a81deb57c27def963c2 sha1sum: 889c15aa8008fe0e29439d0ab3468c2beb1c4fe2
ESX 4.1 Update 1 (upgrade ZIP from ESX 4.0) File type: .zip md5sum: 1dc9035cd10e7e60d27e7a7aef57b4c2 sha1sum: e6d3fb65d83a3e263d0f634a3572025854ff8922
VMware Tools CD image for Linux Guest OSes File type: .iso md5sum: dad66fa8ece1dd121c302f45444daa70 sha1sum: 56535a2cfa7799607356c6fd0a7d9f041da614af
VMware vSphere Client File type: .exe md5sum: cb6aa91ada1289575355d79e8c2a9f8e sha1sum: f9e3d8eb83196ae7c31aab554e344a46b722b1e4
ESX410-Update01 contains the following security bulletins: ESX410-201101201-SG (COS kernel, pam_krb5, cURL, OpenSSL, Apache Tomcat, Oracle (Sun) JRE) | http://kb.vmware.com/kb/1027904 ESX410-201101226-SG (glibc) | http://kb.vmware.com/kb/1031330
ESX410-Update01 also contains the following non-security bulletins ESX410-201101211-UG, ESX410-201101213-UG, ESX410-201101215-UG, ESX410-201101202-UG, ESX410-201101203-UG, ESX410-201101204-UG, ESX410-201101206-UG, ESX410-201101207-UG, ESX410-201101208-UG, ESX410-201101214-UG, ESX410-201101216-UG, ESX410-201101217-UG, ESX410-201101218-UG, ESX410-201101219-UG, ESX410-201101220-UG, ESX410-201101221-UG, ESX410-201101222-UG, ESX410-201101225-UG.
To install an individual bulletin use esxupdate with the -b option.
- References
CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0085 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0086 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0107 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0106 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2928 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0082 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0084 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0085 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0087 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0088 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0089 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0090 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0091 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0092 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0093 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0837 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0838 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0839 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0840 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0842 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0843 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0844 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0845 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0846 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0848 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0849 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0850 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0886 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2693 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2901 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2902 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1157 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0740 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0433 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3864 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2939 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0734 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3825 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1084 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2066 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2070 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2226 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2521 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2524 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0008 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0437 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4308 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0003 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0007 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0307 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1086 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0410 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0730 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1085 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0291 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0622 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1087 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1173 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1437 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1088 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1436 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1641 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3081 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3556 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3550 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3561 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3573 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3565 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3568 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3548 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3551 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3562 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3554 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3559 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3553 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3549 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3557 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3541 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3574
- Change log
2011-02-10 VMSA-2011-0003 Initial security advisory in conjunction with the release of vCenter Server 4.1 Update 1, vCenter Update Manager 4.1 Update 1, ESXi 4.1 Update 1, and ESX 4.1 Update 1 on 2011-02-10.
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
- security-announce at lists.vmware.com
- bugtraq at securityfocus.com
- full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories http://www.vmware.com/security/advisories
VMware security response policy http://www.vmware.com/support/policies/security_response.html
General support life cycle policy http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html
Copyright 2011 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32)
iEYEARECAAYFAk1U1eoACgkQS2KysvBH1xm3swCfeh4sWvPOubDT1K7QlRj3SjW9 dxYAmwbNLMR9IG/rKZDYh9hqcf4IldCX =2pVj -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02824483 Version: 1
HPSBOV02670 SSRT100475 rev.1 - HP OpenVMS running SSL, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-05-05 Last Updated: 2011-05-05
Potential Security Impact: Remote Denial of Service (DoS), Unauthorized disclosure of information, unauthorized modification
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential vulnerabilities have been identified with HP OpenVMS running SSL. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS) or unauthorized disclosure of information, or by a remote unauthorized user to modify data, prompts, or responses.
References: CVE-2011-0014, CVE-2010-4180, CVE-2010-4252, CVE-2010-3864
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP SSL for OpenVMS v 1.4 and earlier.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2011-0014 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-4180 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2010-4252 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-3864 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following software updates available to resolve these vulnerabilities.
HP SSL V1.4-453 for OpenVMS Alpha and OpenVMS Integrity servers: http://h71000.www7.hp.com/openvms/products/ssl/ssl.html
HISTORY Version:1 (rev.1) - 5 May 2011 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2011 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-01
http://security.gentoo.org/
Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 09, 2011 Bugs: #303739, #308011, #322575, #332027, #345767, #347623, #354139, #382069 ID: 201110-01
Synopsis
Multiple vulnerabilities were found in OpenSSL, allowing for the execution of arbitrary code and other attacks.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/openssl < 1.0.0e >= 1.0.0e
Description
Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.
Impact
A context-dependent attacker could cause a Denial of Service, possibly execute arbitrary code, bypass intended key requirements, force the downgrade to unintended ciphers, bypass the need for knowledge of shared secrets and successfully authenticate, bypass CRL validation, or obtain sensitive information in applications that use OpenSSL.
Resolution
All OpenSSL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.0e"
NOTE: This is a legacy GLSA. Updates for all affected architectures are available since September 17, 2011. It is likely that your system is already no longer affected by most of these issues.
References
[ 1 ] CVE-2009-3245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3245 [ 2 ] CVE-2009-4355 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4355 [ 3 ] CVE-2010-0433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0433 [ 4 ] CVE-2010-0740 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0740 [ 5 ] CVE-2010-0742 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0742 [ 6 ] CVE-2010-1633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1633 [ 7 ] CVE-2010-2939 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2939 [ 8 ] CVE-2010-3864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3864 [ 9 ] CVE-2010-4180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4180 [ 10 ] CVE-2010-4252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4252 [ 11 ] CVE-2011-0014 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0014 [ 12 ] CVE-2011-3207 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3207 [ 13 ] CVE-2011-3210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3210
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201110-01.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debian Security Advisory DSA-2125-1 security@debian.org http://www.debian.org/security/ Stefan Fritsch November 22, 2010 http://www.debian.org/security/faq
Package : openssl Vulnerability : buffer overflow Problem type : remote Debian-specific: no Debian Bug : 603709 CVE Id(s) : CVE-2010-3864
A flaw has been found in the OpenSSL TLS server extension code parsing which on affected servers can be exploited in a buffer overrun attack.
This upgrade fixes this issue. After the upgrade, any services using the openssl libraries need to be restarted. The checkrestart script from the debian-goodies package or lsof can help to find out which services need to be restarted.
A note to users of the tor packages from the Debian backports or Debian volatile: This openssl update causes problems with some versions of tor. You need to update to tor 0.2.1.26-4~bpo50+1 or 0.2.1.26-1~lennyvolatile2, respectively. The tor package version 0.2.0.35-1~lenny2 from Debian stable is not affected by these problems.
For the stable distribution (lenny), the problem has been fixed in openssl version 0.9.8g-15+lenny9.
For the testing distribution (squeeze) and the unstable distribution (sid), this problem has been fixed in version 0.9.8o-3.
We recommend that you upgrade your openssl packages.
Upgrade instructions
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny (stable)
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g.orig.tar.gz Size/MD5 checksum: 3354792 acf70a16359bf3658bdfb74bda1c4419 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9.dsc Size/MD5 checksum: 1973 1efb69f23999507bf2e74f5b848744af http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9.diff.gz Size/MD5 checksum: 60451 9aba44ed40b0c9c8ec82bd6cd33c44b8
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_alpha.deb Size/MD5 checksum: 2583248 3b3f0cbec4ec28eb310466237648db8f http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_alpha.deb Size/MD5 checksum: 1028998 79fe8cdd601aecd9f956033a04fb8da5 http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_alpha.udeb Size/MD5 checksum: 722114 a388304bf86381229c306e79a5e85bf8 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_alpha.deb Size/MD5 checksum: 2814160 e0f6fc697f5e9c87b44aa15eb58c3ea8 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_alpha.deb Size/MD5 checksum: 4369318 c3cf8c7ec27f86563c34f45e986e17c4
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_amd64.deb Size/MD5 checksum: 975850 778916e8b0df8e216121cd5185d7ca43 http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_amd64.deb Size/MD5 checksum: 2243180 ff6a898ccd6fb49d5fbec9f4bd3cb6da http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_amd64.udeb Size/MD5 checksum: 638414 9ea111d66ac5f394d35fb69defa5dd27 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_amd64.deb Size/MD5 checksum: 1627632 9f08e1da5cf9279cee4700e89dc6ee6d http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_amd64.deb Size/MD5 checksum: 1043320 9ada82a7417c0d714a38c3a7184c2401
arm architecture (ARM)
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_arm.udeb Size/MD5 checksum: 536038 a9c90bb3ad326fa43c1285c1768df046 http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_arm.deb Size/MD5 checksum: 2087048 bded4e624fcf0791ae0885aa18d99123 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_arm.deb Size/MD5 checksum: 1028894 20784774078f02ef7e9db2ddbd7d5548 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_arm.deb Size/MD5 checksum: 1490666 700c80efddb108b3e2a65373cc10dcc8 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_arm.deb Size/MD5 checksum: 844426 4cad5651a6d37ab19fb80b05a423598d
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_armel.deb Size/MD5 checksum: 1029206 6c6c35731ecacfc0280520097ee183d4 http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_armel.udeb Size/MD5 checksum: 540780 3b9ab48015bbd4dfc1ab205b42f1113d http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_armel.deb Size/MD5 checksum: 2100958 fbf2c222a504e09e30f73cb0740a73a5 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_armel.deb Size/MD5 checksum: 1504318 8eaa760844c1b81d0f8bd21bdc7ca1d0 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_armel.deb Size/MD5 checksum: 850286 3e656a0805eb31600f8e3e520a2a6e36
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_hppa.deb Size/MD5 checksum: 2268562 8cb4805915dfde8326fde4281c9aaa76 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_hppa.deb Size/MD5 checksum: 969104 805c95116706c82051a5d08efce729e5 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_hppa.deb Size/MD5 checksum: 1047026 2e06d411c0a8764db3504638d3b59ef9 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_hppa.deb Size/MD5 checksum: 1528456 de6a4129635ee4565696198ce3423674 http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_hppa.udeb Size/MD5 checksum: 634504 bab8594389626190b71ee97bfb46fa71
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_i386.deb Size/MD5 checksum: 2108452 d75ba6c13fc77dd3eefddde480a05231 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_i386.deb Size/MD5 checksum: 5393290 14bf0f44b8c802e47834234be834d80b http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_i386.deb Size/MD5 checksum: 2977384 bf4c26767b006694843d036ebdca132a http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_i386.udeb Size/MD5 checksum: 591782 bf5007e22e4bd31445458a5379086103 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_i386.deb Size/MD5 checksum: 1035868 64085f2b106009533bda0309f08548af
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_ia64.deb Size/MD5 checksum: 2666530 42cdae406ce22e3e538f0d744f043a39 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_ia64.deb Size/MD5 checksum: 1465582 33c84255a9515a9a528cbf3df9398ef5 http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_ia64.udeb Size/MD5 checksum: 865352 9cbc10e393eb3d30d34ea384c6f1f9f5 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_ia64.deb Size/MD5 checksum: 1105090 cc7485d310d4770c2b1e93c6d74dcc2b http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_ia64.deb Size/MD5 checksum: 1280654 fde186a4983ac6cafcd3d5ec7e1d6f98
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_mips.deb Size/MD5 checksum: 1025868 8b7f565c4c0a15b15f20f2e074bb503a http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_mips.deb Size/MD5 checksum: 900162 391ac436c8d7ed7b55a8ea9e90c7d8be http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_mips.deb Size/MD5 checksum: 2307960 227ac5c7b409d061222b94bc40e8cd18 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_mips.deb Size/MD5 checksum: 1622826 8a4f73d6cd497076490404a2dade26ba http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_mips.udeb Size/MD5 checksum: 585108 d8447df55a530959b6cd9d5d3039c0da
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_mipsel.deb Size/MD5 checksum: 1012186 4a154b5c4d864f7dcd0bf019dfb41c5d http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_mipsel.deb Size/MD5 checksum: 1588308 1222eb6b1870602335ef0722b7047b6a http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_mipsel.udeb Size/MD5 checksum: 572370 a2535f616be099e9361a55637c3375d3 http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_mipsel.deb Size/MD5 checksum: 2295070 7446121759684083870d5ae0d26969c0 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_mipsel.deb Size/MD5 checksum: 885668 3745e7c578002628f78f02bd5afeb84f
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_powerpc.deb Size/MD5 checksum: 1643808 43814c865d098046bc1dca1920820354 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_powerpc.deb Size/MD5 checksum: 1047060 5c45e5a5d02f856cb9dc29029d0b5557 http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_powerpc.udeb Size/MD5 checksum: 656166 309fdeebe15bbecbe8c55dbd5ddbdd3a http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_powerpc.deb Size/MD5 checksum: 997540 f4bf73493f3964b8a23bdd424694f079 http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_powerpc.deb Size/MD5 checksum: 2251238 35f6f59b07e57eb538da19545a733d5f
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_s390.udeb Size/MD5 checksum: 693040 26cab41169c6b8f64ce7936a2ea65a7b http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_s390.deb Size/MD5 checksum: 1051130 f67b4fd152e1175f81022ffd345d6c78 http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_s390.deb Size/MD5 checksum: 2231782 c7796fff8c97bbf0c5ab69440cbd50f9 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_s390.deb Size/MD5 checksum: 1602496 a9595ac98fc11015dd4bb2634416197b http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_s390.deb Size/MD5 checksum: 1024562 ff293933ef4eb5e952659fe7caf82c8b
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_sparc.deb Size/MD5 checksum: 2290536 e5c655fbcc524fe7bb56945cc8b2f5d1 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_sparc.deb Size/MD5 checksum: 3868850 b9cbaa2cbb2cfa4aa1dce984148dba4b http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_sparc.deb Size/MD5 checksum: 2146488 d0c17736c2b26a97491e34321ffff3f5 http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_sparc.udeb Size/MD5 checksum: 580510 28ab74855c8a34bb002b44fd7ecb8997 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_sparc.deb Size/MD5 checksum: 1043044 d78ffaf44d1177b05fa0cfb02d76128a
These files will probably be moved into the stable distribution on its next update.
Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3864 http://openssl.org/news/secadv_20101116.txt
Updated Packages:
Mandriva Linux 2009.0: b32e4b6e6b901d72fe4aa24bd0f41f9b 2009.0/i586/libopenssl0.9.8-0.9.8h-3.8mdv2009.0.i586.rpm f55512826ad63a1c9c4b60fad54292ac 2009.0/i586/libopenssl0.9.8-devel-0.9.8h-3.8mdv2009.0.i586.rpm eb005af48a71b807ef387f4c54eedd6f 2009.0/i586/libopenssl0.9.8-static-devel-0.9.8h-3.8mdv2009.0.i586.rpm ed01c1d0ea3fdecc8ba3331541d18d9a 2009.0/i586/openssl-0.9.8h-3.8mdv2009.0.i586.rpm a5b43d482e633af8952e7e04f8d7b56e 2009.0/SRPMS/openssl-0.9.8h-3.8mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64: 007dedca099e812b7b461e720ef5e6f1 2009.0/x86_64/lib64openssl0.9.8-0.9.8h-3.8mdv2009.0.x86_64.rpm 293194a028c940a27d11549ef84ff182 2009.0/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.8mdv2009.0.x86_64.rpm 6b1c8ced8640b51bf25761c127b3ed20 2009.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.8mdv2009.0.x86_64.rpm 76bbe5d36d9887cbc753b267b6d3a608 2009.0/x86_64/openssl-0.9.8h-3.8mdv2009.0.x86_64.rpm a5b43d482e633af8952e7e04f8d7b56e 2009.0/SRPMS/openssl-0.9.8h-3.8mdv2009.0.src.rpm
Mandriva Linux 2010.0: b92acd82153b8987f0bcdb0e277c6f0e 2010.0/i586/libopenssl0.9.8-0.9.8k-5.3mdv2010.0.i586.rpm d780ab4e0e80a66b105f72e41a4d5b54 2010.0/i586/libopenssl0.9.8-devel-0.9.8k-5.3mdv2010.0.i586.rpm 8faae39210b0c366f619cdb71b1a7321 2010.0/i586/libopenssl0.9.8-static-devel-0.9.8k-5.3mdv2010.0.i586.rpm 2247e3b7bff72998d841d650ba25960a 2010.0/i586/openssl-0.9.8k-5.3mdv2010.0.i586.rpm 2c2a297e1c568ef69502064578516f0f 2010.0/SRPMS/openssl-0.9.8k-5.3mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64: 331d3064412c7b73baed5d54e7262f51 2010.0/x86_64/lib64openssl0.9.8-0.9.8k-5.3mdv2010.0.x86_64.rpm 2e90f43a521e108a8adbde35a058d7b9 2010.0/x86_64/lib64openssl0.9.8-devel-0.9.8k-5.3mdv2010.0.x86_64.rpm 7d102f6bf8bb201654aa518e3b73a27f 2010.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8k-5.3mdv2010.0.x86_64.rpm 4b7ad813fd5fdd5785bd94eb3a951244 2010.0/x86_64/openssl-0.9.8k-5.3mdv2010.0.x86_64.rpm 2c2a297e1c568ef69502064578516f0f 2010.0/SRPMS/openssl-0.9.8k-5.3mdv2010.0.src.rpm
Mandriva Linux 2010.1: 8310ac6aa860087de6992e618460f279 2010.1/i586/libopenssl1.0.0-1.0.0a-1.5mdv2010.1.i586.rpm 7e7719b1b5c2f91a6eadfab9dd696b8f 2010.1/i586/libopenssl1.0.0-devel-1.0.0a-1.5mdv2010.1.i586.rpm 5b5aa8939c69c69c2ab49145aca37173 2010.1/i586/libopenssl1.0.0-static-devel-1.0.0a-1.5mdv2010.1.i586.rpm 0e6bd59c1d6b2c459acc5c4d0851246a 2010.1/i586/libopenssl-engines1.0.0-1.0.0a-1.5mdv2010.1.i586.rpm de46046e9b1e033cccd668b32b70972c 2010.1/i586/openssl-1.0.0a-1.5mdv2010.1.i586.rpm f6059c72297b6510fa4c816db6742a64 2010.1/SRPMS/openssl-1.0.0a-1.5mdv2010.1.src.rpm
Mandriva Linux 2010.1/X86_64: c792f3d19c1f9ff50c801feccd600319 2010.1/x86_64/lib64openssl1.0.0-1.0.0a-1.5mdv2010.1.x86_64.rpm 7f3a6b125fc145e17c140218f3b48a92 2010.1/x86_64/lib64openssl1.0.0-devel-1.0.0a-1.5mdv2010.1.x86_64.rpm e5f35fbeadb2f765607325f960de621e 2010.1/x86_64/lib64openssl1.0.0-static-devel-1.0.0a-1.5mdv2010.1.x86_64.rpm 27a8dee6459e0830be1e907f082d25a2 2010.1/x86_64/lib64openssl-engines1.0.0-1.0.0a-1.5mdv2010.1.x86_64.rpm 4b7863a6c8b883f385613bb7a49af128 2010.1/x86_64/openssl-1.0.0a-1.5mdv2010.1.x86_64.rpm f6059c72297b6510fa4c816db6742a64 2010.1/SRPMS/openssl-1.0.0a-1.5mdv2010.1.src.rpm
Mandriva Enterprise Server 5: fef62b69a582a93e821a2d802fb4faee mes5/i586/libopenssl0.9.8-0.9.8h-3.8mdvmes5.1.i586.rpm fe3c0cf3596d90cc3be37a944df1753b mes5/i586/libopenssl0.9.8-devel-0.9.8h-3.8mdvmes5.1.i586.rpm d5a269adf63ee6d4ce21ea651e208180 mes5/i586/libopenssl0.9.8-static-devel-0.9.8h-3.8mdvmes5.1.i586.rpm e410f94c6d8c08270aa1edd5aeb7c177 mes5/i586/openssl-0.9.8h-3.8mdvmes5.1.i586.rpm aaa38cecee165e165beace7e0b02ecdf mes5/SRPMS/openssl-0.9.8h-3.8mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64: ebec7b3044ee3b3b0ab6c455741e5782 mes5/x86_64/lib64openssl0.9.8-0.9.8h-3.8mdvmes5.1.x86_64.rpm 0c201edd531dd53a541739bf6db7f276 mes5/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.8mdvmes5.1.x86_64.rpm 83a690e504f6470ffc4bce428ff09199 mes5/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.8mdvmes5.1.x86_64.rpm fcef579e52e20393ffd2bbae00b602a8 mes5/x86_64/openssl-0.9.8h-3.8mdvmes5.1.x86_64.rpm aaa38cecee165e165beace7e0b02ecdf mes5/SRPMS/openssl-0.9.8h-3.8mdvmes5.1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFM49pvmqjQ0CJFipgRAs5xAKDhGJdpzq9ZF6TvhezjZR8zmOQAngCggDa1 vAfiUtuiMqw0BDS3V2tLk/I= =hDGj -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it.
The fix was developed by Dr Stephen Henson of the OpenSSL core team.
This vulnerability is tracked as CVE-2010-3864
Who is affected?
All versions of OpenSSL supporting TLS extensions contain this vulnerability including OpenSSL 0.9.8f through 0.9.8o, 1.0.0, 1.0.0a releases.
Patch for OpenSSL 0.9.8 releases
Index: ssl/t1_lib.c
RCS file: /v/openssl/cvs/openssl/ssl/t1_lib.c,v retrieving revision 1.13.2.27 diff -u -r1.13.2.27 t1_lib.c --- ssl/t1_lib.c 12 Jun 2010 13:18:58 -0000 1.13.2.27 +++ ssl/t1_lib.c 15 Nov 2010 15:20:14 -0000 @@ -432,14 +432,23 @@ switch (servname_type) { case TLSEXT_NAMETYPE_host_name: - if (s->session->tlsext_hostname == NULL) + if (!s->hit) { - if (len > TLSEXT_MAXLEN_host_name || - ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL)) + if(s->session->tlsext_hostname) + { + al = SSL_AD_DECODE_ERROR; + return 0; + } + if (len > TLSEXT_MAXLEN_host_name) { al = TLS1_AD_UNRECOGNIZED_NAME; return 0; } + if ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL) + { + *al = TLS1_AD_INTERNAL_ERROR; + return 0; + } memcpy(s->session->tlsext_hostname, sdata, len); s->session->tlsext_hostname[len]='\0'; if (strlen(s->session->tlsext_hostname) != len) { @@ -452,7 +461,8 @@
}
else
- s->servername_done = strlen(s->session->tlsext_hostname) == len
- s->servername_done = s->session->tlsext_hostname
- && strlen(s->session->tlsext_hostname) == len
&& strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0;
break;
Patch for OpenSSL 1.0.0 releases
Index: ssl/t1_lib.c
RCS file: /v/openssl/cvs/openssl/ssl/t1_lib.c,v retrieving revision 1.64.2.14 diff -u -r1.64.2.14 t1_lib.c --- ssl/t1_lib.c 15 Jun 2010 17:25:15 -0000 1.64.2.14 +++ ssl/t1_lib.c 15 Nov 2010 15:26:19 -0000 @@ -714,14 +714,23 @@ switch (servname_type) { case TLSEXT_NAMETYPE_host_name: - if (s->session->tlsext_hostname == NULL) + if (!s->hit) { - if (len > TLSEXT_MAXLEN_host_name || - ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL)) + if(s->session->tlsext_hostname) + { + al = SSL_AD_DECODE_ERROR; + return 0; + } + if (len > TLSEXT_MAXLEN_host_name) { al = TLS1_AD_UNRECOGNIZED_NAME; return 0; } + if ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL) + { + *al = TLS1_AD_INTERNAL_ERROR; + return 0; + } memcpy(s->session->tlsext_hostname, sdata, len); s->session->tlsext_hostname[len]='\0'; if (strlen(s->session->tlsext_hostname) != len) { @@ -734,7 +743,8 @@
}
else
- s->servername_done = strlen(s->session->tlsext_hostname) == len
- s->servername_done = s->session->tlsext_hostname
- && strlen(s->session->tlsext_hostname) == len
&& strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0;
break;
@@ -765,15 +775,22 @@ al = TLS1_AD_DECODE_ERROR; return 0; } - s->session->tlsext_ecpointformatlist_length = 0; - if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist); - if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL) + if (!s->hit) { - al = TLS1_AD_INTERNAL_ERROR; - return 0; + if(s->session->tlsext_ecpointformatlist) + { + al = TLS1_AD_DECODE_ERROR; + return 0; + } + s->session->tlsext_ecpointformatlist_length = 0; + if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL) + { + al = TLS1_AD_INTERNAL_ERROR; + return 0; + } + s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length; + memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length); } - s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length; - memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length); #if 0 fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ecpointformatlist (length=%i) ", s->session->tlsext_ecpointformatlist_length); sdata = s->session->tlsext_ecpointformatlist; @@ -794,15 +811,22 @@ al = TLS1_AD_DECODE_ERROR; return 0; } - s->session->tlsext_ellipticcurvelist_length = 0; - if (s->session->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->session->tlsext_ellipticcurvelist); - if ((s->session->tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL) + if (!s->hit) { - al = TLS1_AD_INTERNAL_ERROR; - return 0; + if(s->session->tlsext_ellipticcurvelist) + { + al = TLS1_AD_DECODE_ERROR; + return 0; + } + s->session->tlsext_ellipticcurvelist_length = 0; + if ((s->session->tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL) + { + al = TLS1_AD_INTERNAL_ERROR; + return 0; + } + s->session->tlsext_ellipticcurvelist_length = ellipticcurvelist_length; + memcpy(s->session->tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length); } - s->session->tlsext_ellipticcurvelist_length = ellipticcurvelist_length; - memcpy(s->session->tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length); #if 0 fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ellipticcurvelist (length=%i) ", s->session->tlsext_ellipticcurvelist_length); sdata = s->session->tlsext_ellipticcurvelist;
References
URL for this Security Advisory: http://www.openssl.org/news/secadv_20101116.txt
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
============================================================================= FreeBSD-SA-10:10.openssl Security Advisory The FreeBSD Project
Topic: OpenSSL multiple vulnerabilities
Category: contrib Module: openssl Announced: 2010-11-29 Credits: Georgi Guninski, Rob Hulswit Affects: FreeBSD 7.0 and later Corrected: 2010-11-26 22:50:58 UTC (RELENG_8, 8.1-STABLE) 2010-11-29 20:43:06 UTC (RELENG_8_1, 8.1-RELEASE-p2) 2010-11-29 20:43:06 UTC (RELENG_8_0, 8.0-RELEASE-p6) 2010-11-28 13:45:51 UTC (RELENG_7, 7.3-STABLE) 2010-11-29 20:43:06 UTC (RELENG_7_3, 7.3-RELEASE-p4) 2010-11-29 20:43:06 UTC (RELENG_7_1, 7.1-RELEASE-p16) CVE Name: CVE-2010-2939, CVE-2010-3864
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.
II. The race condition can lead to a buffer overflow. [CVE-2010-3864]
A double free exists in the SSL client ECDH handling code, when processing specially crafted public keys with invalid prime numbers. [CVE-2010-2939]
III. [CVE-2010-3864].
It may be possible to cause a DoS or potentially execute arbitrary in the context of the user connection to a malicious SSL server. [CVE-2010-2939]
IV. Workaround
No workaround is available, but CVE-2010-3864 only affects FreeBSD 8.0 and later. Solution
Perform one of the following:
1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE, or to the RELENG_8_1, RELENG_8_0, RELENG_7_3, or RELENG_7_1 security branch dated after the correction date.
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to FreeBSD 7.1, 7.3, 8.0 and 8.1 systems.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
[FreeBSD 7.x]
fetch http://security.FreeBSD.org/patches/SA-10:10/openssl7.patch
fetch http://security.FreeBSD.org/patches/SA-10:10/openssl7.patch.asc
[FreeBSD 8.x]
fetch http://security.FreeBSD.org/patches/SA-10:10/openssl.patch
fetch http://security.FreeBSD.org/patches/SA-10:10/openssl.patch.asc
b) Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
cd /usr/src/secure/lib/libssl
make obj && make depend && make && make install
NOTE: On the amd64 platform, the above procedure will not update the
lib32 (i386 compatibility) libraries. On amd64 systems where the i386
compatibility libraries are used, the operating system should instead
be recompiled as described in
3) To update your vulnerable system via a binary patch:
Systems running 7.1-RELEASE, 7.3-RELEASE, 8.0-RELEASE or 8.1-RELEASE on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:
freebsd-update fetch
freebsd-update install
VI. Correction details
The following list contains the revision numbers of each file that was corrected in FreeBSD.
CVS:
Branch Revision Path
RELENG_7_3 src/UPDATING 1.507.2.34.2.6 src/sys/conf/newvers.sh 1.72.2.16.2.8 src/crypto/openssl/ssl/s3_clnt.c 1.1.1.14.2.1.4.1 RELENG_7_1 src/UPDATING 1.507.2.13.2.19 src/sys/conf/newvers.sh 1.72.2.9.2.20 src/crypto/openssl/ssl/s3_clnt.c 1.1.1.14.6.2 RELENG_8_1 src/UPDATING 1.632.2.14.2.5 src/sys/conf/newvers.sh 1.83.2.10.2.6 src/crypto/openssl/ssl/s3_clnt.c 1.3.2.1.2.1 src/crypto/openssl/ssl/t1_lib.c 1.2.2.1.2.1 RELENG_8_0 src/UPDATING 1.632.2.7.2.9 src/sys/conf/newvers.sh 1.83.2.6.2.9 src/crypto/openssl/ssl/s3_clnt.c 1.3.4.1 src/crypto/openssl/ssl/t1_lib.c 1.2.4.1
Subversion:
Branch/path Revision
stable/7/ r215997 releng/7.3/ r216063 releng/7.1/ r216063 stable/8/ r215912 releng/8.0/ r216063 releng/8.1/ r216063
VII
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201011-0251", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8o" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8n" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "efi", "version": null }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "0.9.8p" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.0b" }, { "model": "ace", "scope": null, "trust": 0.8, "vendor": "vmware", "version": null }, { "model": "esx", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "3.0.3" }, { "model": "esx", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "3.5" }, { "model": "esx", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "4.0" }, { "model": "esx", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "4.1" }, { "model": "esxi", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "3.5" }, { "model": "esxi", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "4.0" }, { "model": "esxi", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "4.1" }, { "model": "fusion", "scope": null, "trust": 0.8, "vendor": "vmware", "version": null }, { "model": "player", "scope": null, "trust": 0.8, "vendor": "vmware", "version": null }, { "model": "vcenter", "scope": null, "trust": 0.8, "vendor": "vmware", "version": null }, { "model": "workstation", "scope": null, "trust": 0.8, "vendor": "vmware", "version": null }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6 to v10.6.7" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6 to v10.6.7" }, { "model": "flash media server", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "3.5.5 before" }, { "model": "flash media server", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "4.0.1 before" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.11" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.23" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.31" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "opensolaris build snv 134", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux armel", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "opensolaris build snv 41", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 104", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 83", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "coat systems blue coat reporter", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "8.3.4" }, { "model": "opensolaris build snv 106", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 131", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 56", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "opensolaris build snv 95", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "opensolaris build snv 38", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.3" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "opensolaris build snv 126", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux hppa", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "coat systems blue coat reporter", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "8" }, { "model": "opensolaris build snv 125", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.6" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "12.0" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "esxi server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.5" }, { "model": "opensolaris build snv 133", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "project openssl 0.9.8f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "opensolaris build snv 54", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 129", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 93", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "coat systems blue coat reporter", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "9.1.2" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0.4" }, { "model": "esx server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "performance manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.20" }, { "model": "netbsd", "scope": "eq", "trust": 0.3, "vendor": "netbsd", "version": "4.0.1" }, { "model": "opensolaris build snv 35", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "flash media server", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "4.0.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.2" }, { "model": "opensolaris build snv 92", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux x86 64 -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "12.2" }, { "model": "netbsd", "scope": "eq", "trust": 0.3, "vendor": "netbsd", "version": "4.0" }, { "model": "opensolaris build snv 134a", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "enterprise server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "esx server esx410-201101201", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "service health reporter", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.1" }, { "model": "mac os server", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "flash media server", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "4.0.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.2" }, { "model": "flash media server", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "3.5.6" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5300-06" }, { "model": "flash media server", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "4.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.7" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.1" }, { "model": "opensolaris build snv 76", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "project openssl 1.0.0b", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "opensolaris build snv 130", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "opensolaris build snv 121", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux lts powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4" }, { "model": "coat systems blue coat reporter", "scope": "ne", "trust": 0.3, "vendor": "blue", "version": "9.3.2.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "opensolaris build snv 84", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.12" }, { "model": "opensolaris build snv 101a", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "11.0" }, { "model": "opensolaris build snv 105", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 99", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "opensolaris build snv 111a", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "service health optimizer", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "netbsd", "scope": "eq", "trust": 0.3, "vendor": "netbsd", "version": "4.0.2" }, { "model": "opensolaris build snv 87", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "project openssl 1.0.0a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "flash media server", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "3.5.4" }, { "model": "aix l", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "opensolaris build snv 88", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "performance manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.21" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.7" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5200-10" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "opensolaris build snv 98", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "hat enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "esxi server esxi410-20110120", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "opensolaris build snv 117", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.0" }, { "model": "linux lts sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "netbsd", "scope": "eq", "trust": 0.3, "vendor": "netbsd", "version": "5.0" }, { "model": "opensolaris build snv 58", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "tivoli netcool/omnibus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "opensolaris build snv 111", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.3" }, { "model": "opensolaris build snv 151a", "scope": "ne", "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "opensolaris build snv 113", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.5" }, { "model": "ssl for openvms", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "1.4-453" }, { "model": "opensolaris build snv 100", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2009.0" }, { "model": "opensolaris build snv 124", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 118", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "operations agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.60.5" }, { "model": "stonegate ssl vpn engine", "scope": "eq", "trust": 0.3, "vendor": "stonesoft", "version": "1.4.5" }, { "model": "project openssl 0.9.8o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "linux -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "opensolaris build snv 123", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.0" }, { "model": "coat systems blue coat reporter", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "8.3.5" }, { "model": "opensolaris build snv 59", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 49", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "opensolaris build snv 57", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "coat systems blue coat reporter", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "9.1.3" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "opensolaris build snv 22", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "12.1" }, { "model": "linux lpia", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.10" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "opensolaris build snv 114", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "opensolaris build snv 112", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "coat systems blue coat reporter", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "8.3.2" }, { "model": "opensolaris build snv 81", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "coat systems blue coat reporter", "scope": "ne", "trust": 0.3, "vendor": "blue", "version": "9.2.5.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "operations agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.60" }, { "model": "opensolaris build snv 119", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 128", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 103", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "operations agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "11.0" }, { "model": "opensolaris build snv 85", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 19", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "coat systems blue coat reporter", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "9.1.1" }, { "model": "esxi server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "opensolaris build snv 107", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux enterprise sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "flash media server", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "3.5.2" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "opensolaris build snv 45", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "project openssl 0.9.8m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "coat systems blue coat reporter", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "8.3.1" }, { "model": "project openssl 0.9.8p", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "linux enterprise", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.4" }, { "model": "operations manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.60" }, { "model": "opensolaris build snv 96", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 110", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.10" }, { "model": "hat enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "opensolaris build snv 71", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "stonegate ssl vpn engine build", "scope": "ne", "trust": 0.3, "vendor": "stonesoft", "version": "1.4.51519" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.11" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.10" }, { "model": "coat systems blue coat reporter", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "8.3.3" }, { "model": "opensolaris build snv 78", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "esx server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.5" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "opensolaris build snv 108", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux alpha", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "flash media server", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "3.5.3" }, { "model": "opensolaris build snv 28", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "coat systems blue coat reporter", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "8.3.7" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.10" }, { "model": "opensolaris build snv 13", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "flash media server", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "3.5.1" }, { "model": "linux lts lpia", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "opensolaris build snv 132", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.10" }, { "model": "opensolaris build snv 91", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "opensolaris build snv 36", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 89", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.8" }, { "model": "opensolaris", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "0" }, { "model": "opensolaris build snv 47", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "11" }, { "model": "opensolaris build snv 48", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 39", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 64", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 137", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "esx server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.0.3" }, { "model": "aix l", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.10" }, { "model": "operations manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.1" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "flash media server", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "3.5" }, { "model": "opensolaris build snv 94", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "operations agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "11.01" }, { "model": "opensolaris build snv 37", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "opensolaris build snv 101", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "flash media server", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "3.5.5" }, { "model": "opensolaris build snv 122", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 115", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "insight control", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "opensolaris build snv 90", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 68", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "esx server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "opensolaris build snv 109", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "esxi server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "project openssl 0.9.8n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "opensolaris build snv 74", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 67", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 120", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris svn 126", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 51", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 50", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 136", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "hat enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.1" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.2" }, { "model": "opensolaris build snv 102", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "performance manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.10" }, { "model": "performance agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "opensolaris build snv 02", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "project openssl 0.9.8l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.0" }, { "model": "linux mipsel", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "enterprise server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "opensolaris build snv 77", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "aix l", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "opensolaris build snv 61", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 111b", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "hat enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2009.0" }, { "model": "opensolaris snv 111b", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 116", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 127", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.9" }, { "model": "linux m68k", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.10" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.3" }, { "model": "opensolaris build snv 80", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 82", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 135", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "opensolaris build snv 01", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "rc3", "scope": "eq", "trust": 0.3, "vendor": "netbsd", "version": "5.0" }, { "model": "opensolaris build snv 86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 29", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" } ], "sources": [ { "db": "CERT/CC", "id": "VU#737740" }, { "db": "BID", "id": "44884" }, { "db": "JVNDB", "id": "JVNDB-2010-002486" }, { "db": "NVD", "id": "CVE-2010-3864" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2010-3864" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Rob Hulswit.", "sources": [ { "db": "BID", "id": "44884" } ], "trust": 0.3 }, "cve": "CVE-2010-3864", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 4.9, "id": "CVE-2010-3864", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.9, "userInteractionRequired": false, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2010-3864", "trust": 1.8, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2010-3864", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2010-3864" }, { "db": "JVNDB", "id": "JVNDB-2010-002486" }, { "db": "NVD", "id": "CVE-2010-3864" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography. Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o). OpenSSL is prone to a heap-based buffer-overflow vulnerability because the library fails to properly perform bounds-checks on user-supplied input before copying it to an insufficiently sized memory buffer. \nSuccessfully exploiting this issue may allow attackers to execute arbitrary code in the context of applications that use the affected library, but this has not been confirmed. Failed exploit attempts may crash applications, denying service to legitimate users. \nOpenSSL 0.9.8f to 0.9.8o, 1.0.0, and 1.0.0a are vulnerable. \nNOTE: This issue affects servers which are multi-threaded and use OpenSSL\u0027s internal caching mechanism. Multi-processed servers or servers with disabled internal caching (like Apache HTTP server and Stunnel) are not affected. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\n VMware Security Advisory\n\nAdvisory ID: VMSA-2011-0003\nSynopsis: Third party component updates for VMware vCenter\n Server, vCenter Update Manager, ESXi and ESX\nIssue date: 2011-02-10\nUpdated on: 2011-02-10 (initial release of advisory)\nCVE numbers: --- Apache Tomcat ---\n CVE-2009-2693 CVE-2009-2901 CVE-2009-2902\n CVE-2009-3548 CVE-2010-2227 CVE-2010-1157\n --- Apache Tomcat Manager ---\n CVE-2010-2928\n --- cURL ---\n CVE-2010-0734\n --- COS Kernel ---\n CVE-2010-1084 CVE-2010-2066 CVE-2010-2070\n CVE-2010-2226 CVE-2010-2248 CVE-2010-2521\n CVE-2010-2524 CVE-2010-0008 CVE-2010-0415\n CVE-2010-0437 CVE-2009-4308 CVE-2010-0003\n CVE-2010-0007 CVE-2010-0307 CVE-2010-1086\n CVE-2010-0410 CVE-2010-0730 CVE-2010-1085\n CVE-2010-0291 CVE-2010-0622 CVE-2010-1087\n CVE-2010-1173 CVE-2010-1437 CVE-2010-1088\n CVE-2010-1187 CVE-2010-1436 CVE-2010-1641\n CVE-2010-3081\n --- Microsoft SQL Express ---\n CVE-2008-5416 CVE-2008-0085 CVE-2008-0086\n CVE-2008-0107 CVE-2008-0106\n --- OpenSSL ---\n CVE-2010-0740 CVE-2010-0433\n CVE-2010-3864 CVE-2010-2939\n --- Oracle (Sun) JRE ---\n CVE-2009-3555 CVE-2010-0082 CVE-2010-0084\n CVE-2010-0085 CVE-2010-0087 CVE-2010-0088\n CVE-2010-0089 CVE-2010-0090 CVE-2010-0091\n CVE-2010-0092 CVE-2010-0093 CVE-2010-0094\n CVE-2010-0095 CVE-2010-0837 CVE-2010-0838\n CVE-2010-0839 CVE-2010-0840 CVE-2010-0841\n CVE-2010-0842 CVE-2010-0843 CVE-2010-0844\n CVE-2010-0845 CVE-2010-0846 CVE-2010-0847\n CVE-2010-0848 CVE-2010-0849 CVE-2010-0850\n CVE-2010-0886 CVE-2010-3556 CVE-2010-3566\n CVE-2010-3567 CVE-2010-3550 CVE-2010-3561\n CVE-2010-3573 CVE-2010-3565 CVE-2010-3568\n CVE-2010-3569 CVE-2010-1321 CVE-2010-3548\n CVE-2010-3551 CVE-2010-3562 CVE-2010-3571\n CVE-2010-3554 CVE-2010-3559 CVE-2010-3572\n CVE-2010-3553 CVE-2010-3549 CVE-2010-3557\n CVE-2010-3541 CVE-2010-3574\n --- pam_krb5 ---\n CVE-2008-3825 CVE-2009-1384\n- ------------------------------------------------------------------------\n\n1. Summary\n\n Update 1 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere\n Hypervisor (ESXi) 4.1, ESXi 4.1, addresses several security issues. \n\n\n2. Relevant releases\n\n vCenter Server 4.1 without Update 1,\n\n vCenter Update Manager 4.1 without Update 1,\n\n ESXi 4.1 without patch ESXi410-201101201-SG,\n\n ESX 4.1 without patch ESX410-201101201-SG. \n\n\n3. Problem Description\n\n a. vCenter Server and vCenter Update Manager update Microsoft\n SQL Server 2005 Express Edition to Service Pack 3\n\n Microsoft SQL Server 2005 Express Edition (SQL Express)\n distributed with vCenter Server 4.1 Update 1 and vCenter Update\n Manager 4.1 Update 1 is upgraded from SQL Express Service Pack 2\n to SQL Express Service Pack 3, to address multiple security\n issues that exist in the earlier releases of Microsoft SQL Express. \n\n Customers using other database solutions need not update for\n these issues. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2008-5416, CVE-2008-0085, CVE-2008-0086,\n CVE-2008-0107 and CVE-2008-0106 to the issues addressed in MS SQL\n Express Service Pack 3. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter 4.1 Windows Update 1\n vCenter 4.0 Windows affected, patch pending\n VirtualCenter 2.5 Windows affected, no patch planned\n\n Update Manager 4.1 Windows Update 1\n Update Manager 4.0 Windows affected, patch pending\n Update Manager 1.0 Windows affected, no patch planned\n\n hosted * any any not affected\n\n ESXi any ESXi not affected\n\n ESX any ESX not affected\n\n * Hosted products are VMware Workstation, Player, ACE, Fusion. \n\n b. vCenter Apache Tomcat Management Application Credential Disclosure\n\n The Apache Tomcat Manager application configuration file contains\n logon credentials that can be read by unprivileged local users. \n\n The issue is resolved by removing the Manager application in\n vCenter 4.1 Update 1. \n\n If vCenter 4.1 is updated to vCenter 4.1 Update 1 the logon\n credentials are not present in the configuration file after the\n update. \n\n VMware would like to thank Claudio Criscione of Secure Networking\n for reporting this issue to us. \n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2010-2928 to this issue. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter 4.1 Windows Update 1\n vCenter 4.0 Windows not affected\n VirtualCenter 2.5 Windows not affected\n\n hosted * any any not affected\n\n ESXi any ESXi not affected\n\n ESX any ESX not affected\n\n * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n c. vCenter Server and ESX, Oracle (Sun) JRE is updated to version\n 1.6.0_21\n\n Oracle (Sun) JRE update to version 1.6.0_21, which addresses\n multiple security issues that existed in earlier releases of\n Oracle (Sun) JRE. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the following names to the security issues fixed in\n Oracle (Sun) JRE 1.6.0_19: CVE-2009-3555, CVE-2010-0082,\n CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088,\n CVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092,\n CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837,\n CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841,\n CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845,\n CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849,\n CVE-2010-0850. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the following name to the security issue fixed in\n Oracle (Sun) JRE 1.6.0_20: CVE-2010-0886. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter 4.1 Windows Update 1\n vCenter 4.0 Windows not applicable **\n VirtualCenter 2.5 Windows not applicable **\n\n Update Manager 4.1 Windows not applicable **\n Update Manager 4.0 Windows not applicable **\n Update Manager 1.0 Windows not applicable **\n\n\n hosted * any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.1 ESX ESX410-201101201-SG\n ESX 4.0 ESX not applicable **\n ESX 3.5 ESX not applicable **\n ESX 3.0.3 ESX not applicable **\n\n * hosted products are VMware Workstation, Player, ACE, Fusion. \n ** this product uses the Oracle (Sun) JRE 1.5.0 family\n\nd. vCenter Update Manager Oracle (Sun) JRE is updated to version\n 1.5.0_26\n\n Oracle (Sun) JRE update to version 1.5.0_26, which addresses\n multiple security issues that existed in earlier releases of\n Oracle (Sun) JRE. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the following names to the security issues fixed in\n Oracle (Sun) JRE 1.5.0_26: CVE-2010-3556, CVE-2010-3566,\n CVE-2010-3567, CVE-2010-3550, CVE-2010-3561, CVE-2010-3573,\n CVE-2010-3565,CVE-2010-3568, CVE-2010-3569, CVE-2009-3555,\n CVE-2010-1321, CVE-2010-3548, CVE-2010-3551, CVE-2010-3562,\n CVE-2010-3571, CVE-2010-3554, CVE-2010-3559, CVE-2010-3572,\n CVE-2010-3553, CVE-2010-3549, CVE-2010-3557, CVE-2010-3541,\n CVE-2010-3574. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter 4.1 Windows not applicable **\n vCenter 4.0 Windows affected, patch pending\n VirtualCenter 2.5 Windows affected, no patch planned\n\n Update Manager 4.1 Windows Update 1\n Update Manager 4.0 Windows affected, patch pending\n Update Manager 1.0 Windows affected, no patch planned\n\n hosted * any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.1 ESX not applicable **\n ESX 4.0 ESX affected, patch pending\n ESX 3.5 ESX affected, no patch planned\n ESX 3.0.3 ESX affected, no patch planned\n\n * hosted products are VMware Workstation, Player, ACE, Fusion. \n ** this product uses the Oracle (Sun) JRE 1.6.0 family\n\n e. vCenter Server and ESX Apache Tomcat updated to version 6.0.28\n\n Apache Tomcat updated to version 6.0.28, which addresses multiple\n security issues that existed in earlier releases of Apache Tomcat\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the following names to the security issues fixed in\n Apache Tomcat 6.0.24: CVE-2009-2693, CVE-2009-2901, CVE-2009-2902,i\n and CVE-2009-3548. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the following names to the security issues fixed in\n Apache Tomcat 6.0.28: CVE-2010-2227, CVE-2010-1157. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter 4.1 Windows Update 1\n vCenter 4.0 Windows affected, patch pending\n VirtualCenter 2.5 Windows not applicable **\n\n hosted * any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.1 ESX ESX410-201101201-SG\n ESX 4.0 ESX affected, patch pending\n ESX 3.5 ESX not applicable **\n ESX 3.0.3 ESX not applicable **\n\n * hosted products are VMware Workstation, Player, ACE, Fusion. \n ** this product uses the Apache Tomcat 5.5 family\n\n f. vCenter Server third party component OpenSSL updated to version\n 0.9.8n\n\n The version of the OpenSSL library in vCenter Server is updated to\n 0.9.8n. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2010-0740 and CVE-2010-0433 to the\n issues addressed in this version of OpenSSL. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter 4.1 Windows Update 1\n vCenter 4.0 Windows affected, patch pending\n VirtualCenter 2.5 Windows affected, no patch planned\n\n hosted * any any not applicable\n\n ESXi any ESXi not applicable\n\n ESX any ESX not applicable\n\n * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n g. ESX third party component OpenSSL updated to version 0.9.8p\n\n The version of the ESX OpenSSL library is updated to 0.9.8p. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2010-3864 and CVE-2010-2939 to the\n issues addressed in this update. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not applicable\n\n hosted * any any not applicable\n ESXi 4.1 ESXi ESXi410-201101201-SG\n ESXi 4.0 ESXi affected, patch pending\n ESXi 3.5 ESXi affected, patch pending\n\n ESX 4.1 ESX ESX410-201101201-SG\n ESX 4.0 ESX affected, patch pending\n ESX 3.5 ESX affected, patch pending\n ESX 3.0.3 ESX affected, patch pending\n\n * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n h. ESXi third party component cURL updated\n\n The version of cURL library in ESXi is updated. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2010-0734 to the issues addressed in\n this update. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not affected\n\n hosted * any any not affected\n\n ESXi 4.1 ESXi ESXi410-201101201-SG\n ESXi 4.0 ESXi affected, patch pending\n ESXi 3.5 ESXi affected, patch pending\n\n ESX any ESX not applicable\n\n * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n i. ESX third party component pam_krb5 updated\n\n The version of pam_krb5 library is updated. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2008-3825 and CVE-2009-1384 to the\n issues addressed in the update. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not affected\n\n hosted * any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.1 ESX ESX410-201101201-SG\n ESX 4.0 ESX not affected\n ESX 3.5 ESX not affected\n ESX 3.0.3 ESX not affected\n\n * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n j. ESX third party update for Service Console kernel\n\n The Service Console kernel is updated to include kernel version\n 2.6.18-194.11.1. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2010-1084, CVE-2010-2066, CVE-2010-2070,\n CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, CVE-2010-2524,\n CVE-2010-0008, CVE-2010-0415, CVE-2010-0437, CVE-2009-4308,\n CVE-2010-0003, CVE-2010-0007, CVE-2010-0307, CVE-2010-1086,\n CVE-2010-0410, CVE-2010-0730, CVE-2010-1085, CVE-2010-0291,\n CVE-2010-0622, CVE-2010-1087, CVE-2010-1173, CVE-2010-1437,\n CVE-2010-1088, CVE-2010-1187, CVE-2010-1436, CVE-2010-1641, and\n CVE-2010-3081 to the issues addressed in the update. \n\n Note: This update also addresses the 64-bit compatibility mode\n stack pointer underflow issue identified by CVE-2010-3081. This\n issue was patched in an ESX 4.1 patch prior to the release of\n ESX 4.1 Update 1. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not affected\n\n hosted * any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.1 ESX ESX410-201101201-SG\n ESX 4.0 ESX affected, patch pending\n ESX 3.5 ESX not applicable\n ESX 3.0.3 ESX not applicable\n\n * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n\n4. Solution\n\n Please review the patch/release notes for your product and version\n and verify the checksum of your downloaded file. \n\n VMware vCenter Server 4.1 Update 1 and modules\n ----------------------------------------------\n\nhttp://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0\n Release Notes:\n http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html\n\n File type: .iso\n md5sum: 729cf247aa5d33ceec431c86377eee1a\n sha1sum: c1e10a5fcbc1ae9d13348d43541d574c563d66f0\n\n File type: .zip\n md5sum: fd1441bef48a153f2807f6823790e2f0\n sha1sum: 31737a816ed1c08ab3a505fb6db2483f49ad7c19\n\n VMware vSphere Client\n File type: .exe\n md5sum: cb6aa91ada1289575355d79e8c2a9f8e\n sha1sum: f9e3d8eb83196ae7c31aab554e344a46b722b1e4\n\n ESXi 4.1 Installable Update 1\n -----------------------------\n\nhttp://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0\n Release Notes:\n\nhttp://downloads.vmware.com/support/vsphere4/doc/vsp_esxi41_u1_rel_notes.html\n http://kb.vmware.com/kb/1027919\n\n File type: .iso\n MD5SUM: d68d6c2e040a87cd04cd18c04c22c998\n SHA1SUM: bbaacc0d34503822c14f6ccfefb6a5b62d18ae64\n\n ESXi 4.1 Update 1 (upgrade ZIP from ESXi 4.1)\n File type: .zip\n MD5SUM: 2f1e009c046b20042fae3b7ca42a840f\n SHA1SUM: 1c9c644012dec657a705ddd3d033cbfb87a1fab1\n\n ESXi 4.1 Update 1 (upgrade ZIP from ESXi 4.0)\n File type: .zip\n MD5SUM: 67b924618d196dafaf268a7691bd1a0f\n SHA1SUM: 9d74b639e703259d9e49c0341158e0d4e45de516 \t\n\n ESXi 4.1 Update 1 (upgrade ZIP from ESXi 3.5)\n File type: .zip\n MD5SUM: a6024b9f6c6b7b2c629696afc6d07cf4\n SHA1SUM: b3841de1a30617ac68d5a861882aa72de3a93488 \t\n\n VMware Tools CD image for Linux Guest OSes\n File type: .iso\n MD5SUM: dad66fa8ece1dd121c302f45444daa70\n SHA1SUM: 56535a2cfa7799607356c6fd0a7d9f041da614af \t\n\n VMware vSphere Client\n File type: .exe\n MD5SUM: cb6aa91ada1289575355d79e8c2a9f8e\n SHA1SUM: f9e3d8eb83196ae7c31aab554e344a46b722b1e4\n\n ESXi Installable Update 1 contains the following security bulletins:\n ESXi410-201101201-SG. \n\n ESX 4.1 Update 1\n ----------------\n\nhttp://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0\n Release Notes:\n\nhttp://downloads.vmware.com/support/vsphere4/doc/vsp_esx41_u1_rel_notes.html\n http://kb.vmware.com/kb/1029353\n\n ESX 4.1 Update 1 (DVD ISO)\n File type: .iso\n md5sum: b9a275b419a20c7bedf31c0bf64f504e\n sha1sum: 2d85edcaca8218013585e1eab00bc80db6d96e11 \t\n\n ESX 4.1 Update 1 (upgrade ZIP from ESX 4.1)\n File type: .zip\n md5sum: 2d81a87e994aa2b329036f11d90b4c14\n sha1sum: c2bfc0cf7ac03d24afd5049ddbd09a865aad1798 \t\n\n Pre-upgrade package for ESX 4.0 to ESX 4.1 Update 1\n File type: .zip\n md5sum: 75f8cebfd55d8a81deb57c27def963c2\n sha1sum: 889c15aa8008fe0e29439d0ab3468c2beb1c4fe2 \t\n\n ESX 4.1 Update 1 (upgrade ZIP from ESX 4.0)\n File type: .zip\n md5sum: 1dc9035cd10e7e60d27e7a7aef57b4c2\n sha1sum: e6d3fb65d83a3e263d0f634a3572025854ff8922 \t\n\n VMware Tools CD image for Linux Guest OSes\n File type: .iso\n md5sum: dad66fa8ece1dd121c302f45444daa70\n sha1sum: 56535a2cfa7799607356c6fd0a7d9f041da614af \t\n\n VMware vSphere Client\n File type: .exe\n md5sum: cb6aa91ada1289575355d79e8c2a9f8e\n sha1sum: f9e3d8eb83196ae7c31aab554e344a46b722b1e4\n\n ESX410-Update01 contains the following security bulletins:\n ESX410-201101201-SG (COS kernel, pam_krb5, cURL, OpenSSL,\n Apache Tomcat, Oracle (Sun) JRE) | http://kb.vmware.com/kb/1027904\n ESX410-201101226-SG (glibc) | http://kb.vmware.com/kb/1031330\n\n ESX410-Update01 also contains the following non-security bulletins\n ESX410-201101211-UG, ESX410-201101213-UG, ESX410-201101215-UG,\n ESX410-201101202-UG, ESX410-201101203-UG, ESX410-201101204-UG,\n ESX410-201101206-UG, ESX410-201101207-UG, ESX410-201101208-UG,\n ESX410-201101214-UG, ESX410-201101216-UG, ESX410-201101217-UG,\n ESX410-201101218-UG, ESX410-201101219-UG, ESX410-201101220-UG,\n ESX410-201101221-UG, ESX410-201101222-UG, ESX410-201101225-UG. \n\n To install an individual bulletin use esxupdate with the -b option. \n\n\n5. References\n\n CVE numbers\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5416\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0085\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0086\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0107\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0106\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2928\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0082\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0084\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0085\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0087\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0088\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0089\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0090\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0091\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0092\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0093\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0094\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0095\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0837\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0838\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0839\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0840\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0841\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0842\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0843\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0844\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0845\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0846\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0847\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0848\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0849\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0850\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0886\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2693\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2901\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2902\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1157\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0740\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0433\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3864\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2939\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0734\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3825\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1384\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1084\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2066\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2070\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2226\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2248\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2521\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2524\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0008\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0415\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0437\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4308\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0003\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0007\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0307\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1086\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0410\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0730\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1085\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0291\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0622\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1087\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1173\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1437\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1088\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1187\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1436\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1641\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3081\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3556\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3566\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3567\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3550\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3561\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3573\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3565\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3568\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3548\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3551\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3562\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3554\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3559\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3553\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3549\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3557\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3541\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3574\n\n- ------------------------------------------------------------------------\n6. Change log\n\n2011-02-10 VMSA-2011-0003\nInitial security advisory in conjunction with the release of vCenter\nServer 4.1 Update 1, vCenter Update Manager 4.1 Update 1, ESXi 4.1\nUpdate 1, and ESX 4.1 Update 1 on 2011-02-10. \n\n- -----------------------------------------------------------------------\n7. Contact\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n * security-announce at lists.vmware.com\n * bugtraq at securityfocus.com\n * full-disclosure at lists.grok.org.uk\n\nE-mail: security at vmware.com\nPGP key at: http://kb.vmware.com/kb/1055\n\nVMware Security Advisories\nhttp://www.vmware.com/security/advisories\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2011 VMware Inc. All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (MingW32)\n\niEYEARECAAYFAk1U1eoACgkQS2KysvBH1xm3swCfeh4sWvPOubDT1K7QlRj3SjW9\ndxYAmwbNLMR9IG/rKZDYh9hqcf4IldCX\n=2pVj\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c02824483\nVersion: 1\n\nHPSBOV02670 SSRT100475 rev.1 - HP OpenVMS running SSL, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2011-05-05\nLast Updated: 2011-05-05\n\nPotential Security Impact: Remote Denial of Service (DoS), Unauthorized disclosure of information, unauthorized modification\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential vulnerabilities have been identified with HP OpenVMS running SSL. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS) or unauthorized disclosure of information, or by a remote unauthorized user to modify data, prompts, or responses. \n\nReferences: CVE-2011-0014, CVE-2010-4180, CVE-2010-4252, CVE-2010-3864\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP SSL for OpenVMS v 1.4 and earlier. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2011-0014 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2010-4180 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2010-4252 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2010-3864 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve these vulnerabilities. \n\nHP SSL V1.4-453 for OpenVMS Alpha and OpenVMS Integrity servers:\nhttp://h71000.www7.hp.com/openvms/products/ssl/ssl.html\n\nHISTORY\nVersion:1 (rev.1) - 5 May 2011 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com\n Subject: get key\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n -verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin\nrelates to is represented by the 5th and 6th characters\nof the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\nCopyright 2011 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201110-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: OpenSSL: Multiple vulnerabilities\n Date: October 09, 2011\n Bugs: #303739, #308011, #322575, #332027, #345767, #347623,\n #354139, #382069\n ID: 201110-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities were found in OpenSSL, allowing for the\nexecution of arbitrary code and other attacks. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/openssl \u003c 1.0.0e \u003e= 1.0.0e\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nA context-dependent attacker could cause a Denial of Service, possibly\nexecute arbitrary code, bypass intended key requirements, force the\ndowngrade to unintended ciphers, bypass the need for knowledge of\nshared secrets and successfully authenticate, bypass CRL validation, or\nobtain sensitive information in applications that use OpenSSL. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.0e\"\n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are\navailable since September 17, 2011. It is likely that your system is\nalready no longer affected by most of these issues. \n\nReferences\n==========\n\n[ 1 ] CVE-2009-3245\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3245\n[ 2 ] CVE-2009-4355\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4355\n[ 3 ] CVE-2010-0433\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0433\n[ 4 ] CVE-2010-0740\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0740\n[ 5 ] CVE-2010-0742\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0742\n[ 6 ] CVE-2010-1633\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1633\n[ 7 ] CVE-2010-2939\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2939\n[ 8 ] CVE-2010-3864\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3864\n[ 9 ] CVE-2010-4180\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4180\n[ 10 ] CVE-2010-4252\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4252\n[ 11 ] CVE-2011-0014\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0014\n[ 12 ] CVE-2011-3207\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3207\n[ 13 ] CVE-2011-3210\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3210\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201110-01.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2125-1 security@debian.org\nhttp://www.debian.org/security/ Stefan Fritsch\nNovember 22, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : openssl\nVulnerability : buffer overflow\nProblem type : remote\nDebian-specific: no\nDebian Bug : 603709\nCVE Id(s) : CVE-2010-3864\n\nA flaw has been found in the OpenSSL TLS server extension code parsing\nwhich on affected servers can be exploited in a buffer overrun attack. \n\nThis upgrade fixes this issue. After the upgrade, any services using the\nopenssl libraries need to be restarted. The checkrestart script from the\ndebian-goodies package or lsof can help to find out which services need\nto be restarted. \n\nA note to users of the tor packages from the Debian backports or Debian\nvolatile: This openssl update causes problems with some versions of tor. \nYou need to update to tor 0.2.1.26-4~bpo50+1 or 0.2.1.26-1~lennyvolatile2,\nrespectively. The tor package version 0.2.0.35-1~lenny2 from Debian stable\nis not affected by these problems. \n\nFor the stable distribution (lenny), the problem has been fixed in\nopenssl version 0.9.8g-15+lenny9. \n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), this problem has been fixed in version 0.9.8o-3. \n\nWe recommend that you upgrade your openssl packages. \n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file. \n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration. \n\nDebian GNU/Linux 5.0 alias lenny (stable)\n- -----------------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. \n\nSource archives:\n\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g.orig.tar.gz\n Size/MD5 checksum: 3354792 acf70a16359bf3658bdfb74bda1c4419\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9.dsc\n Size/MD5 checksum: 1973 1efb69f23999507bf2e74f5b848744af\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9.diff.gz\n Size/MD5 checksum: 60451 9aba44ed40b0c9c8ec82bd6cd33c44b8\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_alpha.deb\n Size/MD5 checksum: 2583248 3b3f0cbec4ec28eb310466237648db8f\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_alpha.deb\n Size/MD5 checksum: 1028998 79fe8cdd601aecd9f956033a04fb8da5\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_alpha.udeb\n Size/MD5 checksum: 722114 a388304bf86381229c306e79a5e85bf8\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_alpha.deb\n Size/MD5 checksum: 2814160 e0f6fc697f5e9c87b44aa15eb58c3ea8\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_alpha.deb\n Size/MD5 checksum: 4369318 c3cf8c7ec27f86563c34f45e986e17c4\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_amd64.deb\n Size/MD5 checksum: 975850 778916e8b0df8e216121cd5185d7ca43\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_amd64.deb\n Size/MD5 checksum: 2243180 ff6a898ccd6fb49d5fbec9f4bd3cb6da\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_amd64.udeb\n Size/MD5 checksum: 638414 9ea111d66ac5f394d35fb69defa5dd27\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_amd64.deb\n Size/MD5 checksum: 1627632 9f08e1da5cf9279cee4700e89dc6ee6d\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_amd64.deb\n Size/MD5 checksum: 1043320 9ada82a7417c0d714a38c3a7184c2401\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_arm.udeb\n Size/MD5 checksum: 536038 a9c90bb3ad326fa43c1285c1768df046\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_arm.deb\n Size/MD5 checksum: 2087048 bded4e624fcf0791ae0885aa18d99123\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_arm.deb\n Size/MD5 checksum: 1028894 20784774078f02ef7e9db2ddbd7d5548\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_arm.deb\n Size/MD5 checksum: 1490666 700c80efddb108b3e2a65373cc10dcc8\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_arm.deb\n Size/MD5 checksum: 844426 4cad5651a6d37ab19fb80b05a423598d\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_armel.deb\n Size/MD5 checksum: 1029206 6c6c35731ecacfc0280520097ee183d4\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_armel.udeb\n Size/MD5 checksum: 540780 3b9ab48015bbd4dfc1ab205b42f1113d\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_armel.deb\n Size/MD5 checksum: 2100958 fbf2c222a504e09e30f73cb0740a73a5\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_armel.deb\n Size/MD5 checksum: 1504318 8eaa760844c1b81d0f8bd21bdc7ca1d0\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_armel.deb\n Size/MD5 checksum: 850286 3e656a0805eb31600f8e3e520a2a6e36\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_hppa.deb\n Size/MD5 checksum: 2268562 8cb4805915dfde8326fde4281c9aaa76\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_hppa.deb\n Size/MD5 checksum: 969104 805c95116706c82051a5d08efce729e5\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_hppa.deb\n Size/MD5 checksum: 1047026 2e06d411c0a8764db3504638d3b59ef9\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_hppa.deb\n Size/MD5 checksum: 1528456 de6a4129635ee4565696198ce3423674\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_hppa.udeb\n Size/MD5 checksum: 634504 bab8594389626190b71ee97bfb46fa71\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_i386.deb\n Size/MD5 checksum: 2108452 d75ba6c13fc77dd3eefddde480a05231\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_i386.deb\n Size/MD5 checksum: 5393290 14bf0f44b8c802e47834234be834d80b\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_i386.deb\n Size/MD5 checksum: 2977384 bf4c26767b006694843d036ebdca132a\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_i386.udeb\n Size/MD5 checksum: 591782 bf5007e22e4bd31445458a5379086103\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_i386.deb\n Size/MD5 checksum: 1035868 64085f2b106009533bda0309f08548af\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_ia64.deb\n Size/MD5 checksum: 2666530 42cdae406ce22e3e538f0d744f043a39\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_ia64.deb\n Size/MD5 checksum: 1465582 33c84255a9515a9a528cbf3df9398ef5\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_ia64.udeb\n Size/MD5 checksum: 865352 9cbc10e393eb3d30d34ea384c6f1f9f5\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_ia64.deb\n Size/MD5 checksum: 1105090 cc7485d310d4770c2b1e93c6d74dcc2b\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_ia64.deb\n Size/MD5 checksum: 1280654 fde186a4983ac6cafcd3d5ec7e1d6f98\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_mips.deb\n Size/MD5 checksum: 1025868 8b7f565c4c0a15b15f20f2e074bb503a\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_mips.deb\n Size/MD5 checksum: 900162 391ac436c8d7ed7b55a8ea9e90c7d8be\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_mips.deb\n Size/MD5 checksum: 2307960 227ac5c7b409d061222b94bc40e8cd18\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_mips.deb\n Size/MD5 checksum: 1622826 8a4f73d6cd497076490404a2dade26ba\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_mips.udeb\n Size/MD5 checksum: 585108 d8447df55a530959b6cd9d5d3039c0da\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_mipsel.deb\n Size/MD5 checksum: 1012186 4a154b5c4d864f7dcd0bf019dfb41c5d\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_mipsel.deb\n Size/MD5 checksum: 1588308 1222eb6b1870602335ef0722b7047b6a\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_mipsel.udeb\n Size/MD5 checksum: 572370 a2535f616be099e9361a55637c3375d3\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_mipsel.deb\n Size/MD5 checksum: 2295070 7446121759684083870d5ae0d26969c0\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_mipsel.deb\n Size/MD5 checksum: 885668 3745e7c578002628f78f02bd5afeb84f\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_powerpc.deb\n Size/MD5 checksum: 1643808 43814c865d098046bc1dca1920820354\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_powerpc.deb\n Size/MD5 checksum: 1047060 5c45e5a5d02f856cb9dc29029d0b5557\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_powerpc.udeb\n Size/MD5 checksum: 656166 309fdeebe15bbecbe8c55dbd5ddbdd3a\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_powerpc.deb\n Size/MD5 checksum: 997540 f4bf73493f3964b8a23bdd424694f079\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_powerpc.deb\n Size/MD5 checksum: 2251238 35f6f59b07e57eb538da19545a733d5f\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_s390.udeb\n Size/MD5 checksum: 693040 26cab41169c6b8f64ce7936a2ea65a7b\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_s390.deb\n Size/MD5 checksum: 1051130 f67b4fd152e1175f81022ffd345d6c78\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_s390.deb\n Size/MD5 checksum: 2231782 c7796fff8c97bbf0c5ab69440cbd50f9\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_s390.deb\n Size/MD5 checksum: 1602496 a9595ac98fc11015dd4bb2634416197b\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_s390.deb\n Size/MD5 checksum: 1024562 ff293933ef4eb5e952659fe7caf82c8b\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_sparc.deb\n Size/MD5 checksum: 2290536 e5c655fbcc524fe7bb56945cc8b2f5d1\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_sparc.deb\n Size/MD5 checksum: 3868850 b9cbaa2cbb2cfa4aa1dce984148dba4b\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_sparc.deb\n Size/MD5 checksum: 2146488 d0c17736c2b26a97491e34321ffff3f5\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_sparc.udeb\n Size/MD5 checksum: 580510 28ab74855c8a34bb002b44fd7ecb8997\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_sparc.deb\n Size/MD5 checksum: 1043044 d78ffaf44d1177b05fa0cfb02d76128a\n\n\n These files will probably be moved into the stable distribution on\n its next update. \n \n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149\u0026products_id=490\n \n The updated packages have been patched to correct this issue. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3864\n http://openssl.org/news/secadv_20101116.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2009.0:\n b32e4b6e6b901d72fe4aa24bd0f41f9b 2009.0/i586/libopenssl0.9.8-0.9.8h-3.8mdv2009.0.i586.rpm\n f55512826ad63a1c9c4b60fad54292ac 2009.0/i586/libopenssl0.9.8-devel-0.9.8h-3.8mdv2009.0.i586.rpm\n eb005af48a71b807ef387f4c54eedd6f 2009.0/i586/libopenssl0.9.8-static-devel-0.9.8h-3.8mdv2009.0.i586.rpm\n ed01c1d0ea3fdecc8ba3331541d18d9a 2009.0/i586/openssl-0.9.8h-3.8mdv2009.0.i586.rpm \n a5b43d482e633af8952e7e04f8d7b56e 2009.0/SRPMS/openssl-0.9.8h-3.8mdv2009.0.src.rpm\n\n Mandriva Linux 2009.0/X86_64:\n 007dedca099e812b7b461e720ef5e6f1 2009.0/x86_64/lib64openssl0.9.8-0.9.8h-3.8mdv2009.0.x86_64.rpm\n 293194a028c940a27d11549ef84ff182 2009.0/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.8mdv2009.0.x86_64.rpm\n 6b1c8ced8640b51bf25761c127b3ed20 2009.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.8mdv2009.0.x86_64.rpm\n 76bbe5d36d9887cbc753b267b6d3a608 2009.0/x86_64/openssl-0.9.8h-3.8mdv2009.0.x86_64.rpm \n a5b43d482e633af8952e7e04f8d7b56e 2009.0/SRPMS/openssl-0.9.8h-3.8mdv2009.0.src.rpm\n\n Mandriva Linux 2010.0:\n b92acd82153b8987f0bcdb0e277c6f0e 2010.0/i586/libopenssl0.9.8-0.9.8k-5.3mdv2010.0.i586.rpm\n d780ab4e0e80a66b105f72e41a4d5b54 2010.0/i586/libopenssl0.9.8-devel-0.9.8k-5.3mdv2010.0.i586.rpm\n 8faae39210b0c366f619cdb71b1a7321 2010.0/i586/libopenssl0.9.8-static-devel-0.9.8k-5.3mdv2010.0.i586.rpm\n 2247e3b7bff72998d841d650ba25960a 2010.0/i586/openssl-0.9.8k-5.3mdv2010.0.i586.rpm \n 2c2a297e1c568ef69502064578516f0f 2010.0/SRPMS/openssl-0.9.8k-5.3mdv2010.0.src.rpm\n\n Mandriva Linux 2010.0/X86_64:\n 331d3064412c7b73baed5d54e7262f51 2010.0/x86_64/lib64openssl0.9.8-0.9.8k-5.3mdv2010.0.x86_64.rpm\n 2e90f43a521e108a8adbde35a058d7b9 2010.0/x86_64/lib64openssl0.9.8-devel-0.9.8k-5.3mdv2010.0.x86_64.rpm\n 7d102f6bf8bb201654aa518e3b73a27f 2010.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8k-5.3mdv2010.0.x86_64.rpm\n 4b7ad813fd5fdd5785bd94eb3a951244 2010.0/x86_64/openssl-0.9.8k-5.3mdv2010.0.x86_64.rpm \n 2c2a297e1c568ef69502064578516f0f 2010.0/SRPMS/openssl-0.9.8k-5.3mdv2010.0.src.rpm\n\n Mandriva Linux 2010.1:\n 8310ac6aa860087de6992e618460f279 2010.1/i586/libopenssl1.0.0-1.0.0a-1.5mdv2010.1.i586.rpm\n 7e7719b1b5c2f91a6eadfab9dd696b8f 2010.1/i586/libopenssl1.0.0-devel-1.0.0a-1.5mdv2010.1.i586.rpm\n 5b5aa8939c69c69c2ab49145aca37173 2010.1/i586/libopenssl1.0.0-static-devel-1.0.0a-1.5mdv2010.1.i586.rpm\n 0e6bd59c1d6b2c459acc5c4d0851246a 2010.1/i586/libopenssl-engines1.0.0-1.0.0a-1.5mdv2010.1.i586.rpm\n de46046e9b1e033cccd668b32b70972c 2010.1/i586/openssl-1.0.0a-1.5mdv2010.1.i586.rpm \n f6059c72297b6510fa4c816db6742a64 2010.1/SRPMS/openssl-1.0.0a-1.5mdv2010.1.src.rpm\n\n Mandriva Linux 2010.1/X86_64:\n c792f3d19c1f9ff50c801feccd600319 2010.1/x86_64/lib64openssl1.0.0-1.0.0a-1.5mdv2010.1.x86_64.rpm\n 7f3a6b125fc145e17c140218f3b48a92 2010.1/x86_64/lib64openssl1.0.0-devel-1.0.0a-1.5mdv2010.1.x86_64.rpm\n e5f35fbeadb2f765607325f960de621e 2010.1/x86_64/lib64openssl1.0.0-static-devel-1.0.0a-1.5mdv2010.1.x86_64.rpm\n 27a8dee6459e0830be1e907f082d25a2 2010.1/x86_64/lib64openssl-engines1.0.0-1.0.0a-1.5mdv2010.1.x86_64.rpm\n 4b7863a6c8b883f385613bb7a49af128 2010.1/x86_64/openssl-1.0.0a-1.5mdv2010.1.x86_64.rpm \n f6059c72297b6510fa4c816db6742a64 2010.1/SRPMS/openssl-1.0.0a-1.5mdv2010.1.src.rpm\n\n Mandriva Enterprise Server 5:\n fef62b69a582a93e821a2d802fb4faee mes5/i586/libopenssl0.9.8-0.9.8h-3.8mdvmes5.1.i586.rpm\n fe3c0cf3596d90cc3be37a944df1753b mes5/i586/libopenssl0.9.8-devel-0.9.8h-3.8mdvmes5.1.i586.rpm\n d5a269adf63ee6d4ce21ea651e208180 mes5/i586/libopenssl0.9.8-static-devel-0.9.8h-3.8mdvmes5.1.i586.rpm\n e410f94c6d8c08270aa1edd5aeb7c177 mes5/i586/openssl-0.9.8h-3.8mdvmes5.1.i586.rpm \n aaa38cecee165e165beace7e0b02ecdf mes5/SRPMS/openssl-0.9.8h-3.8mdvmes5.1.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n ebec7b3044ee3b3b0ab6c455741e5782 mes5/x86_64/lib64openssl0.9.8-0.9.8h-3.8mdvmes5.1.x86_64.rpm\n 0c201edd531dd53a541739bf6db7f276 mes5/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.8mdvmes5.1.x86_64.rpm\n 83a690e504f6470ffc4bce428ff09199 mes5/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.8mdvmes5.1.x86_64.rpm\n fcef579e52e20393ffd2bbae00b602a8 mes5/x86_64/openssl-0.9.8h-3.8mdvmes5.1.x86_64.rpm \n aaa38cecee165e165beace7e0b02ecdf mes5/SRPMS/openssl-0.9.8h-3.8mdvmes5.1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFM49pvmqjQ0CJFipgRAs5xAKDhGJdpzq9ZF6TvhezjZR8zmOQAngCggDa1\nvAfiUtuiMqw0BDS3V2tLk/I=\n=hDGj\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \n\nThe fix was developed by Dr Stephen Henson of the OpenSSL core team. \n\nThis vulnerability is tracked as CVE-2010-3864\n\nWho is affected?\n=================\n\nAll versions of OpenSSL supporting TLS extensions contain this vulnerability\nincluding OpenSSL 0.9.8f through 0.9.8o, 1.0.0, 1.0.0a releases. \n\nPatch for OpenSSL 0.9.8 releases\n================================\n\nIndex: ssl/t1_lib.c\n===================================================================\nRCS file: /v/openssl/cvs/openssl/ssl/t1_lib.c,v\nretrieving revision 1.13.2.27\ndiff -u -r1.13.2.27 t1_lib.c\n--- ssl/t1_lib.c\t12 Jun 2010 13:18:58 -0000\t1.13.2.27\n+++ ssl/t1_lib.c\t15 Nov 2010 15:20:14 -0000\n@@ -432,14 +432,23 @@\n \t\t\t\tswitch (servname_type)\n \t\t\t\t\t{\n \t\t\t\tcase TLSEXT_NAMETYPE_host_name:\n-\t\t\t\t\tif (s-\u003esession-\u003etlsext_hostname == NULL)\n+\t\t\t\t\tif (!s-\u003ehit)\n \t\t\t\t\t\t{\n-\t\t\t\t\t\tif (len \u003e TLSEXT_MAXLEN_host_name || \n-\t\t\t\t\t\t\t((s-\u003esession-\u003etlsext_hostname = OPENSSL_malloc(len+1)) == NULL))\n+\t\t\t\t\t\tif(s-\u003esession-\u003etlsext_hostname)\n+\t\t\t\t\t\t\t{\n+\t\t\t\t\t\t\t*al = SSL_AD_DECODE_ERROR;\n+\t\t\t\t\t\t\treturn 0;\n+\t\t\t\t\t\t\t}\n+\t\t\t\t\t\tif (len \u003e TLSEXT_MAXLEN_host_name)\n \t\t\t\t\t\t\t{\n \t\t\t\t\t\t\t*al = TLS1_AD_UNRECOGNIZED_NAME;\n \t\t\t\t\t\t\treturn 0;\n \t\t\t\t\t\t\t}\n+\t\t\t\t\t\tif ((s-\u003esession-\u003etlsext_hostname = OPENSSL_malloc(len+1)) == NULL)\n+\t\t\t\t\t\t\t{\n+\t\t\t\t\t\t\t*al = TLS1_AD_INTERNAL_ERROR;\n+\t\t\t\t\t\t\treturn 0;\n+\t\t\t\t\t\t\t}\n \t\t\t\t\t\tmemcpy(s-\u003esession-\u003etlsext_hostname, sdata, len);\n \t\t\t\t\t\ts-\u003esession-\u003etlsext_hostname[len]=\u0027\\0\u0027;\n \t\t\t\t\t\tif (strlen(s-\u003esession-\u003etlsext_hostname) != len) {\n@@ -452,7 +461,8 @@\n \n \t\t\t\t\t\t}\n \t\t\t\t\telse \n-\t\t\t\t\t\ts-\u003eservername_done = strlen(s-\u003esession-\u003etlsext_hostname) == len \n+\t\t\t\t\t\ts-\u003eservername_done = s-\u003esession-\u003etlsext_hostname\n+\t\t\t\t\t\t\t\u0026\u0026 strlen(s-\u003esession-\u003etlsext_hostname) == len \n \t\t\t\t\t\t\t\u0026\u0026 strncmp(s-\u003esession-\u003etlsext_hostname, (char *)sdata, len) == 0;\n \t\t\t\t\t\n \t\t\t\t\tbreak;\n\nPatch for OpenSSL 1.0.0 releases\n================================\n\nIndex: ssl/t1_lib.c\n===================================================================\nRCS file: /v/openssl/cvs/openssl/ssl/t1_lib.c,v\nretrieving revision 1.64.2.14\ndiff -u -r1.64.2.14 t1_lib.c\n--- ssl/t1_lib.c\t15 Jun 2010 17:25:15 -0000\t1.64.2.14\n+++ ssl/t1_lib.c\t15 Nov 2010 15:26:19 -0000\n@@ -714,14 +714,23 @@\n \t\t\t\tswitch (servname_type)\n \t\t\t\t\t{\n \t\t\t\tcase TLSEXT_NAMETYPE_host_name:\n-\t\t\t\t\tif (s-\u003esession-\u003etlsext_hostname == NULL)\n+\t\t\t\t\tif (!s-\u003ehit)\n \t\t\t\t\t\t{\n-\t\t\t\t\t\tif (len \u003e TLSEXT_MAXLEN_host_name || \n-\t\t\t\t\t\t\t((s-\u003esession-\u003etlsext_hostname = OPENSSL_malloc(len+1)) == NULL))\n+\t\t\t\t\t\tif(s-\u003esession-\u003etlsext_hostname)\n+\t\t\t\t\t\t\t{\n+\t\t\t\t\t\t\t*al = SSL_AD_DECODE_ERROR;\n+\t\t\t\t\t\t\treturn 0;\n+\t\t\t\t\t\t\t}\n+\t\t\t\t\t\tif (len \u003e TLSEXT_MAXLEN_host_name)\n \t\t\t\t\t\t\t{\n \t\t\t\t\t\t\t*al = TLS1_AD_UNRECOGNIZED_NAME;\n \t\t\t\t\t\t\treturn 0;\n \t\t\t\t\t\t\t}\n+\t\t\t\t\t\tif ((s-\u003esession-\u003etlsext_hostname = OPENSSL_malloc(len+1)) == NULL)\n+\t\t\t\t\t\t\t{\n+\t\t\t\t\t\t\t*al = TLS1_AD_INTERNAL_ERROR;\n+\t\t\t\t\t\t\treturn 0;\n+\t\t\t\t\t\t\t}\n \t\t\t\t\t\tmemcpy(s-\u003esession-\u003etlsext_hostname, sdata, len);\n \t\t\t\t\t\ts-\u003esession-\u003etlsext_hostname[len]=\u0027\\0\u0027;\n \t\t\t\t\t\tif (strlen(s-\u003esession-\u003etlsext_hostname) != len) {\n@@ -734,7 +743,8 @@\n \n \t\t\t\t\t\t}\n \t\t\t\t\telse \n-\t\t\t\t\t\ts-\u003eservername_done = strlen(s-\u003esession-\u003etlsext_hostname) == len \n+\t\t\t\t\t\ts-\u003eservername_done = s-\u003esession-\u003etlsext_hostname\n+\t\t\t\t\t\t\t\u0026\u0026 strlen(s-\u003esession-\u003etlsext_hostname) == len \n \t\t\t\t\t\t\t\u0026\u0026 strncmp(s-\u003esession-\u003etlsext_hostname, (char *)sdata, len) == 0;\n \t\t\t\t\t\n \t\t\t\t\tbreak;\n@@ -765,15 +775,22 @@\n \t\t\t\t*al = TLS1_AD_DECODE_ERROR;\n \t\t\t\treturn 0;\n \t\t\t\t}\n-\t\t\ts-\u003esession-\u003etlsext_ecpointformatlist_length = 0;\n-\t\t\tif (s-\u003esession-\u003etlsext_ecpointformatlist != NULL) OPENSSL_free(s-\u003esession-\u003etlsext_ecpointformatlist);\n-\t\t\tif ((s-\u003esession-\u003etlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL)\n+\t\t\tif (!s-\u003ehit)\n \t\t\t\t{\n-\t\t\t\t*al = TLS1_AD_INTERNAL_ERROR;\n-\t\t\t\treturn 0;\n+\t\t\t\tif(s-\u003esession-\u003etlsext_ecpointformatlist)\n+\t\t\t\t\t{\n+\t\t\t\t\t*al = TLS1_AD_DECODE_ERROR;\n+\t\t\t\t\treturn 0;\n+\t\t\t\t\t}\n+\t\t\t\ts-\u003esession-\u003etlsext_ecpointformatlist_length = 0;\n+\t\t\t\tif ((s-\u003esession-\u003etlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL)\n+\t\t\t\t\t{\n+\t\t\t\t\t*al = TLS1_AD_INTERNAL_ERROR;\n+\t\t\t\t\treturn 0;\n+\t\t\t\t\t}\n+\t\t\t\ts-\u003esession-\u003etlsext_ecpointformatlist_length = ecpointformatlist_length;\n+\t\t\t\tmemcpy(s-\u003esession-\u003etlsext_ecpointformatlist, sdata, ecpointformatlist_length);\n \t\t\t\t}\n-\t\t\ts-\u003esession-\u003etlsext_ecpointformatlist_length = ecpointformatlist_length;\n-\t\t\tmemcpy(s-\u003esession-\u003etlsext_ecpointformatlist, sdata, ecpointformatlist_length);\n #if 0\n \t\t\tfprintf(stderr,\"ssl_parse_clienthello_tlsext s-\u003esession-\u003etlsext_ecpointformatlist (length=%i) \", s-\u003esession-\u003etlsext_ecpointformatlist_length);\n \t\t\tsdata = s-\u003esession-\u003etlsext_ecpointformatlist;\n@@ -794,15 +811,22 @@\n \t\t\t\t*al = TLS1_AD_DECODE_ERROR;\n \t\t\t\treturn 0;\n \t\t\t\t}\n-\t\t\ts-\u003esession-\u003etlsext_ellipticcurvelist_length = 0;\n-\t\t\tif (s-\u003esession-\u003etlsext_ellipticcurvelist != NULL) OPENSSL_free(s-\u003esession-\u003etlsext_ellipticcurvelist);\n-\t\t\tif ((s-\u003esession-\u003etlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL)\n+\t\t\tif (!s-\u003ehit)\n \t\t\t\t{\n-\t\t\t\t*al = TLS1_AD_INTERNAL_ERROR;\n-\t\t\t\treturn 0;\n+\t\t\t\tif(s-\u003esession-\u003etlsext_ellipticcurvelist)\n+\t\t\t\t\t{\n+\t\t\t\t\t*al = TLS1_AD_DECODE_ERROR;\n+\t\t\t\t\treturn 0;\n+\t\t\t\t\t}\n+\t\t\t\ts-\u003esession-\u003etlsext_ellipticcurvelist_length = 0;\n+\t\t\t\tif ((s-\u003esession-\u003etlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL)\n+\t\t\t\t\t{\n+\t\t\t\t\t*al = TLS1_AD_INTERNAL_ERROR;\n+\t\t\t\t\treturn 0;\n+\t\t\t\t\t}\n+\t\t\t\ts-\u003esession-\u003etlsext_ellipticcurvelist_length = ellipticcurvelist_length;\n+\t\t\t\tmemcpy(s-\u003esession-\u003etlsext_ellipticcurvelist, sdata, ellipticcurvelist_length);\n \t\t\t\t}\n-\t\t\ts-\u003esession-\u003etlsext_ellipticcurvelist_length = ellipticcurvelist_length;\n-\t\t\tmemcpy(s-\u003esession-\u003etlsext_ellipticcurvelist, sdata, ellipticcurvelist_length);\n #if 0\n \t\t\tfprintf(stderr,\"ssl_parse_clienthello_tlsext s-\u003esession-\u003etlsext_ellipticcurvelist (length=%i) \", s-\u003esession-\u003etlsext_ellipticcurvelist_length);\n \t\t\tsdata = s-\u003esession-\u003etlsext_ellipticcurvelist;\n\n\nReferences\n===========\n\nURL for this Security Advisory:\nhttp://www.openssl.org/news/secadv_20101116.txt\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=============================================================================\nFreeBSD-SA-10:10.openssl Security Advisory\n The FreeBSD Project\n\nTopic: OpenSSL multiple vulnerabilities\n\nCategory: contrib\nModule: openssl\nAnnounced: 2010-11-29\nCredits: Georgi Guninski, Rob Hulswit\nAffects: FreeBSD 7.0 and later\nCorrected: 2010-11-26 22:50:58 UTC (RELENG_8, 8.1-STABLE)\n 2010-11-29 20:43:06 UTC (RELENG_8_1, 8.1-RELEASE-p2)\n 2010-11-29 20:43:06 UTC (RELENG_8_0, 8.0-RELEASE-p6)\n 2010-11-28 13:45:51 UTC (RELENG_7, 7.3-STABLE)\n 2010-11-29 20:43:06 UTC (RELENG_7_3, 7.3-RELEASE-p4)\n 2010-11-29 20:43:06 UTC (RELENG_7_1, 7.1-RELEASE-p16)\nCVE Name: CVE-2010-2939, CVE-2010-3864\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:http://security.FreeBSD.org/\u003e. Background\n\nFreeBSD includes software from the OpenSSL Project. The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured\nOpen Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nII. The race condition can lead to\na buffer overflow. [CVE-2010-3864]\n\nA double free exists in the SSL client ECDH handling code, when\nprocessing specially crafted public keys with invalid prime\nnumbers. [CVE-2010-2939]\n\nIII. [CVE-2010-3864]. \n\nIt may be possible to cause a DoS or potentially execute arbitrary in\nthe context of the user connection to a malicious SSL server. \n[CVE-2010-2939]\n\nIV. Workaround\n\nNo workaround is available, but CVE-2010-3864 only affects FreeBSD 8.0\nand later. Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE, or to the\nRELENG_8_1, RELENG_8_0, RELENG_7_3, or RELENG_7_1 security branch\ndated after the correction date. \n\n2) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to FreeBSD 7.1, 7.3,\n8.0 and 8.1 systems. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 7.x]\n# fetch http://security.FreeBSD.org/patches/SA-10:10/openssl7.patch\n# fetch http://security.FreeBSD.org/patches/SA-10:10/openssl7.patch.asc\n\n[FreeBSD 8.x]\n# fetch http://security.FreeBSD.org/patches/SA-10:10/openssl.patch\n# fetch http://security.FreeBSD.org/patches/SA-10:10/openssl.patch.asc\n\nb) Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n# cd /usr/src/secure/lib/libssl\n# make obj \u0026\u0026 make depend \u0026\u0026 make \u0026\u0026 make install\n\nNOTE: On the amd64 platform, the above procedure will not update the\nlib32 (i386 compatibility) libraries. On amd64 systems where the i386\ncompatibility libraries are used, the operating system should instead\nbe recompiled as described in\n\u003cURL:http://www.FreeBSD.org/handbook/makeworld.html\u003e\n\n3) To update your vulnerable system via a binary patch:\n\nSystems running 7.1-RELEASE, 7.3-RELEASE, 8.0-RELEASE or 8.1-RELEASE\non the i386 or amd64 platforms can be updated via the\nfreebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nVI. Correction details\n\nThe following list contains the revision numbers of each file that was\ncorrected in FreeBSD. \n\nCVS:\n\nBranch Revision\n Path\n- -------------------------------------------------------------------------\nRELENG_7_3\n src/UPDATING 1.507.2.34.2.6\n src/sys/conf/newvers.sh 1.72.2.16.2.8\n src/crypto/openssl/ssl/s3_clnt.c 1.1.1.14.2.1.4.1\nRELENG_7_1\n src/UPDATING 1.507.2.13.2.19\n src/sys/conf/newvers.sh 1.72.2.9.2.20\n src/crypto/openssl/ssl/s3_clnt.c 1.1.1.14.6.2\nRELENG_8_1\n src/UPDATING 1.632.2.14.2.5\n src/sys/conf/newvers.sh 1.83.2.10.2.6\n src/crypto/openssl/ssl/s3_clnt.c 1.3.2.1.2.1\n src/crypto/openssl/ssl/t1_lib.c 1.2.2.1.2.1\nRELENG_8_0\n src/UPDATING 1.632.2.7.2.9\n src/sys/conf/newvers.sh 1.83.2.6.2.9\n src/crypto/openssl/ssl/s3_clnt.c 1.3.4.1\n src/crypto/openssl/ssl/t1_lib.c 1.2.4.1\n- -------------------------------------------------------------------------\n\nSubversion:\n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/7/ r215997\nreleng/7.3/ r216063\nreleng/7.1/ r216063\nstable/8/ r215912\nreleng/8.0/ r216063\nreleng/8.1/ r216063\n- -------------------------------------------------------------------------\n\nVII", "sources": [ { "db": "NVD", "id": "CVE-2010-3864" }, { "db": "CERT/CC", "id": "VU#737740" }, { "db": "JVNDB", "id": "JVNDB-2010-002486" }, { "db": "BID", "id": "44884" }, { "db": "VULMON", "id": "CVE-2010-3864" }, { "db": "PACKETSTORM", "id": "98419" }, { "db": "PACKETSTORM", "id": "101256" }, { "db": "PACKETSTORM", "id": "105638" }, { "db": "PACKETSTORM", "id": "96068" }, { "db": "PACKETSTORM", "id": "95943" }, { "db": "PACKETSTORM", "id": "95934" }, { "db": "PACKETSTORM", "id": "96248" } ], "trust": 3.33 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2010-3864", "trust": 2.9 }, { "db": "CERT/CC", "id": "VU#737740", "trust": 2.2 }, { "db": "SECUNIA", "id": "42243", "trust": 1.9 }, { "db": "SECTRACK", "id": "1024743", "trust": 1.8 }, { "db": "SECUNIA", "id": "42309", "trust": 1.1 }, { "db": "SECUNIA", "id": "43312", "trust": 1.1 }, { "db": "SECUNIA", "id": "44269", "trust": 1.1 }, { "db": "SECUNIA", "id": "42336", "trust": 1.1 }, { "db": "SECUNIA", "id": "42413", "trust": 1.1 }, { "db": "SECUNIA", "id": "57353", "trust": 1.1 }, { "db": "SECUNIA", "id": "42241", "trust": 1.1 }, { "db": "SECUNIA", "id": "42397", "trust": 1.1 }, { "db": "SECUNIA", "id": "42352", "trust": 1.1 }, { "db": "BID", "id": "44884", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2010-3077", "trust": 1.0 }, { "db": "VUPEN", "id": "ADV-2010-3097", "trust": 1.0 }, { "db": "VUPEN", "id": "ADV-2010-3121", "trust": 1.0 }, { "db": "VUPEN", "id": "ADV-2010-3041", "trust": 1.0 }, { "db": "VUPEN", "id": "ADV-2010-3001", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU91284469", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2010-002486", "trust": 0.8 }, { "db": "VUPEN", "id": "2010/3097", "trust": 0.1 }, { "db": "VUPEN", "id": "2010/3121", "trust": 0.1 }, { "db": "VUPEN", "id": "2010/3041", "trust": 0.1 }, { "db": "VUPEN", "id": "2010/3077", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2010-3864", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "98419", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101256", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "105638", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "96068", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "95943", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "95934", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "96248", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#737740" }, { "db": "VULMON", "id": "CVE-2010-3864" }, { "db": "BID", "id": "44884" }, { "db": "JVNDB", "id": "JVNDB-2010-002486" }, { "db": "PACKETSTORM", "id": "98419" }, { "db": "PACKETSTORM", "id": "101256" }, { "db": "PACKETSTORM", "id": "105638" }, { "db": "PACKETSTORM", "id": "96068" }, { "db": "PACKETSTORM", "id": "95943" }, { "db": "PACKETSTORM", "id": "95934" }, { "db": "PACKETSTORM", "id": "96248" }, { "db": "NVD", "id": "CVE-2010-3864" } ] }, "id": "VAR-201011-0251", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.11111111 }, "last_update_date": "2022-06-28T21:16:16.795000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APSB11-11", "trust": 0.8, "url": "http://www.adobe.com/support/security/bulletins/apsb11-11.html" }, { "title": "APSB11-11", "trust": 0.8, "url": "http://www.adobe.com/jp/support/security/bulletins/apsb11-11.html" }, { "title": "HT4723", "trust": 0.8, "url": "http://support.apple.com/kb/ht4723" }, { "title": "HPSBUX02638", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c02737002" }, { "title": "secadv_20101116", "trust": 0.8, "url": "http://openssl.org/news/secadv_20101116.txt" }, { "title": "RHSA-2010:0888", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2010-0888.html" }, { "title": "VMSA-2011-0003", "trust": 0.8, "url": "http://www.vmware.com/security/advisories/vmsa-2011-0003.html" }, { "title": "Ubuntu Security Notice: openssl vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-1018-1" }, { "title": "Debian Security Advisories: DSA-2125-1 openssl -- buffer overflow", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=23cb8e933fce5e73fcc12f7bd731374b" }, { "title": "Symantec Security Advisories: SA68 : Multiple SSL/TLS vulnerabilities in Reporter", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=79f3486c7600ac3aeeb5401f9ee75fd3" }, { "title": "Splunk Security Announcements: Splunk 4.1.6 updates OpenSSL to 0.9.8p address CVE-2010-3864 - December 1st, 2010", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=a480dd0eb83fa64bb2d868edfd9943df" }, { "title": "VMware Security Advisories: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=ea953b0a91a1816979ec1d304d5e3d93" } ], "sources": [ { "db": "VULMON", "id": "CVE-2010-3864" }, { "db": "JVNDB", "id": "JVNDB-2010-002486" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-362", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-002486" }, { "db": "NVD", "id": "CVE-2010-3864" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "http://secunia.com/advisories/42243" }, { "trust": 1.9, "url": "http://securitytracker.com/id?1024743" }, { "trust": 1.5, "url": "http://www.kb.cert.org/vuls/id/737740" }, { "trust": 1.4, "url": "https://rhn.redhat.com/errata/rhsa-2010-0888.html" }, { "trust": 1.4, "url": "http://blogs.sun.com/security/entry/cve_2010_3864_race_condition" }, { "trust": 1.4, "url": "http://www.adobe.com/support/security/bulletins/apsb11-11.html" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004564" }, { "trust": 1.2, "url": "http://openssl.org/news/secadv_20101116.txt" }, { "trust": 1.2, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=649304" }, { "trust": 1.2, "url": "http://security.freebsd.org/advisories/freebsd-sa-10:10.openssl.asc" }, { "trust": 1.1, "url": "http://w3.efi.com/fiery" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-november/051255.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/42336" }, { "trust": 1.1, "url": "http://secunia.com/advisories/42352" }, { "trust": 1.1, "url": "http://secunia.com/advisories/42397" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-november/051237.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-november/051170.html" }, { "trust": 1.1, "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.668793" }, { "trust": 1.1, "url": "http://secunia.com/advisories/42309" }, { "trust": 1.1, "url": "http://www.debian.org/security/2010/dsa-2125" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2010/3121" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2010/3041" }, { "trust": 1.1, "url": "http://secunia.com/advisories/42413" }, { "trust": 1.1, "url": "http://secunia.com/advisories/42241" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2010/3097" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2010/3077" }, { "trust": 1.1, "url": "http://www.vmware.com/security/advisories/vmsa-2011-0003.html" }, { "trust": 1.1, "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-january/000101.html" }, { "trust": 1.1, "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-january/000102.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/43312" }, { "trust": 1.1, "url": "http://secunia.com/advisories/44269" }, { "trust": 1.1, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c02794777" }, { "trust": 1.1, "url": "http://support.apple.com/kb/ht4723" }, { "trust": 1.1, "url": "http://lists.apple.com/archives/security-announce/2011//jun/msg00000.html" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=132828103218869\u0026w=2" }, { "trust": 1.1, "url": "http://secunia.com/advisories/57353" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=129916880600544\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2" }, { "trust": 1.1, "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" }, { "trust": 1.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3864" }, { "trust": 0.8, "url": "http://www.support.xerox.com/support/docucolor-242-252-260/downloads/enus.html?associatedproduct=fiery-exp260\u0026operatingsystem=win7x64" }, { "trust": 0.8, "url": "https://www.openssl.org/news/vulnerabilities.html" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu976710" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu91284469/" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3864" }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/44884" }, { "trust": 0.8, "url": "http://www.vupen.com/english/advisories/2010/3001" }, { "trust": 0.5, "url": "http://www.openssl.org/news/secadv_20101116.txt" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3864" }, { "trust": 0.3, "url": "https://my.stonesoft.com/support/attachment.do?docid=6410\u0026file=ssl-vpn_1.4.5-rlnt.pdf" }, { "trust": 0.3, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03179825" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=isg400001530" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=isg400001529" }, { "trust": 0.3, "url": "https://www-304.ibm.com/connections/blogs/psirt/entry/security_bulletin_potential_security_exposure_when_using_ibm_infosphere_streams_due_to_vulnerabilities_in_ibm_java_se_version_6_sdk6?lang=en_us" }, { "trust": 0.3, "url": "https://kb.bluecoat.com/index?page=content\u0026id=sa68" }, { "trust": 0.3, "url": "http://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2010-012.txt.asc" }, { "trust": 0.3, "url": "http://openssl.org/" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21637929" }, { "trust": 0.3, "url": "https://www.ibm.com/connections/blogs/psirt/entry/security_bulletin_ibm_tivoli_netcool_system_service_monitors_application_service_monitors_is_affected_by_multiple_openssl_vulnerabilities?lang=en_us" }, { "trust": 0.3, "url": "/archive/1/516801" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100131810" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21650623" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643698" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas12088ececb530423186257b410072035e" }, { "trust": 0.3, "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02794777" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638022" }, { "trust": 0.3, "url": "https://www.ibm.com/support/docview.wss?uid=swg21619837" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory2.asc" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001560" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24030251" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24033501" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643442" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21625170" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21627934" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21633107" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21635888" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638669" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638670" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643439" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643437" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643316" }, { "trust": 0.2, "url": "http://secunia.com/" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2939" }, { "trust": 0.2, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/362.html" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/1018-1/" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3556" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0086" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0085" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1086" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0730" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1088" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1027919" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1055" }, { "trust": 0.1, "url": "http://downloads.vmware.com/support/vsphere4/doc/vsp_esxi41_u1_rel_notes.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3571" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0095" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0307" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0092" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0093" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3555" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3548" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1031330" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3554" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3562" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0088" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0084" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0091" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0089" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3557" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3550" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0085" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1384" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3567" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0838" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0086" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0003" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0837" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3553" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0106" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/eos_vi.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2227" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0107" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2902" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2901" }, { "trust": 0.1, "url": "http://downloads.vmware.com/support/vsphere4/doc/vsp_esx41_u1_rel_notes.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1085" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0091" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0841" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0840" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0291" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2248" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0415" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3561" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3541" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3559" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3565" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1027904" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0107" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0093" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0433" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0842" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/eos.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0082" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3574" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0886" }, { "trust": 0.1, "url": "http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0734" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1157" }, { "trust": 0.1, "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0094" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0007" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0850" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2524" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0839" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1087" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0622" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0090" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-3825" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3573" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1084" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-5416" }, { "trust": 0.1, "url": "http://www.vmware.com/security/advisories" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1384" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0008" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0088" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0849" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2070" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4308" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3549" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3548" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2693" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-4308" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0007" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3568" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/security_response.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0084" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5416" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3825" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0410" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1321" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3572" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0092" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1437" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0003" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0094" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3566" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0847" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0740" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0082" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0437" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0844" }, { "trust": 0.1, "url": "http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3548" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2066" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0089" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2902" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0087" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0087" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1436" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2693" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1029353" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0085" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0846" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2226" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1173" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0008" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1641" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2928" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0106" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0845" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0848" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0095" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1187" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2521" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3569" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0085" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0090" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2901" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3081" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3551" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0843" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4180" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0014" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4252" }, { "trust": 0.1, "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do" }, { "trust": 0.1, "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc" }, { "trust": 0.1, "url": "http://h30046.www3.hp.com/subsignin.php" }, { "trust": 0.1, "url": "http://h71000.www7.hp.com/openvms/products/ssl/ssl.html" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0742" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-4355" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4180" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3207" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3864" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2939" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1633" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3210" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0740" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3245" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201110-01.xml" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3245" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0433" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0014" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-4355" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4252" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_mipsel.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_sparc.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_alpha.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_i386.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_amd64.udeb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_powerpc.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_amd64.deb" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_hppa.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_ia64.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_mips.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_mips.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_mipsel.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_ia64.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_sparc.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_powerpc.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_arm.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_mipsel.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_hppa.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_sparc.udeb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_hppa.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_armel.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_mipsel.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_powerpc.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_mipsel.udeb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_alpha.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_i386.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9.diff.gz" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_ia64.udeb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_s390.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_s390.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_s390.udeb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_s390.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g.orig.tar.gz" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_i386.udeb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_hppa.udeb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_armel.udeb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_armel.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_amd64.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_arm.udeb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_armel.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_arm.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_powerpc.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9.dsc" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_powerpc.udeb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_alpha.udeb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_s390.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_arm.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_mips.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_ia64.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_alpha.deb" }, { "trust": 0.1, "url": "http://packages.debian.org/\u003cpkg\u003e" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_i386.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_amd64.deb" }, { "trust": 0.1, "url": "http://security.debian.org/" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_amd64.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_sparc.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_mips.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_arm.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_alpha.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_sparc.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_mips.udeb" }, { "trust": 0.1, "url": "http://www.debian.org/security/" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_ia64.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_armel.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_hppa.deb" }, { "trust": 0.1, "url": "http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_i386.deb" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/" }, { "trust": 0.1, "url": "http://store.mandriva.com/product_info.php?cpath=149\u0026products_id=490" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/advisories" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-10:10/openssl.patch" }, { "trust": 0.1, "url": "http://www.freebsd.org/handbook/makeworld.html\u003e" }, { "trust": 0.1, "url": "http://security.freebsd.org/\u003e." }, { "trust": 0.1, "url": "http://www.mail-archive.com/openssl-dev@openssl.org/msg28043.html" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-10:10/openssl7.patch" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-10:10/openssl7.patch.asc" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2939" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-10:10/openssl.patch.asc" } ], "sources": [ { "db": "CERT/CC", "id": "VU#737740" }, { "db": "VULMON", "id": "CVE-2010-3864" }, { "db": "BID", "id": "44884" }, { "db": "JVNDB", "id": "JVNDB-2010-002486" }, { "db": "PACKETSTORM", "id": "98419" }, { "db": "PACKETSTORM", "id": "101256" }, { "db": "PACKETSTORM", "id": "105638" }, { "db": "PACKETSTORM", "id": "96068" }, { "db": "PACKETSTORM", "id": "95943" }, { "db": "PACKETSTORM", "id": "95934" }, { "db": "PACKETSTORM", "id": "96248" }, { "db": "NVD", "id": "CVE-2010-3864" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#737740" }, { "db": "VULMON", "id": "CVE-2010-3864" }, { "db": "BID", "id": "44884" }, { "db": "JVNDB", "id": "JVNDB-2010-002486" }, { "db": "PACKETSTORM", "id": "98419" }, { "db": "PACKETSTORM", "id": "101256" }, { "db": "PACKETSTORM", "id": "105638" }, { "db": "PACKETSTORM", "id": "96068" }, { "db": "PACKETSTORM", "id": "95943" }, { "db": "PACKETSTORM", "id": "95934" }, { "db": "PACKETSTORM", "id": "96248" }, { "db": "NVD", "id": "CVE-2010-3864" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2013-03-18T00:00:00", "db": "CERT/CC", "id": "VU#737740" }, { "date": "2010-11-17T00:00:00", "db": "VULMON", "id": "CVE-2010-3864" }, { "date": "2010-11-16T00:00:00", "db": "BID", "id": "44884" }, { "date": "2010-12-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-002486" }, { "date": "2011-02-11T13:13:00", "db": "PACKETSTORM", "id": "98419" }, { "date": "2011-05-10T00:44:30", "db": "PACKETSTORM", "id": "101256" }, { "date": "2011-10-09T16:42:00", "db": "PACKETSTORM", "id": "105638" }, { "date": "2010-11-23T19:08:44", "db": "PACKETSTORM", "id": "96068" }, { "date": "2010-11-18T01:04:10", "db": "PACKETSTORM", "id": "95943" }, { "date": "2010-11-18T00:30:27", "db": "PACKETSTORM", "id": "95934" }, { "date": "2010-12-01T04:32:28", "db": "PACKETSTORM", "id": "96248" }, { "date": "2010-11-17T16:00:00", "db": "NVD", "id": "CVE-2010-3864" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2013-05-02T00:00:00", "db": "CERT/CC", "id": "VU#737740" }, { "date": "2018-10-10T00:00:00", "db": "VULMON", "id": "CVE-2010-3864" }, { "date": "2015-04-13T20:36:00", "db": "BID", "id": "44884" }, { "date": "2012-06-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-002486" }, { "date": "2018-10-10T20:05:00", "db": "NVD", "id": "CVE-2010-3864" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "network", "sources": [ { "db": "BID", "id": "44884" } ], "trust": 0.3 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL", "sources": [ { "db": "CERT/CC", "id": "VU#737740" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Boundary Condition Error", "sources": [ { "db": "BID", "id": "44884" } ], "trust": 0.3 } }
var-201110-0395
Vulnerability from variot
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT. Oracle Java SE is prone to a remote vulnerability in Java Runtime Environment. The vulnerability can be exploited over multiple protocols. This issue affects the 'AWT' sub-component. This vulnerability affects the following supported versions: JDK and JRE 7, 6 Update 27, 5.0 Update 31, 1.4.2_33. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Hitachi Cosminexus Products Java Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA46694
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46694/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46694
RELEASE DATE: 2011-11-08
DISCUSS ADVISORY: http://secunia.com/advisories/46694/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46694/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46694
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Hitachi has acknowledged multiple vulnerabilities in Hitachi Cosminexus products, which can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
The vulnerabilities are caused due to vulnerabilities in the bundled version of Cosminexus Developer's Kit for Java.
For more information: SA46512
Please see the vendor's advisory for a list of affected products.
SOLUTION: Update to a fixed version. Please see the vendor's advisory for details.
ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-024/index.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
.
IcedTea6 prior to 1.10.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D (CVE-2011-3551).
IcedTea6 prior to 1.10.4 allows remote attackers to affect integrity via unknown vectors related to Networking (CVE-2011-3552).
IcedTea6 prior to 1.10.4 allows remote authenticated users to affect confidentiality, related to JAXWS (CVE-2011-3553).
IcedTea6 prior to 1.10.4 allows remote attackers to affect confidentiality, integrity, and availability, related to RMI (CVE-2011-3556).
IcedTea6 prior to 1.10.4 allows remote attackers to affect confidentiality, integrity, and availability, related to RMI (CVE-2011-3557).
Deepak Bhole discovered a flaw in the Same Origin Policy (SOP) implementation in the IcedTea project Web browser plugin. A malicious applet could use this flaw to bypass SOP protection and open connections to any sub-domain of the second-level domain of the applet's origin, as well as any sub-domain of the domain that is the suffix of the origin second-level domain. For example, IcedTea-Web plugin allowed applet from some.host.example.com to connect to other.host.example.com, www.example.com, and example.com, as well as www.ample.com or ample.com. (CVE-2011-3377). The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFOvSWxmqjQ0CJFipgRAnk1AKDUddZYCqwkfhoUpLxEL0BT3mDf0ACfbuTI aaF2JGTyfceBABs92un/yVA= =yPsD -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6
Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 are now available and address the following:
Java Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, Mac OS X v10.7.2, Mac OS X Server v10.7.2 Impact: Multiple vulnerabilities in Java 1.6.0_26 Description: Multiple vulnerabilities exist in Java 1.6.0_26, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_29. Further information is available via the Java website at http://java.sun.com/javase/6/webnotes/ReleaseNotes.html CVE-ID CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3545 CVE-2011-3546 CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 CVE-2011-3560 CVE-2011-3561
Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
For Mac OS X v10.6 systems The download file is named: JavaForMacOSX10.6.dmg Its SHA-1 digest is: be0ac75b8bac967f1d39a94ebf9482a61fb7d70b
For Mac OS X v10.7 systems The download file is named: JavaForMacOSX10.7.dmg Its SHA-1 digest is: 7768e6aeb5adaa638c74d4c04150517ed99fed20
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iQEcBAEBAgAGBQJOuZNKAAoJEGnF2JsdZQeece8H/1I98YQ1LF4iDD442zB+WjZP 2Vxd3euXYwySD6qDCYNLJ0hUKu90c/4nr5d5rRH3xYdBzAHuZG39m069lpN1UZIW t5ube+j9zjiejnXlPbAgq+vIAg22nu0EdxhOOZZeQOoEYqyoKhXNCt3fR+tzo3o4 mN/LWMO1NwrM0sGDPuUGs2TWdPZbC4QJJz4Z4S+FsTlujYh9MRd3dyxLBIg7BKCL wgnFdpFW8bPmVdiTj91pC0Gb3XtolQxexXGHsdI15KeFMbQ06nKV/AyvxMF8O5jS D089GEHE52NAQCZ0YJ6TJsisrGqTZZ77js55cPU259FogxEKKBuwfdFbn4qVeD8= =4KBF -----END PGP SIGNATURE----- .
Release Date: 2012-01-23 Last Updated: 2012-01-23
Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.12 or earlier
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-3516 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2011-3521 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3544 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3545 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3546 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8 CVE-2011-3547 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3548 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3549 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3550 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2011-3551 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2011-3552 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2011-3553 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2011-3554 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3556 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-3557 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2011-3558 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3560 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2011-3561 (AV:A/AC:H/Au:N/C:P/I:N/A:N) 1.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following Java version upgrades to resolve these vulnerabilities. This bulletin will be revised as other upgrades for additional supported Java versions become available. The upgrades are available from the following location
http://www.hp.com/go/java
HP-UX B.11.11, B.11.23, B.11.31 JDK and JRE v6.0.13 or subsequent
MANUAL ACTIONS: Yes - Update For Java v6.0.12 and earlier, update to Java v6.0.13 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 =========== Jre60.JRE60-COM Jre60.JRE60-IPF32 Jre60.JRE60-IPF32-HS Jre60.JRE60-IPF64 Jre60.JRE60-IPF64-HS Jre60.JRE60-PA20 Jre60.JRE60-PA20-HS Jre60.JRE60-PA20W Jre60.JRE60-PA20W-HS Jdk60.JDK60-COM Jdk60.JDK60-IPF32 Jdk60.JDK60-IPF64 Jdk60.JDK60-PA20 Jdk60.JDK60-PA20W action: install revision 1.6.0.13.00 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) 23 January 2012 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: java-1.6.0-openjdk security update Advisory ID: RHSA-2011:1380-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1380.html Issue date: 2011-10-18 CVE Names: CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3547 CVE-2011-3548 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 CVE-2011-3560 =====================================================================
- Summary:
Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
- Description:
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.
A flaw was found in the Java RMI (Remote Method Invocation) registry implementation. A remote RMI client could use this flaw to execute arbitrary code on the RMI server running the registry. (CVE-2011-3556)
A flaw was found in the Java RMI registry implementation. A remote RMI client could use this flaw to execute code on the RMI server with unrestricted privileges. (CVE-2011-3557)
A flaw was found in the IIOP (Internet Inter-Orb Protocol) deserialization code. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions by deserializing specially-crafted input. (CVE-2011-3521)
It was found that the Java ScriptingEngine did not properly restrict the privileges of sandboxed applications. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3544)
A flaw was found in the AWTKeyStroke implementation. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3548)
An integer overflow flaw, leading to a heap-based buffer overflow, was found in the Java2D code used to perform transformations of graphic shapes and images. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3551)
An insufficient error checking flaw was found in the unpacker for JAR files in pack200 format. A specially-crafted JAR file could use this flaw to crash the Java Virtual Machine (JVM) or, possibly, execute arbitrary code with JVM privileges. (CVE-2011-3554)
It was found that HttpsURLConnection did not perform SecurityManager checks in the setSSLSocketFactory method. An untrusted Java application or applet running in a sandbox could use this flaw to bypass connection restrictions defined in the policy. (CVE-2011-3560)
A flaw was found in the way the SSL 3 and TLS 1.0 protocols used block ciphers in cipher-block chaining (CBC) mode. An attacker able to perform a chosen plain text attack against a connection mixing trusted and untrusted data could use this flaw to recover portions of the trusted data sent over the connection. (CVE-2011-3389)
Note: This update mitigates the CVE-2011-3389 issue by splitting the first application data record byte to a separate SSL/TLS protocol record. This mitigation may cause compatibility issues with some SSL/TLS implementations and can be disabled using the jsse.enableCBCProtection boolean property. This can be done on the command line by appending the flag "-Djsse.enableCBCProtection=false" to the java command.
An information leak flaw was found in the InputStream.skip implementation. An untrusted Java application or applet could possibly use this flaw to obtain bytes skipped by other threads. (CVE-2011-3547)
A flaw was found in the Java HotSpot virtual machine. An untrusted Java application or applet could use this flaw to disclose portions of the VM memory, or cause it to crash. (CVE-2011-3558)
The Java API for XML Web Services (JAX-WS) implementation in OpenJDK was configured to include the stack trace in error messages sent to clients. A remote client could possibly use this flaw to obtain sensitive information. (CVE-2011-3553)
It was found that Java applications running with SecurityManager restrictions were allowed to use too many UDP sockets by default. If multiple instances of a malicious application were started at the same time, they could exhaust all available UDP sockets on the system. (CVE-2011-3552)
This erratum also upgrades the OpenJDK package to IcedTea6 1.9.10. Refer to the NEWS file, linked to in the References, for further information.
All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
- Bugs fixed (http://bugzilla.redhat.com/):
737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) 745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936) 745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600) 745391 - CVE-2011-3551 OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640) 745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417) 745399 - CVE-2011-3544 OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823) 745442 - CVE-2011-3521 OpenJDK: IIOP deserialization code execution (Deserialization, 7055902) 745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857) 745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466) 745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012) 745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773) 745476 - CVE-2011-3553 OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794) 745492 - CVE-2011-3558 OpenJDK: Hotspot unspecified issue (Hotspot, 7070134)
- Package List:
Red Hat Enterprise Linux Desktop (v. 5 client):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.src.rpm
i386: java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm
x86_64: java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.src.rpm
i386: java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm
x86_64: java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm
Red Hat Enterprise Linux Desktop (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm
i386: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm
x86_64: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm
i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm
x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm
x86_64: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm
x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm
i386: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm
x86_64: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm
i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm
x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm
i386: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm
x86_64: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm
i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm
x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-3389.html https://www.redhat.com/security/data/cve/CVE-2011-3521.html https://www.redhat.com/security/data/cve/CVE-2011-3544.html https://www.redhat.com/security/data/cve/CVE-2011-3547.html https://www.redhat.com/security/data/cve/CVE-2011-3548.html https://www.redhat.com/security/data/cve/CVE-2011-3551.html https://www.redhat.com/security/data/cve/CVE-2011-3552.html https://www.redhat.com/security/data/cve/CVE-2011-3553.html https://www.redhat.com/security/data/cve/CVE-2011-3554.html https://www.redhat.com/security/data/cve/CVE-2011-3556.html https://www.redhat.com/security/data/cve/CVE-2011-3557.html https://www.redhat.com/security/data/cve/CVE-2011-3558.html https://www.redhat.com/security/data/cve/CVE-2011-3560.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html http://icedtea.classpath.org/hg/release/icedtea6-1.9/file/328afd896e3e/NEWS
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFOngvzXlSAg2UNWIIRArb8AKCaS923HYBco1E2eOOedT1aefjmyACgherU 1E1DMZpv3ExBmKhD4Emi2no= =sMXo -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201110-0395", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jdk", "scope": "eq", "trust": 1.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre", "scope": "eq", "trust": 1.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre", "scope": "eq", "trust": 1.6, "vendor": "sun", "version": "1.4.2_24" }, { "model": "jre", "scope": "eq", "trust": 1.6, "vendor": "sun", "version": "1.4.2_22" }, { "model": "jre", "scope": "eq", "trust": 1.6, "vendor": "sun", "version": "1.4.2_19" }, { "model": "jre", "scope": "eq", "trust": 1.6, "vendor": "sun", "version": "1.4.2_20" }, { "model": "jre", "scope": "eq", "trust": 1.6, "vendor": "sun", "version": "1.4.2_31" }, { "model": "jre", "scope": "eq", "trust": 1.6, "vendor": "sun", "version": "1.4.2_23" }, { "model": "jre", "scope": "eq", "trust": 1.6, "vendor": "sun", "version": "1.4.2_17" }, { "model": "jre", "scope": "eq", "trust": 1.6, "vendor": "sun", "version": "1.4.2_16" }, { "model": "jre", "scope": "eq", "trust": 1.6, "vendor": "sun", "version": "1.4.2_18" }, { "model": "jre", "scope": "eq", "trust": 1.6, "vendor": "sun", "version": "1.4.2_21" }, { "model": "jre", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "jdk", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_22" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_26" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_6" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_17" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_6" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_27" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_27" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_1" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_1" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_18" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_7" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_25" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_7" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_25" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_31" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_21" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_4" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_4" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_28" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_28" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_11" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_11" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_2" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_2" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_10" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_10" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_16" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_14" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_14" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_12" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_12" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_29" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_29" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_20" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_24" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_5" }, { "model": "jre", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.4.2_33" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_5" }, { "model": "jdk", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.4.2_33" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_26" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_8" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_8" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_32" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_32" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_15" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_15" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_30" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_30" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_3" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_3" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_9" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_9" }, { "model": "jre", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jdk", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_23" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_19" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_13" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_13" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.7.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.7.0" }, { "model": "jre 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.5.0 32", "scope": "ne", "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 08", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "sdk 1.4.2 30", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 24", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.6.0 28", "scope": "ne", "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.4.2 30", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 17", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 16", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 08", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 1.5.0 32", "scope": "ne", "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.4.2 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.5.0 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 27", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 23", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 22", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 18", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 1.4.2 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.4.2 32", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 28", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 12", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 1.4.2 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 22", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 27", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "sdk 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.4.2 12", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 24", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 09", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 16", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 12", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 1.4.2 12", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.5.0 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.7" }, { "model": "jre 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.4.2 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 01", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 1.5.0 28", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.4.2 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 22", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.4.2 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 1.5.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 28", "scope": "ne", "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "sdk 09", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.4.2 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 23", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.4.2 17", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 10", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 28", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 1.4.2 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.4.2 33", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 26", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 30", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 26", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 24", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 1.4.2 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 22", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 11", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.4.2 16", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 18", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.7" }, { "model": "sdk 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "sdk 1.4.2 16", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 17", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 24", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "sdk 1.4.2 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 30", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "sdk 1.4.2 33", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "sdk 1.4.2 32", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk .0 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 0 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 24", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0.0 11", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.5.0.0 09", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 11-b03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0 12", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 28", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk .0 04", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 01-b06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.6" }, { "model": "jdk .0 03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0.0 08", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0.0 09", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.5.0.0 07", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 2", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 01", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 27", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 07-b03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0.0 08", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 20", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0.0 12", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "cosminexus server web edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux enterprise for sap applications sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "java se sr8 fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8" }, { "model": "linux enterprise sdk sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "trio tview software", "scope": "eq", "trust": 0.3, "vendor": "schneider electric", "version": "3.27.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.1" }, { "model": "antivirus update19", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "processing kit for xml", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.16.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.19.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr11 pf1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "enterprise linux as extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.225" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.10" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "jdk 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "nonstop server j06.08.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus studio web edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "nonstop server h06.15.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.06" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "trio tview software", "scope": "ne", "trust": 0.3, "vendor": "schneider electric", "version": "3.29.0" }, { "model": "nonstop server j06.06.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "15.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1" }, { "model": "nonstop server j06.14", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "sdk 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "antivirus update17", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5" }, { "model": "ucosminexus application server express", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-70" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.8" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server j06.09.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.26", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.06" }, { "model": "java se sr10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "nonstop server j06.04.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system platform sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.2" }, { "model": "nonstop server j06.13", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr13", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "linux enterprise server sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "java se sr12", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.0" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "nonstop server j06.09.04", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.2" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "jre 27", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0.0.52" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "cosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "nonstop server h06.18.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.15.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.22.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.014" }, { "model": "nonstop server j06.12.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "ir", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "esx", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.5" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server j06.05.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.011" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.02" }, { "model": "nonstop server j06.08.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus server standard edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server j06.09.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "jdk update14", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "antivirus update23", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.220" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "jdk update24", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.01" }, { "model": "nonstop server j06.16", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "ucosminexus client for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "java se sr6", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "nonstop server j6.0.14.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "freeflow print server 73.c0.41", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.011" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.2" }, { "model": "enterprise linux desktop supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "antivirus update14", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "010" }, { "model": "enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "jdk 1.5.0 11", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "ucosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "ucosminexus service platform messaging", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "antivirus update22", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "antivirus update24", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0" }, { "model": "nonstop server j06.07.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2011" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "nonstop server j06.09.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk 1.5.0.0 04", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "nonstop server j06.10.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "nonstop server j06.06.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.012" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "nonstop server h06.24.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "jdk 1.5.0.0 06", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.0" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.223" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.219" }, { "model": "nonstop server h06.25", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "messaging storage server sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.012" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.04" }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.0.2" }, { "model": "ucosminexus application server light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.15.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "freeflow print server 73.b3.61", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "linux enterprise software development kit sp1 for sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "antivirus update16", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.04" }, { "model": "antivirus update18", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "enterprise linux for sap server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "virtualcenter update 6b", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "2.5" }, { "model": "java se sr12-fp5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "openjdk", "scope": "eq", "trust": 0.3, "vendor": "openjdk", "version": "6" }, { "model": "security appscan standard", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "jre 1.5.0 09", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "enterprise linux ws extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "java se sr9", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "enterprise linux es extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "jre beta", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "nonstop server j06.07.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "message networking sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux enterprise server for vmware sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "openjdk", "scope": "eq", "trust": 0.3, "vendor": "openjdk", "version": "1.6" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.010" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.013" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "nonstop server j06.08.04", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.08.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura system manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "messaging storage server sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "esx", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "enterprise server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "jdk 07", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.015" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.010" }, { "model": "nonstop server h06.15.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.24", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.013" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.018" }, { "model": "cosminexus primary server base", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.019" }, { "model": "antivirus update20", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "java se sr10", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "nonstop server h06.16.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus developer professional for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.18.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.20.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "enterprise linux hpc node optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "java se sr11", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.6" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.015" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "nonstop server j06.13.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update13", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "nonstop server h06.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.014" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.019" }, { "model": "enterprise server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "jdk 1.5.0 11-b03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "nonstop server h06.19.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "java se sr7", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "java se sr13-fp10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "esx", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "antivirus update21", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "jdk update16", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "jdk update19", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "openpages grc platform", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.2.1" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "nonstop server h06.22.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "enterprise linux workstation optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.020" }, { "model": "enterprise linux as for sap", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "cosminexus studio standard edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "nonstop server h06.19.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update23", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "linux enterprise server sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.03" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.7" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.05" }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.1" }, { "model": "jre 28", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.020" }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "interactive response", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.1" }, { "model": "nonstop server j06.11.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr9-fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0" }, { "model": "nonstop server j06.15", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.03" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2011" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "2008" }, { "model": "messaging application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "update manager update", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "5.01" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.226" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.21.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "virtualcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "antivirus update25", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "nonstop server h06.20.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "jre 10-b03", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-80" }, { "model": "cosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.2" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0" }, { "model": "messaging storage server sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "nonstop server j06.05.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jre 07", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "nonstop server j06.07.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cms server aux", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "15.0" }, { "model": "nonstop server h06.21.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server h06.19.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk 0 09", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "linux enterprise java sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "jre 1.5.0 08", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "hirdb for java", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.2" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.10" }, { "model": "ucosminexus application server smart edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.227" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.7" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.224" }, { "model": "nonstop server j06.11.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "nonstop server h06.26.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "cosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "linux enterprise server sp1 for sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.221" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.021" }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "enterprise linux server optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "desktop extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "nonstop server j06.04.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "nonstop server j06.04.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "nonstop server j06.06.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus primary server base", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.016" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "nonstop server h06.21.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.021" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.07" }, { "model": "nonstop server j06.06.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.17.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk 1.5.0 07-b03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "jdk update25", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "jdk update21", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.016" }, { "model": "linux enterprise software development kit sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "java se sr13-fp11", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.4.2" }, { "model": "network node manager i", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.1" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.018" }, { "model": "update manager", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura system platform sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "jdk 1.6.0 01-b06", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "cosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.07" }, { "model": "enterprise linux sap", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "nonstop server h06.20.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "nonstop server j06.10.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "enterprise linux desktop optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server h06.17.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.017" }, { "model": "enterprise linux hpc node supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "ucosminexus application server standard-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "nonstop server h06.16.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update17", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "jdk 1.5.0.0 03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.4" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "antivirus update15", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.2" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "nonstop server j06.05.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "linux enterprise java sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "sdk 02", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.017" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "jdk update22", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.222" }, { "model": "java se sr1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "nonstop server h06.20.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update15", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "cosminexus developer no version", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5" }, { "model": "jdk 0 03", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "jdk update18", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "jdk update20", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "nonstop server j06.09.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0.1" }, { "model": "linux enterprise desktop sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "nonstop server h06.17.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.08.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura conferencing standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server j06.10.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "nonstop server h06.25.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.18.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus application server no version", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.27", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.05" }, { "model": "nonstop server h06.17.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.14.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.2" } ], "sources": [ { "db": "BID", "id": "50211" }, { "db": "CNNVD", "id": "CNNVD-201110-490" }, { "db": "NVD", "id": "CVE-2011-3548" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Oracle", "sources": [ { "db": "CNNVD", "id": "CNNVD-201110-490" } ], "trust": 0.6 }, "cve": "CVE-2011-3548", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CVE-2011-3548", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.1, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2011-3548", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201110-490", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULMON", "id": "CVE-2011-3548", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3548" }, { "db": "CNNVD", "id": "CNNVD-201110-490" }, { "db": "NVD", "id": "CVE-2011-3548" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT. Oracle Java SE is prone to a remote vulnerability in Java Runtime Environment. \nThe vulnerability can be exploited over multiple protocols. This issue affects the \u0027AWT\u0027 sub-component. \nThis vulnerability affects the following supported versions:\nJDK and JRE 7, 6 Update 27, 5.0 Update 31, 1.4.2_33. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nHitachi Cosminexus Products Java Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA46694\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46694/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46694\n\nRELEASE DATE:\n2011-11-08\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46694/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46694/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46694\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nHitachi has acknowledged multiple vulnerabilities in Hitachi\nCosminexus products, which can be exploited by malicious users to\ndisclose certain information and by malicious people to disclose\npotentially sensitive information, hijack a user\u0027s session, conduct\nDNS cache poisoning attacks, manipulate certain data, cause a DoS\n(Denial of Service), and compromise a vulnerable system. \n\nThe vulnerabilities are caused due to vulnerabilities in the bundled\nversion of Cosminexus Developer\u0027s Kit for Java. \n\nFor more information:\nSA46512\n\nPlease see the vendor\u0027s advisory for a list of affected products. \n\nSOLUTION:\nUpdate to a fixed version. Please see the vendor\u0027s advisory for\ndetails. \n\nORIGINAL ADVISORY:\nhttp://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-024/index.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n \n IcedTea6 prior to 1.10.4 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown vectors\n related to 2D (CVE-2011-3551). \n \n IcedTea6 prior to 1.10.4 allows remote attackers to affect integrity\n via unknown vectors related to Networking (CVE-2011-3552). \n \n IcedTea6 prior to 1.10.4 allows remote authenticated users to affect\n confidentiality, related to JAXWS (CVE-2011-3553). \n \n IcedTea6 prior to 1.10.4 allows remote attackers to affect\n confidentiality, integrity, and availability, related to RMI\n (CVE-2011-3556). \n \n IcedTea6 prior to 1.10.4 allows remote attackers to affect\n confidentiality, integrity, and availability, related to RMI\n (CVE-2011-3557). \n \n Deepak Bhole discovered a flaw in the Same Origin Policy (SOP)\n implementation in the IcedTea project Web browser plugin. A\n malicious applet could use this flaw to bypass SOP protection and\n open connections to any sub-domain of the second-level domain of\n the applet\u0026#039;s origin, as well as any sub-domain of the domain that\n is the suffix of the origin second-level domain. For example,\n IcedTea-Web plugin allowed applet from some.host.example.com to\n connect to other.host.example.com, www.example.com, and example.com,\n as well as www.ample.com or ample.com. (CVE-2011-3377). The verification\n of md5 checksums and GPG signatures is performed automatically for you. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niD8DBQFOvSWxmqjQ0CJFipgRAnk1AKDUddZYCqwkfhoUpLxEL0BT3mDf0ACfbuTI\naaF2JGTyfceBABs92un/yVA=\n=yPsD\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. Further\ninformation about these flaws can be found on the Oracle Java SE Critical\nPatch page, listed in the References section. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac\nOS X 10.6 Update 6\n\nJava for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6\nare now available and address the following:\n\nJava\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nMac OS X v10.7.2, Mac OS X Server v10.7.2\nImpact: Multiple vulnerabilities in Java 1.6.0_26\nDescription: Multiple vulnerabilities exist in Java 1.6.0_26, the\nmost serious of which may allow an untrusted Java applet to execute\narbitrary code outside the Java sandbox. Visiting a web page\ncontaining a maliciously crafted untrusted Java applet may lead to\narbitrary code execution with the privileges of the current user. \nThese issues are addressed by updating to Java version 1.6.0_29. \nFurther information is available via the Java website at\nhttp://java.sun.com/javase/6/webnotes/ReleaseNotes.html\nCVE-ID\nCVE-2011-3389\nCVE-2011-3521\nCVE-2011-3544\nCVE-2011-3545\nCVE-2011-3546\nCVE-2011-3547\nCVE-2011-3548\nCVE-2011-3549\nCVE-2011-3551\nCVE-2011-3552\nCVE-2011-3553\nCVE-2011-3554\nCVE-2011-3556\nCVE-2011-3557\nCVE-2011-3558\nCVE-2011-3560\nCVE-2011-3561\n\nJava for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6\nmay be obtained from the Software Update pane in System Preferences,\nor Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nFor Mac OS X v10.6 systems\nThe download file is named: JavaForMacOSX10.6.dmg\nIts SHA-1 digest is: be0ac75b8bac967f1d39a94ebf9482a61fb7d70b\n\nFor Mac OS X v10.7 systems\nThe download file is named: JavaForMacOSX10.7.dmg\nIts SHA-1 digest is: 7768e6aeb5adaa638c74d4c04150517ed99fed20\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.16 (Darwin)\n\niQEcBAEBAgAGBQJOuZNKAAoJEGnF2JsdZQeece8H/1I98YQ1LF4iDD442zB+WjZP\n2Vxd3euXYwySD6qDCYNLJ0hUKu90c/4nr5d5rRH3xYdBzAHuZG39m069lpN1UZIW\nt5ube+j9zjiejnXlPbAgq+vIAg22nu0EdxhOOZZeQOoEYqyoKhXNCt3fR+tzo3o4\nmN/LWMO1NwrM0sGDPuUGs2TWdPZbC4QJJz4Z4S+FsTlujYh9MRd3dyxLBIg7BKCL\nwgnFdpFW8bPmVdiTj91pC0Gb3XtolQxexXGHsdI15KeFMbQ06nKV/AyvxMF8O5jS\nD089GEHE52NAQCZ0YJ6TJsisrGqTZZ77js55cPU259FogxEKKBuwfdFbn4qVeD8=\n=4KBF\n-----END PGP SIGNATURE-----\n. \n\nRelease Date: 2012-01-23\nLast Updated: 2012-01-23\n\n ------------------------------------------------------------------------------\n\nPotential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.12 or earlier\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2011-3516 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6\nCVE-2011-3521 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3544 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3545 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3546 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8\nCVE-2011-3547 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2011-3548 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3549 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3550 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6\nCVE-2011-3551 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\nCVE-2011-3552 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6\nCVE-2011-3553 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\nCVE-2011-3554 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3556 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2011-3557 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2011-3558 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2011-3560 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2011-3561 (AV:A/AC:H/Au:N/C:P/I:N/A:N) 1.8\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following Java version upgrades to resolve these vulnerabilities. This bulletin will be revised as other upgrades for additional supported Java versions become available. \nThe upgrades are available from the following location\n\nhttp://www.hp.com/go/java\n\nHP-UX B.11.11, B.11.23, B.11.31\n JDK and JRE v6.0.13 or subsequent\n\nMANUAL ACTIONS: Yes - Update\nFor Java v6.0.12 and earlier, update to Java v6.0.13 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\nHP-UX B.11.23\nHP-UX B.11.31\n===========\nJre60.JRE60-COM\nJre60.JRE60-IPF32\nJre60.JRE60-IPF32-HS\nJre60.JRE60-IPF64\nJre60.JRE60-IPF64-HS\nJre60.JRE60-PA20\nJre60.JRE60-PA20-HS\nJre60.JRE60-PA20W\nJre60.JRE60-PA20W-HS\nJdk60.JDK60-COM\nJdk60.JDK60-IPF32\nJdk60.JDK60-IPF64\nJdk60.JDK60-PA20\nJdk60.JDK60-PA20W\naction: install revision 1.6.0.13.00 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) 23 January 2012 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in the title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: java-1.6.0-openjdk security update\nAdvisory ID: RHSA-2011:1380-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2011-1380.html\nIssue date: 2011-10-18\nCVE Names: CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 \n CVE-2011-3547 CVE-2011-3548 CVE-2011-3551 \n CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 \n CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 \n CVE-2011-3560 \n=====================================================================\n\n1. Summary:\n\nUpdated java-1.6.0-openjdk packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5 and 6. \n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux (v. 5 server) - i386, x86_64\nRed Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit. \n\nA flaw was found in the Java RMI (Remote Method Invocation) registry\nimplementation. A remote RMI client could use this flaw to execute\narbitrary code on the RMI server running the registry. (CVE-2011-3556)\n\nA flaw was found in the Java RMI registry implementation. A remote RMI\nclient could use this flaw to execute code on the RMI server with\nunrestricted privileges. (CVE-2011-3557)\n\nA flaw was found in the IIOP (Internet Inter-Orb Protocol) deserialization\ncode. An untrusted Java application or applet running in a sandbox could\nuse this flaw to bypass sandbox restrictions by deserializing\nspecially-crafted input. (CVE-2011-3521)\n\nIt was found that the Java ScriptingEngine did not properly restrict the\nprivileges of sandboxed applications. An untrusted Java application or\napplet running in a sandbox could use this flaw to bypass sandbox\nrestrictions. (CVE-2011-3544)\n\nA flaw was found in the AWTKeyStroke implementation. An untrusted Java\napplication or applet running in a sandbox could use this flaw to bypass\nsandbox restrictions. (CVE-2011-3548)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the Java2D code used to perform transformations of graphic shapes\nand images. An untrusted Java application or applet running in a sandbox\ncould use this flaw to bypass sandbox restrictions. (CVE-2011-3551)\n\nAn insufficient error checking flaw was found in the unpacker for JAR files\nin pack200 format. A specially-crafted JAR file could use this flaw to\ncrash the Java Virtual Machine (JVM) or, possibly, execute arbitrary code\nwith JVM privileges. (CVE-2011-3554)\n\nIt was found that HttpsURLConnection did not perform SecurityManager checks\nin the setSSLSocketFactory method. An untrusted Java application or applet\nrunning in a sandbox could use this flaw to bypass connection restrictions\ndefined in the policy. (CVE-2011-3560)\n\nA flaw was found in the way the SSL 3 and TLS 1.0 protocols used block\nciphers in cipher-block chaining (CBC) mode. An attacker able to perform a\nchosen plain text attack against a connection mixing trusted and untrusted\ndata could use this flaw to recover portions of the trusted data sent over\nthe connection. (CVE-2011-3389)\n\nNote: This update mitigates the CVE-2011-3389 issue by splitting the first\napplication data record byte to a separate SSL/TLS protocol record. This\nmitigation may cause compatibility issues with some SSL/TLS implementations\nand can be disabled using the jsse.enableCBCProtection boolean property. \nThis can be done on the command line by appending the flag\n\"-Djsse.enableCBCProtection=false\" to the java command. \n\nAn information leak flaw was found in the InputStream.skip implementation. \nAn untrusted Java application or applet could possibly use this flaw to\nobtain bytes skipped by other threads. (CVE-2011-3547)\n\nA flaw was found in the Java HotSpot virtual machine. An untrusted Java\napplication or applet could use this flaw to disclose portions of the VM\nmemory, or cause it to crash. (CVE-2011-3558)\n\nThe Java API for XML Web Services (JAX-WS) implementation in OpenJDK was\nconfigured to include the stack trace in error messages sent to clients. A\nremote client could possibly use this flaw to obtain sensitive information. \n(CVE-2011-3553)\n\nIt was found that Java applications running with SecurityManager\nrestrictions were allowed to use too many UDP sockets by default. If\nmultiple instances of a malicious application were started at the same\ntime, they could exhaust all available UDP sockets on the system. \n(CVE-2011-3552)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.9.10. Refer to\nthe NEWS file, linked to in the References, for further information. \n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)\n745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936)\n745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600)\n745391 - CVE-2011-3551 OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640)\n745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417)\n745399 - CVE-2011-3544 OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823)\n745442 - CVE-2011-3521 OpenJDK: IIOP deserialization code execution (Deserialization, 7055902)\n745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857)\n745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466)\n745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012)\n745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773)\n745476 - CVE-2011-3553 OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794)\n745492 - CVE-2011-3558 OpenJDK: Hotspot unspecified issue (Hotspot, 7070134)\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm\n\ni386:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm\n\ni386:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm\n\ni386:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3389.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3521.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3544.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3547.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3548.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3551.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3552.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3553.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3554.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3556.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3557.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3558.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3560.html\nhttps://access.redhat.com/security/updates/classification/#critical\nhttp://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html\nhttp://icedtea.classpath.org/hg/release/icedtea6-1.9/file/328afd896e3e/NEWS\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2011 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFOngvzXlSAg2UNWIIRArb8AKCaS923HYBco1E2eOOedT1aefjmyACgherU\n1E1DMZpv3ExBmKhD4Emi2no=\n=sMXo\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2011-3548" }, { "db": "BID", "id": "50211" }, { "db": "VULMON", "id": "CVE-2011-3548" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "108800" }, { "db": "PACKETSTORM", "id": "106868" }, { "db": "PACKETSTORM", "id": "105998" }, { "db": "PACKETSTORM", "id": "108498" }, { "db": "PACKETSTORM", "id": "106792" }, { "db": "PACKETSTORM", "id": "109072" }, { "db": "PACKETSTORM", "id": "105967" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-3548", "trust": 2.7 }, { "db": "BID", "id": "50211", "trust": 2.0 }, { "db": "OSVDB", "id": "76495", "trust": 1.1 }, { "db": "SECUNIA", "id": "48308", "trust": 1.1 }, { "db": "SECUNIA", "id": "49198", "trust": 1.1 }, { "db": "SECUNIA", "id": "48692", "trust": 1.1 }, { "db": "SECTRACK", "id": "1026215", "trust": 1.0 }, { "db": "NSFOCUS", "id": "17989", "trust": 0.6 }, { "db": "NSFOCUS", "id": "20539", "trust": 0.6 }, { "db": "NSFOCUS", "id": "19032", "trust": 0.6 }, { "db": "NSFOCUS", "id": "19819", "trust": 0.6 }, { "db": "NSFOCUS", "id": "19096", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201110-490", "trust": 0.6 }, { "db": "HITACHI", "id": "HS11-024", "trust": 0.4 }, { "db": "ICS CERT", "id": "ICSA-17-213-02", "trust": 0.3 }, { "db": "SECUNIA", "id": "46694", "trust": 0.2 }, { "db": "VULMON", "id": "CVE-2011-3548", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106747", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "108800", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106868", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "105998", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "108498", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106792", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "109072", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "105967", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3548" }, { "db": "BID", "id": "50211" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "108800" }, { "db": "PACKETSTORM", "id": "106868" }, { "db": "PACKETSTORM", "id": "105998" }, { "db": "PACKETSTORM", "id": "108498" }, { "db": "PACKETSTORM", "id": "106792" }, { "db": "PACKETSTORM", "id": "109072" }, { "db": "PACKETSTORM", "id": "105967" }, { "db": "CNNVD", "id": "CNNVD-201110-490" }, { "db": "NVD", "id": "CVE-2011-3548" } ] }, "id": "VAR-201110-0395", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 1.0 }, "last_update_date": "2024-09-19T21:37:56.036000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Red Hat: Critical: java-1.4.2-ibm security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120006 - Security Advisory" }, { "title": "Red Hat: Moderate: java-1.4.2-ibm-sap security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120343 - Security Advisory" }, { "title": "Red Hat: Critical: java-1.5.0-ibm security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20111478 - Security Advisory" }, { "title": "Red Hat: Critical: java-1.6.0-ibm security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120034 - Security Advisory" }, { "title": "Ubuntu Security Notice: openjdk-6, openjdk-6b18 regression", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1263-2" }, { "title": "Ubuntu Security Notice: icedtea-web, openjdk-6, openjdk-6b18 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1263-1" }, { "title": "Debian Security Advisories: DSA-2356-1 openjdk-6 -- several vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a48d7ee302b835c97c950b74a371fcfe" }, { "title": "Amazon Linux AMI: ALAS-2011-010", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2011-010" }, { "title": "Red Hat: Low: Red Hat Network Satellite server IBM Java Runtime security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20131455 - Security Advisory" } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3548" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2011-3548" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.2, "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" }, { "trust": 1.9, "url": "http://www.ibm.com/developerworks/java/jdk/alerts/" }, { "trust": 1.8, "url": "http://www.securityfocus.com/bid/50211" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2011-1384.html" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2011-1478.html" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2012-0006.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/49198" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id?1026215" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2" }, { "trust": 1.1, "url": "http://osvdb.org/76495" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/48692" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2013-1455.html" }, { "trust": 1.1, "url": "http://www.ubuntu.com/usn/usn-1263-1" }, { "trust": 1.1, "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2" }, { "trust": 1.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70845" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14492" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2" }, { "trust": 1.1, "url": "http://secunia.com/advisories/48308" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3560" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3552" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3389" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3556" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3557" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3548" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3547" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3521" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3553" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3554" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3544" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3551" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/17989" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/19096" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/19032" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/19819" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/20539" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3549" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3545" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3558" }, { "trust": 0.4, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs11-024/index.html" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2011-3560.html" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2011-3547.html" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2011-3548.html" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2011-3557.html" }, { "trust": 0.4, "url": "https://access.redhat.com/kb/docs/doc-11259" }, { "trust": 0.4, "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2011-3556.html" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3546" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2011-3389.html" }, { "trust": 0.4, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.4, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3561" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2011-3552.html" }, { "trust": 0.4, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.4, "url": "http://bugzilla.redhat.com/):" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-213-02" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100151219" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100150852" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100154049" }, { "trust": 0.3, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03358587" }, { "trust": 0.3, "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?docid=emr_na-c03909126-1\u0026ac.admitted=1378134276525.876444892.492883150" }, { "trust": 0.3, "url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03266681\u0026ac.admitted=1333452464452.876444892.492883150" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643845" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21641966" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21609004" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21609022" }, { "trust": 0.3, "url": "http://lists.vmware.com/pipermail/security-announce/2012/000162.html" }, { "trust": 0.3, "url": "http://www.vmware.com/security/advisories/vmsa-2012-0005.html" }, { "trust": 0.3, "url": "http://www.xerox.com/download/security/security-bulletin/1284333-14afb-4baadb5bccb00/cert_xrx12-002_v1.1.pdf" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3550" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3554.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3553.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3549.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3551.html" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3516" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3545.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3544.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3521.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3546.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3516.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3561.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3550.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3558.html" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2012:0006" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/1263-2/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46694/#comments" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/products/corporate/vim/ovum_2011_request/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46694" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46694/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2012-0034.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3377" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3556" }, { "trust": 0.1, "url": "http://secunia.com/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3552" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3558" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3560" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3553" }, { "trust": 0.1, "url": "https://www.ample.com" }, { "trust": 0.1, "url": "https://www.example.com," }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3389" }, { "trust": 0.1, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3557" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3554" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/advisories" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3551" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3377" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3544" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3521" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3548" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3547" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3555" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2011-1384.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3555.html" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2012-0006.html" }, { "trust": 0.1, "url": "http://support.apple.com/kb/ht1222" }, { "trust": 0.1, "url": "http://www.apple.com/support/downloads/" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "http://java.sun.com/javase/6/webnotes/releasenotes.html" }, { "trust": 0.1, "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.1, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.1, "url": "http://www.hp.com/go/java" }, { "trust": 0.1, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430" }, { "trust": 0.1, "url": "https://www.hp.com/go/swa" }, { "trust": 0.1, "url": "http://icedtea.classpath.org/hg/release/icedtea6-1.9/file/328afd896e3e/news" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2011-1380.html" } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3548" }, { "db": "BID", "id": "50211" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "108800" }, { "db": "PACKETSTORM", "id": "106868" }, { "db": "PACKETSTORM", "id": "105998" }, { "db": "PACKETSTORM", "id": "108498" }, { "db": "PACKETSTORM", "id": "106792" }, { "db": "PACKETSTORM", "id": "109072" }, { "db": "PACKETSTORM", "id": "105967" }, { "db": "CNNVD", "id": "CNNVD-201110-490" }, { "db": "NVD", "id": "CVE-2011-3548" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2011-3548" }, { "db": "BID", "id": "50211" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "108800" }, { "db": "PACKETSTORM", "id": "106868" }, { "db": "PACKETSTORM", "id": "105998" }, { "db": "PACKETSTORM", "id": "108498" }, { "db": "PACKETSTORM", "id": "106792" }, { "db": "PACKETSTORM", "id": "109072" }, { "db": "PACKETSTORM", "id": "105967" }, { "db": "CNNVD", "id": "CNNVD-201110-490" }, { "db": "NVD", "id": "CVE-2011-3548" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-10-19T00:00:00", "db": "VULMON", "id": "CVE-2011-3548" }, { "date": "2011-10-18T00:00:00", "db": "BID", "id": "50211" }, { "date": "2011-11-08T04:55:18", "db": "PACKETSTORM", "id": "106747" }, { "date": "2012-01-18T23:25:42", "db": "PACKETSTORM", "id": "108800" }, { "date": "2011-11-12T00:06:50", "db": "PACKETSTORM", "id": "106868" }, { "date": "2011-10-19T22:54:10", "db": "PACKETSTORM", "id": "105998" }, { "date": "2012-01-09T22:38:38", "db": "PACKETSTORM", "id": "108498" }, { "date": "2011-11-09T18:31:22", "db": "PACKETSTORM", "id": "106792" }, { "date": "2012-01-25T16:35:02", "db": "PACKETSTORM", "id": "109072" }, { "date": "2011-10-19T00:58:21", "db": "PACKETSTORM", "id": "105967" }, { "date": "1900-01-01T00:00:00", "db": "CNNVD", "id": "CNNVD-201110-490" }, { "date": "2011-10-19T21:55:01.283000", "db": "NVD", "id": "CVE-2011-3548" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-01-06T00:00:00", "db": "VULMON", "id": "CVE-2011-3548" }, { "date": "2017-08-02T18:09:00", "db": "BID", "id": "50211" }, { "date": "2011-10-20T00:00:00", "db": "CNNVD", "id": "CNNVD-201110-490" }, { "date": "2018-01-06T02:29:19.910000", "db": "NVD", "id": "CVE-2011-3548" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "106868" }, { "db": "PACKETSTORM", "id": "109072" }, { "db": "PACKETSTORM", "id": "105967" }, { "db": "CNNVD", "id": "CNNVD-201110-490" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Oracle \u2018 Java Runtime Environment \u2019 Component security vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-201110-490" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-201110-490" } ], "trust": 0.6 } }
var-201110-0380
Vulnerability from variot
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. Oracle Java SE is prone to a remote vulnerability in Java Runtime Environment. The vulnerability can be exploited over multiple protocols. This issue affects the 'Swing' sub-component. This vulnerability affects the following supported versions: 6 Update 27, 5.0 Update 31, 1.4.2_33. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Hitachi Cosminexus Products Java Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA46694
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46694/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46694
RELEASE DATE: 2011-11-08
DISCUSS ADVISORY: http://secunia.com/advisories/46694/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46694/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46694
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Hitachi has acknowledged multiple vulnerabilities in Hitachi Cosminexus products, which can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
The vulnerabilities are caused due to vulnerabilities in the bundled version of Cosminexus Developer's Kit for Java.
For more information: SA46512
Please see the vendor's advisory for a list of affected products. Please see the vendor's advisory for details.
ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-024/index.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. 6) - x86_64
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: java-1.6.0-sun security update Advisory ID: RHSA-2011:1384-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1384.html Issue date: 2011-10-19 CVE Names: CVE-2011-3389 CVE-2011-3516 CVE-2011-3521 CVE-2011-3544 CVE-2011-3545 CVE-2011-3546 CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 CVE-2011-3550 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3555 CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 CVE-2011-3560 CVE-2011-3561 =====================================================================
- Summary:
Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
- Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section. (CVE-2011-3389, CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3555, CVE-2011-3556, CVE-2011-3557, CVE-2011-3558, CVE-2011-3560, CVE-2011-3561)
All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide JDK and JRE 6 Update 29 and resolve these issues. All running instances of Sun Java must be restarted for the update to take effect.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
- Bugs fixed (http://bugzilla.redhat.com/):
737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) 745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936) 745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600) 745391 - CVE-2011-3551 OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640) 745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417) 745399 - CVE-2011-3544 OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823) 745442 - CVE-2011-3521 OpenJDK: IIOP deserialization code execution (Deserialization, 7055902) 745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857) 745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466) 745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012) 745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773) 745476 - CVE-2011-3553 OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794) 745492 - CVE-2011-3558 OpenJDK: Hotspot unspecified issue (Hotspot, 7070134) 747191 - CVE-2011-3545 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Sound) 747198 - CVE-2011-3549 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Swing) 747200 - CVE-2011-3550 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (AWT) 747203 - CVE-2011-3516 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment) 747205 - CVE-2011-3546 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment) 747206 - CVE-2011-3555 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (JRE) 747208 - CVE-2011-3561 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)
- Package List:
Red Hat Enterprise Linux AS version 4 Extras:
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm
Red Hat Desktop version 4 Extras:
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm
Red Hat Enterprise Linux ES version 4 Extras:
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm
Red Hat Enterprise Linux WS version 4 Extras:
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.x86_64.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node Supplementary (v. 6):
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-3389.html https://www.redhat.com/security/data/cve/CVE-2011-3516.html https://www.redhat.com/security/data/cve/CVE-2011-3521.html https://www.redhat.com/security/data/cve/CVE-2011-3544.html https://www.redhat.com/security/data/cve/CVE-2011-3545.html https://www.redhat.com/security/data/cve/CVE-2011-3546.html https://www.redhat.com/security/data/cve/CVE-2011-3547.html https://www.redhat.com/security/data/cve/CVE-2011-3548.html https://www.redhat.com/security/data/cve/CVE-2011-3549.html https://www.redhat.com/security/data/cve/CVE-2011-3550.html https://www.redhat.com/security/data/cve/CVE-2011-3551.html https://www.redhat.com/security/data/cve/CVE-2011-3552.html https://www.redhat.com/security/data/cve/CVE-2011-3553.html https://www.redhat.com/security/data/cve/CVE-2011-3554.html https://www.redhat.com/security/data/cve/CVE-2011-3555.html https://www.redhat.com/security/data/cve/CVE-2011-3556.html https://www.redhat.com/security/data/cve/CVE-2011-3557.html https://www.redhat.com/security/data/cve/CVE-2011-3558.html https://www.redhat.com/security/data/cve/CVE-2011-3560.html https://www.redhat.com/security/data/cve/CVE-2011-3561.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFOnw+BXlSAg2UNWIIRArM2AJwNT0vxdrXLgkZjOCwP8LkDemBYzQCbBrE3 0MJzQCB587rTzSRSo+gGytc= =809z -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6
Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 are now available and address the following:
Java Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, Mac OS X v10.7.2, Mac OS X Server v10.7.2 Impact: Multiple vulnerabilities in Java 1.6.0_26 Description: Multiple vulnerabilities exist in Java 1.6.0_26, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_29. Further information is available via the Java website at http://java.sun.com/javase/6/webnotes/ReleaseNotes.html CVE-ID CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3545 CVE-2011-3546 CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 CVE-2011-3560 CVE-2011-3561
Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
For Mac OS X v10.6 systems The download file is named: JavaForMacOSX10.6.dmg Its SHA-1 digest is: be0ac75b8bac967f1d39a94ebf9482a61fb7d70b
For Mac OS X v10.7 systems The download file is named: JavaForMacOSX10.7.dmg Its SHA-1 digest is: 7768e6aeb5adaa638c74d4c04150517ed99fed20
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iQEcBAEBAgAGBQJOuZNKAAoJEGnF2JsdZQeece8H/1I98YQ1LF4iDD442zB+WjZP 2Vxd3euXYwySD6qDCYNLJ0hUKu90c/4nr5d5rRH3xYdBzAHuZG39m069lpN1UZIW t5ube+j9zjiejnXlPbAgq+vIAg22nu0EdxhOOZZeQOoEYqyoKhXNCt3fR+tzo3o4 mN/LWMO1NwrM0sGDPuUGs2TWdPZbC4QJJz4Z4S+FsTlujYh9MRd3dyxLBIg7BKCL wgnFdpFW8bPmVdiTj91pC0Gb3XtolQxexXGHsdI15KeFMbQ06nKV/AyvxMF8O5jS D089GEHE52NAQCZ0YJ6TJsisrGqTZZ77js55cPU259FogxEKKBuwfdFbn4qVeD8= =4KBF -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03316985
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03316985 Version: 1
HPSBUX02777 SSRT100854 rev.1 - HP-UX Running Java JRE and JDK, Remote Denial of Service (DoS), Unauthorized Modification and Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2012-05-15 Last Updated: 2012-05-15
Potential Security Impact: Remote Denial of service, unauthorized modification and disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities may allow remote Denial of Service (DoS), unauthorized modification and disclosure of information.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2010-4447 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2010-4448 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2010-4454 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2010-4462 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2010-4465 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2010-4469 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2010-4473 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2010-4475 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2010-4476 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-0802 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-0814 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-0815 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-0862 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-0864 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-0865 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2011-0867 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-0871 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-3545 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3547 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3548 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3549 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3552 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2011-3556 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-3557 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2011-3560 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2011-3563 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2012-0499 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-0502 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2012-0503 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-0505 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-0506 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP is providing the following Java updates to resolve the vulnerabilities. The updates are available from: http://www.hp.com/go/java
These issues are addressed in the following versions of the HP Java:
HP-UX B.11.11 / SDK and JRE v1.4.2.28 or subsequent
HP-UX B.11.23 / SDK and JRE v1.4.2.28 or subsequent
HP-UX B.11.31 / SDK and JRE v1.4.2.28 or subsequent
MANUAL ACTIONS: Yes - Update
For Java v1.4.2.27 and earlier, update to Java v1.4.2.28 or subsequent.
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 =========== Jpi14.JPI14-COM Jpi14.JPI14-COM-DOC Jpi14.JPI14-IPF32 Jpi14.JPI14-PA11 Jdk14.JDK14-COM Jdk14.JDK14-DEMO Jdk14.JDK14-IPF32 Jdk14.JDK14-IPF64 Jdk14.JDK14-PA11 Jdk14.JDK14-PA20 Jdk14.JDK14-PA20W Jdk14.JDK14-PNV2 Jdk14.JDK14-PWV2 Jre14.JRE14-COM Jre14.JRE14-COM-DOC Jre14.JRE14-IPF32 Jre14.JRE14-IPF32-HS Jre14.JRE14-IPF64 Jre14.JRE14-IPF64-HS Jre14.JRE14-PA11 Jre14.JRE14-PA11-HS Jre14.JRE14-PA20 Jre14.JRE14-PA20-HS Jre14.JRE14-PA20W Jre14.JRE14-PA20W-HS Jre14.JRE14-PNV2 Jre14.JRE14-PNV2-H Jre14.JRE14-PWV2 Jre14.JRE14-PWV2-H action: install revision 1.4.2.28.00 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) - 15 May 2012 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201110-0380", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jdk", "scope": "eq", "trust": 1.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre", "scope": "eq", "trust": 1.9, "vendor": "sun", "version": "1.4.2" }, { "model": "esx", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "3.5" }, { "model": "esx", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "4.0" }, { "model": "esx", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "4.1" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_29" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_29" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_20" }, { "model": "jre", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_20" }, { "model": "jdk", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_24" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_24" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_5" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_5" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jdk", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.4.2_33" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_22" }, { "model": "jre", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.4.2_33" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_22" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_26" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_17" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_6" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_17" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_6" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_8" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_27" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_8" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_26" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_27" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_32" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_32" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_15" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_15" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_1" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_1" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_18" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_18" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_7" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_25" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_7" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_25" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_30" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_31" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_3" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_3" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_30" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_31" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_21" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_21" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_4" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_9" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_4" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_9" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "jre", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jdk", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_28" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_28" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_11" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_11" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_23" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_23" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_2" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_2" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_10" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_10" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_16" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_16" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_19" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_19" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_14" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_14" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_12" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_12" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_13" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_13" }, { "model": "jre 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.5.0 32", "scope": "ne", "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 08", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "sdk 1.4.2 30", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 24", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.6.0 28", "scope": "ne", "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.4.2 30", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 17", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 16", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 08", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 1.5.0 32", "scope": "ne", "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.4.2 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.5.0 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 27", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 23", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 22", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 18", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 1.4.2 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.4.2 32", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 28", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 12", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 1.4.2 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 22", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 27", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "sdk 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.4.2 12", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 24", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 09", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 16", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 12", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 1.4.2 12", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.5.0 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.4.2 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 01", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 1.5.0 28", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.4.2 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 22", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.4.2 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 1.5.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 28", "scope": "ne", "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "sdk 09", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.4.2 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 23", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.4.2 17", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 10", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 28", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 1.4.2 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.4.2 33", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 26", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 30", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 26", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 24", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 1.4.2 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 22", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 11", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.4.2 16", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 18", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "sdk 1.4.2 16", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 17", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 24", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "sdk 1.4.2 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 30", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "sdk 1.4.2 33", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "sdk 1.4.2 32", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk .0 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 0 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 24", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "vcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "4.0 (windows)" }, { "model": "vcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "4.1 (windows)" }, { "model": "vcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "5.0 (windows)" }, { "model": "virtualcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "2.5 (windows)" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6.8" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.7.2" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6.8" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.7.2" }, { "model": "jdk", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "5.0 update 31" }, { "model": "jdk", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "6 update 27" }, { "model": "jre", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "1.4.2_33" }, { "model": "jre", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "5.0 update 31" }, { "model": "jre", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "6 update 27" }, { "model": "sdk", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "1.4.2_33" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 extras" }, { "model": "enterprise linux hpc node supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux server supplementary eus", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6.1.z" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "enterprise version 6" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard version 6" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "cosminexus client", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "cosminexus developer\u0027s kit for java", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base" }, { "model": "cosminexus server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard edition version 4" }, { "model": "cosminexus server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "web edition version 4" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard edition version 4" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "web edition version 4" }, { "model": "hirdb for java /xml", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "developer\u0027s kit for java", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "processing kit for xml", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "enterprise" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "express" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "smart edition" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard-r" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "for plug-in" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "01" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional for plug-in" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard" }, { "model": "ucosminexus operator", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus portal framework", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "entry set" }, { "model": "ucosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "architect" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "platform" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "platform - messaging" }, { "model": "jdk 1.5.0.0 11", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.5.0.0 09", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 11-b03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0 12", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 28", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk .0 04", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 01-b06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.6" }, { "model": "jdk .0 03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0.0 08", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0.0 09", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.5.0.0 07", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 2", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 01", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 27", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 07-b03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0.0 08", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 20", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0.0 12", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "cosminexus server web edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux enterprise for sap applications sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "java se sr8 fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8" }, { "model": "linux enterprise sdk sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "trio tview software", "scope": "eq", "trust": 0.3, "vendor": "schneider electric", "version": "3.27.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.1" }, { "model": "antivirus update19", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "processing kit for xml", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.16.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.19.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr11 pf1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "enterprise linux as extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.225" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "jdk 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6" }, { "model": "nonstop server j06.08.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus studio web edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "nonstop server h06.15.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.06" }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "trio tview software", "scope": "ne", "trust": 0.3, "vendor": "schneider electric", "version": "3.29.0" }, { "model": "nonstop server j06.06.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "15.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1" }, { "model": "nonstop server j06.14", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "sdk 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "antivirus update17", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5" }, { "model": "ucosminexus application server express", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-70" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.8" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server j06.09.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.26", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.06" }, { "model": "java se sr10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "nonstop server j06.04.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system platform sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.2" }, { "model": "nonstop server j06.13", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr13", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "linux enterprise server sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "java se sr12", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.0" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "nonstop server j06.09.04", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.2" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "jre 27", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0.0.52" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "cosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "nonstop server h06.18.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.15.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.22.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.014" }, { "model": "nonstop server j06.12.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "ir", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server j06.05.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.011" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.02" }, { "model": "nonstop server j06.08.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus server standard edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server j06.09.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "jdk update14", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "antivirus update23", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.220" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "jdk update24", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.01" }, { "model": "nonstop server j06.16", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "ucosminexus client for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "java se sr6", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "nonstop server j6.0.14.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "freeflow print server 73.c0.41", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.011" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.2" }, { "model": "enterprise linux desktop supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "antivirus update14", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "010" }, { "model": "enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "jdk 1.5.0 11", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "ucosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "ucosminexus service platform messaging", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "antivirus update22", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "antivirus update24", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0" }, { "model": "nonstop server j06.07.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.09.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk 1.5.0.0 04", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "nonstop server j06.10.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "nonstop server j06.06.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.012" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "nonstop server h06.24.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "jdk 1.5.0.0 06", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.0" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.223" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.219" }, { "model": "nonstop server h06.25", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "messaging storage server sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.012" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.04" }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.0.2" }, { "model": "ucosminexus application server light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.15.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "freeflow print server 73.b3.61", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "linux enterprise software development kit sp1 for sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "antivirus update16", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.04" }, { "model": "antivirus update18", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "enterprise linux for sap server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "virtualcenter update 6b", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "2.5" }, { "model": "java se sr12-fp5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "security appscan standard", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "jre 1.5.0 09", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "enterprise linux ws extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "java se sr9", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "enterprise linux es extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "jre beta", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "nonstop server j06.07.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "message networking sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux enterprise server for vmware sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.010" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.013" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "nonstop server j06.08.04", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.08.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura system manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "messaging storage server sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "jdk 07", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.015" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.010" }, { "model": "nonstop server h06.15.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.24", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.013" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.018" }, { "model": "cosminexus primary server base", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.019" }, { "model": "antivirus update20", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "java se sr10", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "nonstop server h06.16.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus developer professional for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.18.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.20.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "java se sr11", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.6" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.015" }, { "model": "nonstop server j06.13.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update13", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "nonstop server h06.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.014" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.019" }, { "model": "jdk 1.5.0 11-b03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "nonstop server h06.19.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "java se sr7", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "java se sr13-fp10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "antivirus update21", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "jdk update16", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "jdk update19", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "openpages grc platform", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.2.1" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "nonstop server h06.22.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.020" }, { "model": "enterprise linux as for sap", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "cosminexus studio standard edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "nonstop server h06.19.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update23", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "linux enterprise server sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.03" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.7" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.05" }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.1" }, { "model": "jre 28", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.020" }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "interactive response", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.1" }, { "model": "nonstop server j06.11.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr9-fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0" }, { "model": "nonstop server j06.15", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.03" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "2008" }, { "model": "messaging application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "update manager update", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "5.01" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.226" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.21.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "virtualcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "antivirus update25", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "nonstop server h06.20.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "jre 10-b03", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-80" }, { "model": "cosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.2" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0" }, { "model": "messaging storage server sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "nonstop server j06.05.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jre 07", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "nonstop server j06.07.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cms server aux", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "15.0" }, { "model": "nonstop server h06.21.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server h06.19.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk 0 09", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "linux enterprise java sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "jre 1.5.0 08", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "hirdb for java", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.2" }, { "model": "ucosminexus application server smart edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.227" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.7" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.224" }, { "model": "nonstop server j06.11.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "nonstop server h06.26.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "linux enterprise server sp1 for sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.221" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.021" }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "desktop extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "nonstop server j06.04.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "nonstop server j06.04.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "nonstop server j06.06.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus primary server base", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.016" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "nonstop server h06.21.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.021" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.07" }, { "model": "nonstop server j06.06.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.17.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk 1.5.0 07-b03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "jdk update25", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "jdk update21", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.016" }, { "model": "linux enterprise software development kit sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "java se sr13-fp11", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.4.2" }, { "model": "network node manager i", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.1" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.018" }, { "model": "update manager", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura system platform sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "jdk 1.6.0 01-b06", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "cosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.07" }, { "model": "enterprise linux sap", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "nonstop server h06.20.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "nonstop server j06.10.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server h06.17.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.017" }, { "model": "enterprise linux hpc node supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "ucosminexus application server standard-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "nonstop server h06.16.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update17", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "jdk 1.5.0.0 03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.4" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "antivirus update15", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.2" }, { "model": "nonstop server j06.05.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "linux enterprise java sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "sdk 02", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.017" }, { "model": "jdk update22", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.222" }, { "model": "nonstop server h06.20.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update15", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "cosminexus developer no version", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5" }, { "model": "jdk 0 03", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "jdk update18", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "jdk update20", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "nonstop server j06.09.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0.1" }, { "model": "linux enterprise desktop sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "nonstop server h06.17.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.08.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura conferencing standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server j06.10.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "nonstop server h06.25.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.18.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus application server no version", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.27", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.05" }, { "model": "nonstop server h06.17.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.14.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.2" } ], "sources": [ { "db": "BID", "id": "50223" }, { "db": "JVNDB", "id": "JVNDB-2011-002583" }, { "db": "NVD", "id": "CVE-2011-3549" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:vmware:esx", "vulnerable": true }, { "cpe22Uri": "cpe:/a:vmware:vcenter", "vulnerable": true }, { "cpe22Uri": "cpe:/a:vmware:virtualcenter", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:sun:jdk", "vulnerable": true }, { "cpe22Uri": "cpe:/a:sun:jre", "vulnerable": true }, { "cpe22Uri": "cpe:/a:sun:sdk", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:enterprise_linux", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:enterprise_linux_hpc_node_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_server_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_server_supplementary_eus", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_workstation_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_desktop_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_client", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developers_kit_for_java", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_primary_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:hirdb_for_java_xml", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:hitachi_developers_kit_for_java", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:processing_kit_for_xml", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_client", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_operator", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_portal_framework", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_primary_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_service", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-002583" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "107305" }, { "db": "PACKETSTORM", "id": "123734" }, { "db": "PACKETSTORM", "id": "110287" }, { "db": "PACKETSTORM", "id": "105998" }, { "db": "PACKETSTORM", "id": "108498" } ], "trust": 0.5 }, "cve": "CVE-2011-3549", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CVE-2011-3549", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2011-3549", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2011-3549", "trust": 0.8, "value": "High" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-002583" }, { "db": "NVD", "id": "CVE-2011-3549" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. Oracle Java SE is prone to a remote vulnerability in Java Runtime Environment. \nThe vulnerability can be exploited over multiple protocols. This issue affects the \u0027Swing\u0027 sub-component. \nThis vulnerability affects the following supported versions:\n6 Update 27, 5.0 Update 31, 1.4.2_33. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nHitachi Cosminexus Products Java Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA46694\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46694/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46694\n\nRELEASE DATE:\n2011-11-08\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46694/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46694/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46694\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nHitachi has acknowledged multiple vulnerabilities in Hitachi\nCosminexus products, which can be exploited by malicious users to\ndisclose certain information and by malicious people to disclose\npotentially sensitive information, hijack a user\u0027s session, conduct\nDNS cache poisoning attacks, manipulate certain data, cause a DoS\n(Denial of Service), and compromise a vulnerable system. \n\nThe vulnerabilities are caused due to vulnerabilities in the bundled\nversion of Cosminexus Developer\u0027s Kit for Java. \n\nFor more information:\nSA46512\n\nPlease see the vendor\u0027s advisory for a list of affected products. Please see the vendor\u0027s advisory for\ndetails. \n\nORIGINAL ADVISORY:\nhttp://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-024/index.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. In a typical operating environment, these are of low security risk as\nthe runtime is not used on untrusted applets. 6) - x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: java-1.6.0-sun security update\nAdvisory ID: RHSA-2011:1384-01\nProduct: Red Hat Enterprise Linux Extras\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2011-1384.html\nIssue date: 2011-10-19\nCVE Names: CVE-2011-3389 CVE-2011-3516 CVE-2011-3521 \n CVE-2011-3544 CVE-2011-3545 CVE-2011-3546 \n CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 \n CVE-2011-3550 CVE-2011-3551 CVE-2011-3552 \n CVE-2011-3553 CVE-2011-3554 CVE-2011-3555 \n CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 \n CVE-2011-3560 CVE-2011-3561 \n=====================================================================\n\n1. Summary:\n\nUpdated java-1.6.0-sun packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise\nLinux 5 and 6 Supplementary. \n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Desktop version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux AS version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux ES version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux WS version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. Further\ninformation about these flaws can be found on the Oracle Java SE Critical\nPatch page, listed in the References section. (CVE-2011-3389,\nCVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546,\nCVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551,\nCVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3555, CVE-2011-3556,\nCVE-2011-3557, CVE-2011-3558, CVE-2011-3560, CVE-2011-3561)\n\nAll users of java-1.6.0-sun are advised to upgrade to these updated\npackages, which provide JDK and JRE 6 Update 29 and resolve these issues. \nAll running instances of Sun Java must be restarted for the update to take\neffect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)\n745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936)\n745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600)\n745391 - CVE-2011-3551 OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640)\n745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417)\n745399 - CVE-2011-3544 OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823)\n745442 - CVE-2011-3521 OpenJDK: IIOP deserialization code execution (Deserialization, 7055902)\n745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857)\n745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466)\n745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012)\n745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773)\n745476 - CVE-2011-3553 OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794)\n745492 - CVE-2011-3558 OpenJDK: Hotspot unspecified issue (Hotspot, 7070134)\n747191 - CVE-2011-3545 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Sound)\n747198 - CVE-2011-3549 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Swing)\n747200 - CVE-2011-3550 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (AWT)\n747203 - CVE-2011-3516 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)\n747205 - CVE-2011-3546 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)\n747206 - CVE-2011-3555 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (JRE)\n747208 - CVE-2011-3561 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)\n\n6. Package List:\n\nRed Hat Enterprise Linux AS version 4 Extras:\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm\n\nRed Hat Desktop version 4 Extras:\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm\n\nRed Hat Enterprise Linux ES version 4 Extras:\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm\n\nRed Hat Enterprise Linux WS version 4 Extras:\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5):\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 5):\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6):\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3389.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3516.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3521.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3544.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3545.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3546.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3547.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3548.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3549.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3550.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3551.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3552.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3553.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3554.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3555.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3556.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3557.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3558.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3560.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3561.html\nhttps://access.redhat.com/security/updates/classification/#critical\nhttp://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2011 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFOnw+BXlSAg2UNWIIRArM2AJwNT0vxdrXLgkZjOCwP8LkDemBYzQCbBrE3\n0MJzQCB587rTzSRSo+gGytc=\n=809z\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac\nOS X 10.6 Update 6\n\nJava for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6\nare now available and address the following:\n\nJava\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nMac OS X v10.7.2, Mac OS X Server v10.7.2\nImpact: Multiple vulnerabilities in Java 1.6.0_26\nDescription: Multiple vulnerabilities exist in Java 1.6.0_26, the\nmost serious of which may allow an untrusted Java applet to execute\narbitrary code outside the Java sandbox. Visiting a web page\ncontaining a maliciously crafted untrusted Java applet may lead to\narbitrary code execution with the privileges of the current user. \nThese issues are addressed by updating to Java version 1.6.0_29. \nFurther information is available via the Java website at\nhttp://java.sun.com/javase/6/webnotes/ReleaseNotes.html\nCVE-ID\nCVE-2011-3389\nCVE-2011-3521\nCVE-2011-3544\nCVE-2011-3545\nCVE-2011-3546\nCVE-2011-3547\nCVE-2011-3548\nCVE-2011-3549\nCVE-2011-3551\nCVE-2011-3552\nCVE-2011-3553\nCVE-2011-3554\nCVE-2011-3556\nCVE-2011-3557\nCVE-2011-3558\nCVE-2011-3560\nCVE-2011-3561\n\nJava for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6\nmay be obtained from the Software Update pane in System Preferences,\nor Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nFor Mac OS X v10.6 systems\nThe download file is named: JavaForMacOSX10.6.dmg\nIts SHA-1 digest is: be0ac75b8bac967f1d39a94ebf9482a61fb7d70b\n\nFor Mac OS X v10.7 systems\nThe download file is named: JavaForMacOSX10.7.dmg\nIts SHA-1 digest is: 7768e6aeb5adaa638c74d4c04150517ed99fed20\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.16 (Darwin)\n\niQEcBAEBAgAGBQJOuZNKAAoJEGnF2JsdZQeece8H/1I98YQ1LF4iDD442zB+WjZP\n2Vxd3euXYwySD6qDCYNLJ0hUKu90c/4nr5d5rRH3xYdBzAHuZG39m069lpN1UZIW\nt5ube+j9zjiejnXlPbAgq+vIAg22nu0EdxhOOZZeQOoEYqyoKhXNCt3fR+tzo3o4\nmN/LWMO1NwrM0sGDPuUGs2TWdPZbC4QJJz4Z4S+FsTlujYh9MRd3dyxLBIg7BKCL\nwgnFdpFW8bPmVdiTj91pC0Gb3XtolQxexXGHsdI15KeFMbQ06nKV/AyvxMF8O5jS\nD089GEHE52NAQCZ0YJ6TJsisrGqTZZ77js55cPU259FogxEKKBuwfdFbn4qVeD8=\n=4KBF\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c03316985\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c03316985\nVersion: 1\n\nHPSBUX02777 SSRT100854 rev.1 - HP-UX Running Java JRE and JDK, Remote Denial\nof Service (DoS), Unauthorized Modification and Disclosure of Information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2012-05-15\nLast Updated: 2012-05-15\n\n- -----------------------------------------------------------------------------\n\nPotential Security Impact: Remote Denial of service, unauthorized\nmodification and disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified in Java Runtime\nEnvironment (JRE) and Java Developer Kit (JDK) running on HP-UX. These\nvulnerabilities may allow remote Denial of Service (DoS), unauthorized\nmodification and disclosure of information. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2010-4447 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2010-4448 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6\nCVE-2010-4454 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2010-4462 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2010-4465 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2010-4469 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2010-4473 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2010-4475 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2010-4476 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2011-0802 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-0814 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-0815 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-0862 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-0864 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-0865 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6\nCVE-2011-0867 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2011-0871 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2011-3545 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3547 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2011-3548 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3549 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3552 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6\nCVE-2011-3556 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2011-3557 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2011-3560 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2011-3563 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4\nCVE-2012-0499 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2012-0502 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4\nCVE-2012-0503 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2012-0505 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2012-0506 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP is providing the following Java updates to resolve the vulnerabilities. \nThe updates are available from: http://www.hp.com/go/java\n\nThese issues are addressed in the following versions of the HP Java:\n\nHP-UX B.11.11 / SDK and JRE v1.4.2.28 or subsequent\n\nHP-UX B.11.23 / SDK and JRE v1.4.2.28 or subsequent\n\nHP-UX B.11.31 / SDK and JRE v1.4.2.28 or subsequent\n\nMANUAL ACTIONS: Yes - Update\n\nFor Java v1.4.2.27 and earlier, update to Java v1.4.2.28 or subsequent. \n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant:\nHP-UX Software Assistant is an enhanced application that replaces HP-UX\nSecurity Patch Check. It analyzes all HP-issued Security Bulletins and lists\nrecommended actions that may apply to a specific HP-UX system. It can also\ndownload patches and create a depot automatically. For more information see:\nhttps://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\nHP-UX B.11.23\nHP-UX B.11.31\n===========\nJpi14.JPI14-COM\nJpi14.JPI14-COM-DOC\nJpi14.JPI14-IPF32\nJpi14.JPI14-PA11\nJdk14.JDK14-COM\nJdk14.JDK14-DEMO\nJdk14.JDK14-IPF32\nJdk14.JDK14-IPF64\nJdk14.JDK14-PA11\nJdk14.JDK14-PA20\nJdk14.JDK14-PA20W\nJdk14.JDK14-PNV2\nJdk14.JDK14-PWV2\nJre14.JRE14-COM\nJre14.JRE14-COM-DOC\nJre14.JRE14-IPF32\nJre14.JRE14-IPF32-HS\nJre14.JRE14-IPF64\nJre14.JRE14-IPF64-HS\nJre14.JRE14-PA11\nJre14.JRE14-PA11-HS\nJre14.JRE14-PA20\nJre14.JRE14-PA20-HS\nJre14.JRE14-PA20W\nJre14.JRE14-PA20W-HS\nJre14.JRE14-PNV2\nJre14.JRE14-PNV2-H\nJre14.JRE14-PWV2\nJre14.JRE14-PWV2-H\naction: install revision 1.4.2.28.00 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 15 May 2012 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated\nperiodically, is contained in HP Security Notice HPSN-2011-001:\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttp://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits;damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners", "sources": [ { "db": "NVD", "id": "CVE-2011-3549" }, { "db": "JVNDB", "id": "JVNDB-2011-002583" }, { "db": "BID", "id": "50223" }, { "db": "PACKETSTORM", "id": "107305" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "123734" }, { "db": "PACKETSTORM", "id": "110287" }, { "db": "PACKETSTORM", "id": "111633" }, { "db": "PACKETSTORM", "id": "105998" }, { "db": "PACKETSTORM", "id": "108498" }, { "db": "PACKETSTORM", "id": "106792" }, { "db": "PACKETSTORM", "id": "112826" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-3549", "trust": 2.9 }, { "db": "BID", "id": "50223", "trust": 1.3 }, { "db": "SECUNIA", "id": "48308", "trust": 1.0 }, { "db": "SECUNIA", "id": "49198", "trust": 1.0 }, { "db": "SECUNIA", "id": "48692", "trust": 1.0 }, { "db": "SECTRACK", "id": "1026215", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2011-002583", "trust": 0.8 }, { "db": "HITACHI", "id": "HS11-024", "trust": 0.4 }, { "db": "ICS CERT", "id": "ICSA-17-213-02", "trust": 0.3 }, { "db": "SECUNIA", "id": "46694", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "107305", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106747", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "123734", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "110287", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "111633", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "105998", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "108498", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106792", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "112826", "trust": 0.1 } ], "sources": [ { "db": "BID", "id": "50223" }, { "db": "JVNDB", "id": "JVNDB-2011-002583" }, { "db": "PACKETSTORM", "id": "107305" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "123734" }, { "db": "PACKETSTORM", "id": "110287" }, { "db": "PACKETSTORM", "id": "111633" }, { "db": "PACKETSTORM", "id": "105998" }, { "db": "PACKETSTORM", "id": "108498" }, { "db": "PACKETSTORM", "id": "106792" }, { "db": "PACKETSTORM", "id": "112826" }, { "db": "NVD", "id": "CVE-2011-3549" } ] }, "id": "VAR-201110-0380", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 1.0 }, "last_update_date": "2024-09-19T20:42:49.447000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "HT5045", "trust": 0.8, "url": "http://support.apple.com/kb/HT5045" }, { "title": "HS11-024", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-024/index.html" }, { "title": "Oracle Java SE Critical Patch Update Advisory - October 2011", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" }, { "title": "RHSA-2013:1455", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2013-1455.html" }, { "title": "RHSA-2011:1384", "trust": 0.8, "url": "http://rhn.redhat.com/errata/RHSA-2011-1384.html" }, { "title": "RHSA-2011:1478", "trust": 0.8, "url": "http://rhn.redhat.com/errata/RHSA-2011-1478.html" }, { "title": "October 2011 Critical Patch Updates Released", "trust": 0.8, "url": "http://blogs.oracle.com/security/entry/october_2011_critical_patch_updates" }, { "title": "VMSA-2012-0003", "trust": 0.8, "url": "http://www.vmware.com/jp/support/support-resources/advisories/VMSA-2012-0003.html" }, { "title": "HS11-024", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-024/index.html" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-002583" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2011-3549" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "http://www.ibm.com/developerworks/java/jdk/alerts/" }, { "trust": 1.5, "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2013-1455.html" }, { "trust": 1.0, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html" }, { "trust": 1.0, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2" }, { "trust": 1.0, "url": "http://secunia.com/advisories/48308" }, { "trust": 1.0, "url": "http://secunia.com/advisories/48692" }, { "trust": 1.0, "url": "http://secunia.com/advisories/49198" }, { "trust": 1.0, "url": "http://www.redhat.com/support/errata/rhsa-2011-1384.html" }, { "trust": 1.0, "url": "http://www.redhat.com/support/errata/rhsa-2011-1478.html" }, { "trust": 1.0, "url": "http://www.redhat.com/support/errata/rhsa-2012-0006.html" }, { "trust": 1.0, "url": "http://www.securityfocus.com/bid/50223" }, { "trust": 1.0, "url": "http://www.securitytracker.com/id?1026215" }, { "trust": 1.0, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70844" }, { "trust": 1.0, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a13885" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3549" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3549" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3549" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3545" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3552" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3556" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3548" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3547" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3389" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3560" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3557" }, { "trust": 0.5, "url": "https://www.redhat.com/security/data/cve/cve-2011-3547.html" }, { "trust": 0.5, "url": "https://www.redhat.com/security/data/cve/cve-2011-3548.html" }, { "trust": 0.5, "url": "https://www.redhat.com/security/data/cve/cve-2011-3556.html" }, { "trust": 0.5, "url": "https://www.redhat.com/security/data/cve/cve-2011-3549.html" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3554" }, { "trust": 0.5, "url": "https://www.redhat.com/security/data/cve/cve-2011-3545.html" }, { "trust": 0.5, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.5, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.5, "url": "https://www.redhat.com/security/data/cve/cve-2011-3552.html" }, { "trust": 0.5, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.5, "url": "http://bugzilla.redhat.com/):" }, { "trust": 0.4, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs11-024/index.html" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3521" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2011-3389.html" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2011-3560.html" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2011-3557.html" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-213-02" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100150852" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100154049" }, { "trust": 0.3, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03358587" }, { "trust": 0.3, "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?docid=emr_na-c03909126-1\u0026ac.admitted=1378134276525.876444892.492883150" }, { "trust": 0.3, "url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03266681\u0026ac.admitted=1333452464452.876444892.492883150" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643845" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21641966" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21609004" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21609022" }, { "trust": 0.3, "url": "http://lists.vmware.com/pipermail/security-announce/2012/000162.html" }, { "trust": 0.3, "url": "http://www.vmware.com/security/advisories/vmsa-2012-0005.html" }, { "trust": 0.3, "url": "http://www.xerox.com/download/security/security-bulletin/1284333-14afb-4baadb5bccb00/cert_xrx12-002_v1.1.pdf" }, { "trust": 0.3, "url": "https://access.redhat.com/kb/docs/doc-11259" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3554.html" }, { "trust": 0.3, "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3546" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3553" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3551" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3561" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3544" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3551.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3561.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0862" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3516.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3521.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3553.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3516" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3544.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0867" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3550" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0865" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3546.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3550.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0871" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0802" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0814" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3563" }, { "trust": 0.2, "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.2, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.2, "url": "http://www.hp.com/go/java" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0499" }, { "trust": 0.2, "url": "https://www.hp.com/go/swa" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3558" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2011-1478.html" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46694/#comments" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/products/corporate/vim/ovum_2011_request/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46694" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46694/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2468.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0873.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1540.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1476.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2463.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2446.html" }, { "trust": 0.1, "url": "https://access.redhat.com/site/articles/11258" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1500.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0428.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1480.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2419.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3563.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0401.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2444.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0425.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2454.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5089.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1722.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5079.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0497.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0500.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0419.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2422.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1721.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5081.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0409.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5071.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0863.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0423.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1532.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3216.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5069.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0499.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0867.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5084.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0443.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0507.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2451.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0809.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1487.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0351.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0814.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-4820.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0503.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0427.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0433.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1493.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1569.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5073.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-4823.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2435.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2456.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-3743.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#low" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2407.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0871.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2470.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5068.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1541.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0868.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-4822.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0873" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3159.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1557.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5075.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2471.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2429.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2443.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1713.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3213.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0441.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2457.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2412.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5072.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1718.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0432.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0446.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1481.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1537.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1717.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1531.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2432.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2447.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0802.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2452.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0865.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0450.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1491.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2464.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0862.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1571.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2383.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2418.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1473.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0547.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1563.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2465.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2472.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2466.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2424.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2453.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2473.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2433.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2437.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1716.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0506.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5083.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0501.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1533.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3342.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0869" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0426.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2450.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3143.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0440.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1725.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0502.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2417.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0445.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2394.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2455.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0498.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1682.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2442.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2459.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2430.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0442.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0551.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0424.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0869.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2448.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0863" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1719.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1486.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-5035.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2384.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0169.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0505.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2469.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0438.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0868" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1478.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0435.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0434.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2420.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2440.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://access.redhat.com/knowledge/articles/11258" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2012-0343.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0507" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0503" }, { "trust": 0.1, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0501" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0498" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0502" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0505" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0506" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3555" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2011-1384.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3558.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3555.html" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2012-0006.html" }, { "trust": 0.1, "url": "http://support.apple.com/kb/ht1222" }, { "trust": 0.1, "url": "http://www.apple.com/support/downloads/" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "http://java.sun.com/javase/6/webnotes/releasenotes.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4469" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4448" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0864" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4454" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0815" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4476" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4462" }, { "trust": 0.1, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4465" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4475" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4473" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4447" } ], "sources": [ { "db": "BID", "id": "50223" }, { "db": "JVNDB", "id": "JVNDB-2011-002583" }, { "db": "PACKETSTORM", "id": "107305" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "123734" }, { "db": "PACKETSTORM", "id": "110287" }, { "db": "PACKETSTORM", "id": "111633" }, { "db": "PACKETSTORM", "id": "105998" }, { "db": "PACKETSTORM", "id": "108498" }, { "db": "PACKETSTORM", "id": "106792" }, { "db": "PACKETSTORM", "id": "112826" }, { "db": "NVD", "id": "CVE-2011-3549" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "50223" }, { "db": "JVNDB", "id": "JVNDB-2011-002583" }, { "db": "PACKETSTORM", "id": "107305" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "123734" }, { "db": "PACKETSTORM", "id": "110287" }, { "db": "PACKETSTORM", "id": "111633" }, { "db": "PACKETSTORM", "id": "105998" }, { "db": "PACKETSTORM", "id": "108498" }, { "db": "PACKETSTORM", "id": "106792" }, { "db": "PACKETSTORM", "id": "112826" }, { "db": "NVD", "id": "CVE-2011-3549" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-10-18T00:00:00", "db": "BID", "id": "50223" }, { "date": "2011-10-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-002583" }, { "date": "2011-11-24T19:22:00", "db": "PACKETSTORM", "id": "107305" }, { "date": "2011-11-08T04:55:18", "db": "PACKETSTORM", "id": "106747" }, { "date": "2013-10-23T22:57:57", "db": "PACKETSTORM", "id": "123734" }, { "date": "2012-02-29T16:04:30", "db": "PACKETSTORM", "id": "110287" }, { "date": "2012-04-06T02:42:03", "db": "PACKETSTORM", "id": "111633" }, { "date": "2011-10-19T22:54:10", "db": "PACKETSTORM", "id": "105998" }, { "date": "2012-01-09T22:38:38", "db": "PACKETSTORM", "id": "108498" }, { "date": "2011-11-09T18:31:22", "db": "PACKETSTORM", "id": "106792" }, { "date": "2012-05-17T21:16:37", "db": "PACKETSTORM", "id": "112826" }, { "date": "2011-10-19T21:55:01.330000", "db": "NVD", "id": "CVE-2011-3549" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-08-02T18:09:00", "db": "BID", "id": "50223" }, { "date": "2015-08-11T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-002583" }, { "date": "2018-01-06T02:29:20.050000", "db": "NVD", "id": "CVE-2011-3549" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "network", "sources": [ { "db": "BID", "id": "50223" } ], "trust": 0.3 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Oracle Java SE of Java Runtime Environment (JRE) Component vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-002583" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unknown", "sources": [ { "db": "BID", "id": "50223" } ], "trust": 0.3 } }
var-201110-0392
Vulnerability from variot
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists because Java does not sufficiently verify parameters certain functions. The function MixerSequencer.nAddControllerEventCallback fails to check for negative index numbers before writing user supplied data into a static array. This allows a malicious applet to write user controlled data outside the array boundaries resulting in remote code execution under the context of the current user. The vulnerability can be exploited over multiple protocols. This issue affects the 'Sound' sub-component. This vulnerability affects the following supported versions: 6 Update 27, 5.0 Update 31, 1.4.2_33, JRockit R28.1.4. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201111-02
http://security.gentoo.org/
Severity: Normal Title: Oracle JRE/JDK: Multiple vulnerabilities Date: November 05, 2011 Bugs: #340421, #354213, #370559, #387851 ID: 201111-02
Synopsis
Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/sun-jre-bin < 1.6.0.29 >= 1.6.0.29 * 2 app-emulation/emul-linux-x86-java < 1.6.0.29 >= 1.6.0.29 * 3 dev-java/sun-jdk < 1.6.0.29 >= 1.6.0.29 * ------------------------------------------------------------------- NOTE: Packages marked with asterisks require manual intervention! ------------------------------------------------------------------- 3 affected packages -------------------------------------------------------------------
Description
Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below and the associated Oracle Critical Patch Update Advisory for details.
Workaround
There is no known workaround at this time.
Resolution
All Oracle JDK 1.6 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.6.0.29"
All Oracle JRE 1.6 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.6.0.29"
All users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to the latest version:
# emerge --sync # emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.6.0.29"
NOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically. This limitation is not present on a non-fetch restricted implementation such as dev-java/icedtea-bin.
References
[ 1 ] CVE-2010-3541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541 [ 2 ] CVE-2010-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548 [ 3 ] CVE-2010-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549 [ 4 ] CVE-2010-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550 [ 5 ] CVE-2010-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551 [ 6 ] CVE-2010-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552 [ 7 ] CVE-2010-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553 [ 8 ] CVE-2010-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554 [ 9 ] CVE-2010-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555 [ 10 ] CVE-2010-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556 [ 11 ] CVE-2010-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557 [ 12 ] CVE-2010-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558 [ 13 ] CVE-2010-3559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559 [ 14 ] CVE-2010-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560 [ 15 ] CVE-2010-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561 [ 16 ] CVE-2010-3562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562 [ 17 ] CVE-2010-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563 [ 18 ] CVE-2010-3565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565 [ 19 ] CVE-2010-3566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566 [ 20 ] CVE-2010-3567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567 [ 21 ] CVE-2010-3568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568 [ 22 ] CVE-2010-3569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569 [ 23 ] CVE-2010-3570 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570 [ 24 ] CVE-2010-3571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571 [ 25 ] CVE-2010-3572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572 [ 26 ] CVE-2010-3573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573 [ 27 ] CVE-2010-3574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574 [ 28 ] CVE-2010-4422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422 [ 29 ] CVE-2010-4447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447 [ 30 ] CVE-2010-4448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448 [ 31 ] CVE-2010-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450 [ 32 ] CVE-2010-4451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451 [ 33 ] CVE-2010-4452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452 [ 34 ] CVE-2010-4454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454 [ 35 ] CVE-2010-4462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462 [ 36 ] CVE-2010-4463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463 [ 37 ] CVE-2010-4465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465 [ 38 ] CVE-2010-4466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466 [ 39 ] CVE-2010-4467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467 [ 40 ] CVE-2010-4468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468 [ 41 ] CVE-2010-4469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469 [ 42 ] CVE-2010-4470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470 [ 43 ] CVE-2010-4471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471 [ 44 ] CVE-2010-4472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472 [ 45 ] CVE-2010-4473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473 [ 46 ] CVE-2010-4474 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474 [ 47 ] CVE-2010-4475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475 [ 48 ] CVE-2010-4476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476 [ 49 ] CVE-2011-0802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802 [ 50 ] CVE-2011-0814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814 [ 51 ] CVE-2011-0815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815 [ 52 ] CVE-2011-0862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862 [ 53 ] CVE-2011-0863 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863 [ 54 ] CVE-2011-0864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864 [ 55 ] CVE-2011-0865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865 [ 56 ] CVE-2011-0867 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867 [ 57 ] CVE-2011-0868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868 [ 58 ] CVE-2011-0869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869 [ 59 ] CVE-2011-0871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871 [ 60 ] CVE-2011-0872 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872 [ 61 ] CVE-2011-0873 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873 [ 62 ] CVE-2011-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389 [ 63 ] CVE-2011-3516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516 [ 64 ] CVE-2011-3521 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521 [ 65 ] CVE-2011-3544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544 [ 66 ] CVE-2011-3545 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545 [ 67 ] CVE-2011-3546 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546 [ 68 ] CVE-2011-3547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547 [ 69 ] CVE-2011-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548 [ 70 ] CVE-2011-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549 [ 71 ] CVE-2011-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550 [ 72 ] CVE-2011-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551 [ 73 ] CVE-2011-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552 [ 74 ] CVE-2011-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553 [ 75 ] CVE-2011-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554 [ 76 ] CVE-2011-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555 [ 77 ] CVE-2011-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556 [ 78 ] CVE-2011-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557 [ 79 ] CVE-2011-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558 [ 80 ] CVE-2011-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560 [ 81 ] CVE-2011-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201111-02.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: java-1.5.0-ibm security update Advisory ID: RHSA-2011:1478-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1478.html Issue date: 2011-11-24 CVE Names: CVE-2011-3545 CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 CVE-2011-3552 CVE-2011-3554 CVE-2011-3556 =====================================================================
- Summary:
Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
- Detailed vulnerability descriptions are linked from the IBM "Security alerts" page, listed in the References section. (CVE-2011-3545, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3552, CVE-2011-3554, CVE-2011-3556)
All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.5.0 SR13 Java release. All running instances of IBM Java must be restarted for this update to take effect.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
- Bugs fixed (http://bugzilla.redhat.com/):
745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600) 745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417) 745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857) 745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466) 745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773) 747191 - CVE-2011-3545 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Sound) 747198 - CVE-2011-3549 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Swing)
- Package List:
Red Hat Enterprise Linux AS version 4 Extras:
i386: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.i386.rpm
ppc: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.ppc64.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el4.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.ppc64.rpm
s390: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.s390.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.s390.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.s390.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el4.s390.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.s390.rpm
s390x: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.s390x.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.s390x.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.s390x.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.s390x.rpm
x86_64: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.x86_64.rpm
Red Hat Desktop version 4 Extras:
i386: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.i386.rpm
x86_64: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.x86_64.rpm
Red Hat Enterprise Linux ES version 4 Extras:
i386: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.i386.rpm
x86_64: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.x86_64.rpm
Red Hat Enterprise Linux WS version 4 Extras:
i386: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.i386.rpm
x86_64: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.x86_64.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el5.i386.rpm
x86_64: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.13.0-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el5.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el5.i386.rpm
ppc: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-accessibility-1.5.0.13.0-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el5.ppc64.rpm
s390x: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el5.s390.rpm java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-accessibility-1.5.0.13.0-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el5.s390.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el5.s390.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el5.s390.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el5.s390.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el5.s390x.rpm
x86_64: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.13.0-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el5.x86_64.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el6.i686.rpm
x86_64: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node Supplementary (v. 6):
x86_64: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el6.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el6.i686.rpm
ppc64: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el6.ppc64.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el6.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.ppc.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el6.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el6.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el6.ppc.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el6.ppc64.rpm
s390x: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el6.s390x.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el6.s390x.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.s390.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.s390x.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el6.s390.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el6.s390x.rpm
x86_64: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el6.i686.rpm
x86_64: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-3545.html https://www.redhat.com/security/data/cve/CVE-2011-3547.html https://www.redhat.com/security/data/cve/CVE-2011-3548.html https://www.redhat.com/security/data/cve/CVE-2011-3549.html https://www.redhat.com/security/data/cve/CVE-2011-3552.html https://www.redhat.com/security/data/cve/CVE-2011-3554.html https://www.redhat.com/security/data/cve/CVE-2011-3556.html https://access.redhat.com/security/updates/classification/#critical http://www.ibm.com/developerworks/java/jdk/alerts/ http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFOzmt6XlSAg2UNWIIRAi6QAKDBjSeCRF5ohy6oBxvlL2bKiIywSACeKzcH 3KDDc4HKBfG2KfDqGTHcd5E= =Nb9O -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Hitachi Cosminexus Products Java Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA46694
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46694/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46694
RELEASE DATE: 2011-11-08
DISCUSS ADVISORY: http://secunia.com/advisories/46694/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46694/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46694
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Hitachi has acknowledged multiple vulnerabilities in Hitachi Cosminexus products, which can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
The vulnerabilities are caused due to vulnerabilities in the bundled version of Cosminexus Developer's Kit for Java.
For more information: SA46512
Please see the vendor's advisory for a list of affected products. Please see the vendor's advisory for details.
ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-024/index.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. More details can be found at:
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
-- Disclosure Timeline: 2011-05-12 - Vulnerability reported to vendor 2011-10-26 - Coordinated public release of advisory
-- Credit: This vulnerability was discovered by:
- axtaxt
-- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
Follow the ZDI on Twitter:
http://twitter.com/thezdi
. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. 6) - x86_64
Release Date: 2012-01-23 Last Updated: 2012-01-23
Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.12 or earlier
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-3516 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2011-3521 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3544 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3545 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3546 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8 CVE-2011-3547 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3548 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3549 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3550 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2011-3551 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2011-3552 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2011-3553 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2011-3554 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3556 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-3557 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2011-3558 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3560 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2011-3561 (AV:A/AC:H/Au:N/C:P/I:N/A:N) 1.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following Java version upgrades to resolve these vulnerabilities. This bulletin will be revised as other upgrades for additional supported Java versions become available. The upgrades are available from the following location
http://www.hp.com/go/java
HP-UX B.11.11, B.11.23, B.11.31 JDK and JRE v6.0.13 or subsequent
MANUAL ACTIONS: Yes - Update For Java v6.0.12 and earlier, update to Java v6.0.13 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 =========== Jre60.JRE60-COM Jre60.JRE60-IPF32 Jre60.JRE60-IPF32-HS Jre60.JRE60-IPF64 Jre60.JRE60-IPF64-HS Jre60.JRE60-PA20 Jre60.JRE60-PA20-HS Jre60.JRE60-PA20W Jre60.JRE60-PA20W-HS Jdk60.JDK60-COM Jdk60.JDK60-IPF32 Jdk60.JDK60-IPF64 Jdk60.JDK60-PA20 Jdk60.JDK60-PA20W action: install revision 1.6.0.13.00 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) 23 January 2012 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201110-0392", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jdk", "scope": "eq", "trust": 1.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre", "scope": "eq", "trust": 1.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk", "scope": "eq", "trust": 1.6, "vendor": "sun", "version": "1.4.2_12" }, { "model": "jdk", "scope": "eq", "trust": 1.6, "vendor": "sun", "version": "1.4.2_9" }, { "model": "jdk", "scope": "eq", "trust": 1.6, "vendor": "sun", "version": "1.4.2_14" }, { "model": "jdk", "scope": "eq", "trust": 1.6, "vendor": "sun", "version": "1.4.2_11" }, { "model": "jdk", "scope": "eq", "trust": 1.6, "vendor": "sun", "version": "1.4.2_10" }, { "model": "jdk", "scope": "eq", "trust": 1.6, "vendor": "sun", "version": "1.4.2_17" }, { "model": "jdk", "scope": "eq", "trust": 1.6, "vendor": "sun", "version": "1.4.2_16" }, { "model": "jdk", "scope": "eq", "trust": 1.6, "vendor": "sun", "version": "1.4.2_8" }, { "model": "jdk", "scope": "eq", "trust": 1.6, "vendor": "sun", "version": "1.4.2_15" }, { "model": "jdk", "scope": "eq", "trust": 1.6, "vendor": "sun", "version": "1.4.2_13" }, { "model": "jre", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "jdk", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_22" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_22" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_26" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_17" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_6" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_6" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_27" }, { "model": "jrockit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "r28.1.3" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_27" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_1" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_1" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_18" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_18" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_7" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_25" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_7" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_25" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_31" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_31" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_21" }, { "model": "jrockit", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "r28.1.4" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_21" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_4" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_4" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_28" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_28" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_11" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_2" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_2" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_10" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_16" }, { "model": "jrockit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "r28.1.1" }, { "model": "jrockit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "r28.1.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_14" }, { "model": "jrockit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "r28.0.2" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_12" }, { "model": "jrockit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "r28.0.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_29" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_29" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_20" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_24" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_20" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_24" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_5" }, { "model": "jre", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.4.2_33" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_5" }, { "model": "jdk", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.4.2_33" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_26" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_8" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_32" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_32" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_15" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_30" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_30" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_3" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_3" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_9" }, { "model": "jre", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jdk", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_23" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_23" }, { "model": "jrockit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "r28.0.1" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_19" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_19" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_13" }, { "model": "jre 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.5.0 32", "scope": "ne", "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 08", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "sdk 1.4.2 30", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 24", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.6.0 28", "scope": "ne", "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.4.2 30", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 17", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 16", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 08", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 1.5.0 32", "scope": "ne", "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.4.2 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.5.0 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 27", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 23", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 22", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 18", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 1.4.2 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.4.2 32", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 28", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 12", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 1.4.2 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 22", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 27", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "sdk 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.4.2 12", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 24", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 09", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 16", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 12", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 1.4.2 12", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.5.0 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.4.2 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 01", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 1.5.0 28", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.4.2 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 22", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.4.2 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 1.5.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 28", "scope": "ne", "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "sdk 09", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.4.2 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 23", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.4.2 17", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 10", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 28", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 1.4.2 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.4.2 33", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 26", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 30", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 26", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 24", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 1.4.2 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 22", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 11", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.4.2 16", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 18", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "sdk 1.4.2 16", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 17", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 24", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "sdk 1.4.2 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 30", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "sdk 1.4.2 33", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "sdk 1.4.2 32", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk .0 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 0 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 24", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "java runtime", "scope": null, "trust": 0.7, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0.0 11", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.5.0.0 09", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 11-b03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0 12", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 28", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk .0 04", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 01-b06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.6" }, { "model": "jdk .0 03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0.0 08", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0.0 09", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.5.0.0 07", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 2", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 01", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 27", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 07-b03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0.0 08", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 20", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0.0 12", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "cosminexus server web edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux enterprise for sap applications sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "java se sr8 fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8" }, { "model": "linux enterprise sdk sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "trio tview software", "scope": "eq", "trust": 0.3, "vendor": "schneider electric", "version": "3.27.0" }, { "model": "jrockit r27.6.0-50", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.5.015" }, { "model": "antivirus update19", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "processing kit for xml", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.16.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.1" }, { "model": "nonstop server h06.19.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr11 pf1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "enterprise linux as extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.225" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "jdk 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6" }, { "model": "nonstop server j06.08.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus studio web edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "nonstop server h06.15.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.06" }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "trio tview software", "scope": "ne", "trust": 0.3, "vendor": "schneider electric", "version": "3.29.0" }, { "model": "nonstop server j06.06.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "15.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1" }, { "model": "nonstop server j06.14", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "sdk 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "jrockit r27.6.2", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "jrockit r27.6.5", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "antivirus update17", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "ucosminexus application server express", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-70" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.8" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server j06.09.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.26", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.06" }, { "model": "java se sr10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "nonstop server j06.04.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system platform sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.2" }, { "model": "nonstop server j06.13", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr13", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "linux enterprise server sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "java se sr12", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.0" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "nonstop server j06.09.04", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.2" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "jre 27", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0.0.52" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "cosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "nonstop server h06.18.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.15.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.22.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.014" }, { "model": "nonstop server j06.12.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "ir", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "esx", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.5" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "jrockit r27.6.9", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server j06.05.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.011" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.02" }, { "model": "nonstop server j06.08.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus server standard edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server j06.09.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jrockit r27.6.3", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "jdk update14", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "antivirus update23", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.220" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "jdk update24", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.01" }, { "model": "nonstop server j06.16", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "ucosminexus client for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "java se sr6", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "nonstop server j6.0.14.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "freeflow print server 73.c0.41", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.011" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.2" }, { "model": "enterprise linux desktop supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "jrockit r27.1.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "antivirus update14", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "010" }, { "model": "enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "jrockit r28.1.4", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 11", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "ucosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "ucosminexus service platform messaging", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "antivirus update22", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "antivirus update24", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0" }, { "model": "nonstop server j06.07.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.09.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk 1.5.0.0 04", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "jrockit r28.0.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "nonstop server j06.10.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "jrockit r27.6.6", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "nonstop server j06.06.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.012" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "nonstop server h06.24.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "jdk 1.5.0.0 06", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.0" }, { "model": "jrockit r27.6.8", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.223" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.219" }, { "model": "nonstop server h06.25", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "messaging storage server sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.012" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.04" }, { "model": "ucosminexus application server light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.15.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "freeflow print server 73.b3.61", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "linux enterprise software development kit sp1 for sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "antivirus update16", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.04" }, { "model": "antivirus update18", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "enterprise linux for sap server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "virtualcenter update 6b", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "2.5" }, { "model": "java se sr12-fp5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "security appscan standard", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "jre 1.5.0 09", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "enterprise linux ws extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "java se sr9", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0" }, { "model": "jrockit r28.1.1", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "enterprise linux es extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "jre beta", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "nonstop server j06.07.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "message networking sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux enterprise server for vmware sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.010" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.013" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "jrockit r27.6.4", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "nonstop server j06.08.04", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.08.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura system manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "messaging storage server sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "esx", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "jdk 07", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.015" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.010" }, { "model": "nonstop server h06.15.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.24", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.013" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.018" }, { "model": "cosminexus primary server base", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.019" }, { "model": "antivirus update20", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "java se sr10", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "nonstop server h06.16.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus developer professional for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.18.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.20.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "java se sr11", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.6" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.015" }, { "model": "nonstop server j06.13.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update13", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "nonstop server h06.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.014" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.019" }, { "model": "jdk 1.5.0 11-b03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "nonstop server h06.19.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "java se sr7", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "java se sr13-fp10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "esx", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "antivirus update21", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "jdk update16", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "jrockit r28.0.1", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "jdk update19", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "nonstop server h06.22.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "jrockit r28.1.3", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.020" }, { "model": "enterprise linux as for sap", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "cosminexus studio standard edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "nonstop server h06.19.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update23", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "linux enterprise server sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.03" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.7" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.05" }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.1" }, { "model": "jre 28", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.020" }, { "model": "interactive response", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.1" }, { "model": "nonstop server j06.11.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr9-fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0" }, { "model": "nonstop server j06.15", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.03" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "2008" }, { "model": "messaging application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "update manager update", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "5.01" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.226" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.21.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "virtualcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5" }, { "model": "jrockit r27.6.7", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "antivirus update25", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "nonstop server h06.20.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "jre 10-b03", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "jrockit r27.6.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-80" }, { "model": "cosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.2" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0" }, { "model": "messaging storage server sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "nonstop server j06.05.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jre 07", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "nonstop server j06.07.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cms server aux", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "15.0" }, { "model": "nonstop server h06.21.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server h06.19.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk 0 09", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "linux enterprise java sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "jre 1.5.0 08", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "hirdb for java", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.2" }, { "model": "ucosminexus application server smart edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.227" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.7" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.224" }, { "model": "nonstop server j06.11.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "nonstop server h06.26.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "linux enterprise server sp1 for sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.221" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.021" }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "desktop extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "nonstop server j06.04.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "nonstop server j06.04.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "nonstop server j06.06.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus primary server base", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.016" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "nonstop server h06.21.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.021" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.07" }, { "model": "nonstop server j06.06.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.17.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk 1.5.0 07-b03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "jdk update25", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "jdk update21", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.016" }, { "model": "linux enterprise software development kit sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "java se sr13-fp11", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.4.2" }, { "model": "network node manager i", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.1" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.018" }, { "model": "update manager", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura system platform sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "jdk 1.6.0 01-b06", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "cosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.07" }, { "model": "enterprise linux sap", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "nonstop server h06.20.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "nonstop server j06.10.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server h06.17.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.017" }, { "model": "enterprise linux hpc node supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "ucosminexus application server standard-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "nonstop server h06.16.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update17", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "jdk 1.5.0.0 03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.4" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "antivirus update15", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.2" }, { "model": "nonstop server j06.05.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "linux enterprise java sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "sdk 02", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.017" }, { "model": "jdk update22", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.222" }, { "model": "nonstop server h06.20.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update15", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "cosminexus developer no version", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5" }, { "model": "jdk 0 03", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "jdk update18", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "jdk update20", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "nonstop server j06.09.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0.1" }, { "model": "linux enterprise desktop sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "nonstop server h06.17.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.08.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura conferencing standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server j06.10.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "nonstop server h06.25.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.18.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus application server no version", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.27", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.05" }, { "model": "nonstop server h06.17.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.14.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.2" } ], "sources": [ { "db": "ZDI", "id": "ZDI-11-307" }, { "db": "BID", "id": "50220" }, { "db": "CNNVD", "id": "CNNVD-201110-486" }, { "db": "NVD", "id": "CVE-2011-3545" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "axtaxt", "sources": [ { "db": "ZDI", "id": "ZDI-11-307" } ], "trust": 0.7 }, "cve": "CVE-2011-3545", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CVE-2011-3545", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2011-3545", "impactScore": 8.5, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2011-3545", "trust": 1.0, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2011-3545", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201110-486", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-11-307" }, { "db": "CNNVD", "id": "CNNVD-201110-486" }, { "db": "NVD", "id": "CVE-2011-3545" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists because Java does not sufficiently verify parameters certain functions. The function MixerSequencer.nAddControllerEventCallback fails to check for negative index numbers before writing user supplied data into a static array. This allows a malicious applet to write user controlled data outside the array boundaries resulting in remote code execution under the context of the current user. \nThe vulnerability can be exploited over multiple protocols. This issue affects the \u0027Sound\u0027 sub-component. \nThis vulnerability affects the following supported versions:\n6 Update 27, 5.0 Update 31, 1.4.2_33, JRockit R28.1.4. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201111-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Oracle JRE/JDK: Multiple vulnerabilities\n Date: November 05, 2011\n Bugs: #340421, #354213, #370559, #387851\n ID: 201111-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in the Oracle JRE/JDK,\nallowing attackers to cause unspecified impact. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-java/sun-jre-bin \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n 2 app-emulation/emul-linux-x86-java\n \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n 3 dev-java/sun-jdk \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n -------------------------------------------------------------------\n NOTE: Packages marked with asterisks require manual intervention!\n -------------------------------------------------------------------\n 3 affected packages\n -------------------------------------------------------------------\n\nDescription\n===========\n\nMultiple vulnerabilities have been reported in the Oracle Java\nimplementation. Please review the CVE identifiers referenced below and\nthe associated Oracle Critical Patch Update Advisory for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Oracle JDK 1.6 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-java/sun-jdk-1.6.0.29\"\n\nAll Oracle JRE 1.6 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-java/sun-jre-bin-1.6.0.29\"\n\nAll users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to\nthe latest version:\n\n # emerge --sync\n # emerge -a -1 -v \"\u003e=app-emulation/emul-linux-x86-java-1.6.0.29\"\n\nNOTE: As Oracle has revoked the DLJ license for its Java\nimplementation, the packages can no longer be updated automatically. \nThis limitation is not present on a non-fetch restricted implementation\nsuch as dev-java/icedtea-bin. \n\nReferences\n==========\n\n[ 1 ] CVE-2010-3541\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541\n[ 2 ] CVE-2010-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548\n[ 3 ] CVE-2010-3549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549\n[ 4 ] CVE-2010-3550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550\n[ 5 ] CVE-2010-3551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551\n[ 6 ] CVE-2010-3552\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552\n[ 7 ] CVE-2010-3553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553\n[ 8 ] CVE-2010-3554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554\n[ 9 ] CVE-2010-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555\n[ 10 ] CVE-2010-3556\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556\n[ 11 ] CVE-2010-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557\n[ 12 ] CVE-2010-3558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558\n[ 13 ] CVE-2010-3559\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559\n[ 14 ] CVE-2010-3560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560\n[ 15 ] CVE-2010-3561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561\n[ 16 ] CVE-2010-3562\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562\n[ 17 ] CVE-2010-3563\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563\n[ 18 ] CVE-2010-3565\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565\n[ 19 ] CVE-2010-3566\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566\n[ 20 ] CVE-2010-3567\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567\n[ 21 ] CVE-2010-3568\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568\n[ 22 ] CVE-2010-3569\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569\n[ 23 ] CVE-2010-3570\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570\n[ 24 ] CVE-2010-3571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571\n[ 25 ] CVE-2010-3572\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572\n[ 26 ] CVE-2010-3573\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573\n[ 27 ] CVE-2010-3574\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574\n[ 28 ] CVE-2010-4422\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422\n[ 29 ] CVE-2010-4447\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447\n[ 30 ] CVE-2010-4448\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448\n[ 31 ] CVE-2010-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450\n[ 32 ] CVE-2010-4451\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451\n[ 33 ] CVE-2010-4452\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452\n[ 34 ] CVE-2010-4454\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454\n[ 35 ] CVE-2010-4462\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462\n[ 36 ] CVE-2010-4463\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463\n[ 37 ] CVE-2010-4465\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465\n[ 38 ] CVE-2010-4466\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466\n[ 39 ] CVE-2010-4467\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467\n[ 40 ] CVE-2010-4468\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468\n[ 41 ] CVE-2010-4469\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469\n[ 42 ] CVE-2010-4470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470\n[ 43 ] CVE-2010-4471\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471\n[ 44 ] CVE-2010-4472\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472\n[ 45 ] CVE-2010-4473\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473\n[ 46 ] CVE-2010-4474\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474\n[ 47 ] CVE-2010-4475\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475\n[ 48 ] CVE-2010-4476\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476\n[ 49 ] CVE-2011-0802\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802\n[ 50 ] CVE-2011-0814\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814\n[ 51 ] CVE-2011-0815\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815\n[ 52 ] CVE-2011-0862\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862\n[ 53 ] CVE-2011-0863\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863\n[ 54 ] CVE-2011-0864\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864\n[ 55 ] CVE-2011-0865\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865\n[ 56 ] CVE-2011-0867\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867\n[ 57 ] CVE-2011-0868\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868\n[ 58 ] CVE-2011-0869\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869\n[ 59 ] CVE-2011-0871\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871\n[ 60 ] CVE-2011-0872\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872\n[ 61 ] CVE-2011-0873\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873\n[ 62 ] CVE-2011-3389\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389\n[ 63 ] CVE-2011-3516\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516\n[ 64 ] CVE-2011-3521\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521\n[ 65 ] CVE-2011-3544\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544\n[ 66 ] CVE-2011-3545\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545\n[ 67 ] CVE-2011-3546\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546\n[ 68 ] CVE-2011-3547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547\n[ 69 ] CVE-2011-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548\n[ 70 ] CVE-2011-3549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549\n[ 71 ] CVE-2011-3550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550\n[ 72 ] CVE-2011-3551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551\n[ 73 ] CVE-2011-3552\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552\n[ 74 ] CVE-2011-3553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553\n[ 75 ] CVE-2011-3554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554\n[ 76 ] CVE-2011-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555\n[ 77 ] CVE-2011-3556\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556\n[ 78 ] CVE-2011-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557\n[ 79 ] CVE-2011-3558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558\n[ 80 ] CVE-2011-3560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560\n[ 81 ] CVE-2011-3561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201111-02.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: java-1.5.0-ibm security update\nAdvisory ID: RHSA-2011:1478-01\nProduct: Red Hat Enterprise Linux Extras\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2011-1478.html\nIssue date: 2011-11-24\nCVE Names: CVE-2011-3545 CVE-2011-3547 CVE-2011-3548 \n CVE-2011-3549 CVE-2011-3552 CVE-2011-3554 \n CVE-2011-3556 \n=====================================================================\n\n1. Summary:\n\nUpdated java-1.5.0-ibm packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise\nLinux 5 and 6 Supplementary. \n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Desktop version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux AS version 4 Extras - i386, ppc, s390, s390x, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux ES version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux WS version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. Detailed\nvulnerability descriptions are linked from the IBM \"Security alerts\" page,\nlisted in the References section. (CVE-2011-3545, CVE-2011-3547,\nCVE-2011-3548, CVE-2011-3549, CVE-2011-3552, CVE-2011-3554, CVE-2011-3556)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR13 Java release. All running instances\nof IBM Java must be restarted for this update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600)\n745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417)\n745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857)\n745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466)\n745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773)\n747191 - CVE-2011-3545 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Sound)\n747198 - CVE-2011-3549 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Swing)\n\n6. Package List:\n\nRed Hat Enterprise Linux AS version 4 Extras:\n\ni386:\njava-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.i386.rpm\njava-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.i386.rpm\njava-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.i386.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el4.i386.rpm\njava-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el4.i386.rpm\njava-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el4.i386.rpm\njava-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.i386.rpm\n\nppc:\njava-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.ppc.rpm\njava-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.ppc64.rpm\njava-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.ppc.rpm\njava-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.ppc64.rpm\njava-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.ppc.rpm\njava-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.ppc64.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el4.ppc.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el4.ppc64.rpm\njava-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el4.ppc.rpm\njava-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el4.ppc.rpm\njava-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.ppc.rpm\njava-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.ppc64.rpm\n\ns390:\njava-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.s390.rpm\njava-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.s390.rpm\njava-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.s390.rpm\njava-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el4.s390.rpm\njava-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.s390.rpm\n\ns390x:\njava-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.s390x.rpm\njava-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.s390x.rpm\njava-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.s390x.rpm\njava-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.s390x.rpm\n\nx86_64:\njava-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.x86_64.rpm\njava-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.x86_64.rpm\njava-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.x86_64.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el4.x86_64.rpm\njava-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.x86_64.rpm\n\nRed Hat Desktop version 4 Extras:\n\ni386:\njava-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.i386.rpm\njava-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.i386.rpm\njava-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.i386.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el4.i386.rpm\njava-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el4.i386.rpm\njava-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el4.i386.rpm\njava-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.i386.rpm\n\nx86_64:\njava-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.x86_64.rpm\njava-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.x86_64.rpm\njava-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.x86_64.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el4.x86_64.rpm\njava-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.x86_64.rpm\n\nRed Hat Enterprise Linux ES version 4 Extras:\n\ni386:\njava-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.i386.rpm\njava-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.i386.rpm\njava-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.i386.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el4.i386.rpm\njava-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el4.i386.rpm\njava-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el4.i386.rpm\njava-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.i386.rpm\n\nx86_64:\njava-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.x86_64.rpm\njava-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.x86_64.rpm\njava-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.x86_64.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el4.x86_64.rpm\njava-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.x86_64.rpm\n\nRed Hat Enterprise Linux WS version 4 Extras:\n\ni386:\njava-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.i386.rpm\njava-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.i386.rpm\njava-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.i386.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el4.i386.rpm\njava-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el4.i386.rpm\njava-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el4.i386.rpm\njava-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.i386.rpm\n\nx86_64:\njava-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.x86_64.rpm\njava-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.x86_64.rpm\njava-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.x86_64.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el4.x86_64.rpm\njava-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5):\n\ni386:\njava-1.5.0-ibm-1.5.0.13.0-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-accessibility-1.5.0.13.0-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el5.i386.rpm\n\nx86_64:\njava-1.5.0-ibm-1.5.0.13.0-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-1.5.0.13.0-1jpp.1.el5.x86_64.rpm\njava-1.5.0-ibm-accessibility-1.5.0.13.0-1jpp.1.el5.x86_64.rpm\njava-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el5.x86_64.rpm\njava-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el5.x86_64.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el5.x86_64.rpm\njava-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 5):\n\ni386:\njava-1.5.0-ibm-1.5.0.13.0-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-accessibility-1.5.0.13.0-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el5.i386.rpm\n\nppc:\njava-1.5.0-ibm-1.5.0.13.0-1jpp.1.el5.ppc.rpm\njava-1.5.0-ibm-1.5.0.13.0-1jpp.1.el5.ppc64.rpm\njava-1.5.0-ibm-accessibility-1.5.0.13.0-1jpp.1.el5.ppc.rpm\njava-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el5.ppc.rpm\njava-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el5.ppc64.rpm\njava-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el5.ppc.rpm\njava-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el5.ppc64.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el5.ppc.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el5.ppc64.rpm\njava-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el5.ppc.rpm\njava-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el5.ppc.rpm\njava-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el5.ppc.rpm\njava-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el5.ppc64.rpm\n\ns390x:\njava-1.5.0-ibm-1.5.0.13.0-1jpp.1.el5.s390.rpm\njava-1.5.0-ibm-1.5.0.13.0-1jpp.1.el5.s390x.rpm\njava-1.5.0-ibm-accessibility-1.5.0.13.0-1jpp.1.el5.s390x.rpm\njava-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el5.s390.rpm\njava-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el5.s390x.rpm\njava-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el5.s390.rpm\njava-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el5.s390x.rpm\njava-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el5.s390.rpm\njava-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el5.s390.rpm\njava-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el5.s390x.rpm\n\nx86_64:\njava-1.5.0-ibm-1.5.0.13.0-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-1.5.0.13.0-1jpp.1.el5.x86_64.rpm\njava-1.5.0-ibm-accessibility-1.5.0.13.0-1jpp.1.el5.x86_64.rpm\njava-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el5.x86_64.rpm\njava-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el5.x86_64.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el5.x86_64.rpm\njava-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el5.i386.rpm\njava-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el5.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\njava-1.5.0-ibm-1.5.0.13.0-1jpp.1.el6.i686.rpm\njava-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el6.i686.rpm\njava-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.i686.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el6.i686.rpm\njava-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el6.i686.rpm\njava-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el6.i686.rpm\njava-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el6.i686.rpm\n\nx86_64:\njava-1.5.0-ibm-1.5.0.13.0-1jpp.1.el6.x86_64.rpm\njava-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el6.x86_64.rpm\njava-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.i686.rpm\njava-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.x86_64.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el6.x86_64.rpm\njava-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6):\n\nx86_64:\njava-1.5.0-ibm-1.5.0.13.0-1jpp.1.el6.x86_64.rpm\njava-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el6.x86_64.rpm\njava-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.i686.rpm\njava-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.x86_64.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el6.x86_64.rpm\njava-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\njava-1.5.0-ibm-1.5.0.13.0-1jpp.1.el6.i686.rpm\njava-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el6.i686.rpm\njava-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.i686.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el6.i686.rpm\njava-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el6.i686.rpm\njava-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el6.i686.rpm\njava-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el6.i686.rpm\n\nppc64:\njava-1.5.0-ibm-1.5.0.13.0-1jpp.1.el6.ppc64.rpm\njava-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el6.ppc64.rpm\njava-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.ppc.rpm\njava-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.ppc64.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el6.ppc64.rpm\njava-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el6.ppc.rpm\njava-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el6.ppc.rpm\njava-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el6.ppc64.rpm\n\ns390x:\njava-1.5.0-ibm-1.5.0.13.0-1jpp.1.el6.s390x.rpm\njava-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el6.s390x.rpm\njava-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.s390.rpm\njava-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.s390x.rpm\njava-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el6.s390.rpm\njava-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el6.s390x.rpm\n\nx86_64:\njava-1.5.0-ibm-1.5.0.13.0-1jpp.1.el6.x86_64.rpm\njava-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el6.x86_64.rpm\njava-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.i686.rpm\njava-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.x86_64.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el6.x86_64.rpm\njava-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\njava-1.5.0-ibm-1.5.0.13.0-1jpp.1.el6.i686.rpm\njava-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el6.i686.rpm\njava-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.i686.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el6.i686.rpm\njava-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el6.i686.rpm\njava-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el6.i686.rpm\njava-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el6.i686.rpm\n\nx86_64:\njava-1.5.0-ibm-1.5.0.13.0-1jpp.1.el6.x86_64.rpm\njava-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el6.x86_64.rpm\njava-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.i686.rpm\njava-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.x86_64.rpm\njava-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el6.x86_64.rpm\njava-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3545.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3547.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3548.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3549.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3552.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3554.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3556.html\nhttps://access.redhat.com/security/updates/classification/#critical\nhttp://www.ibm.com/developerworks/java/jdk/alerts/\nhttp://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2011 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFOzmt6XlSAg2UNWIIRAi6QAKDBjSeCRF5ohy6oBxvlL2bKiIywSACeKzcH\n3KDDc4HKBfG2KfDqGTHcd5E=\n=Nb9O\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nHitachi Cosminexus Products Java Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA46694\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46694/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46694\n\nRELEASE DATE:\n2011-11-08\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46694/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46694/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46694\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nHitachi has acknowledged multiple vulnerabilities in Hitachi\nCosminexus products, which can be exploited by malicious users to\ndisclose certain information and by malicious people to disclose\npotentially sensitive information, hijack a user\u0027s session, conduct\nDNS cache poisoning attacks, manipulate certain data, cause a DoS\n(Denial of Service), and compromise a vulnerable system. \n\nThe vulnerabilities are caused due to vulnerabilities in the bundled\nversion of Cosminexus Developer\u0027s Kit for Java. \n\nFor more information:\nSA46512\n\nPlease see the vendor\u0027s advisory for a list of affected products. Please see the vendor\u0027s advisory for\ndetails. \n\nORIGINAL ADVISORY:\nhttp://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-024/index.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. More details\ncan be found at:\n\nhttp://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html\n\n\n\n-- Disclosure Timeline:\n2011-05-12 - Vulnerability reported to vendor\n2011-10-26 - Coordinated public release of advisory\n\n-- Credit:\nThis vulnerability was discovered by:\n\n* axtaxt\n\n\n\n-- About the Zero Day Initiative (ZDI):\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents\na best-of-breed model for rewarding security researchers for responsibly\ndisclosing discovered vulnerabilities. \n\nResearchers interested in getting paid for their security research\nthrough the ZDI can find more information and sign-up at:\n\n http://www.zerodayinitiative.com\n\nThe ZDI is unique in how the acquired vulnerability information is\nused. TippingPoint does not re-sell the vulnerability details or any\nexploit code. Instead, upon notifying the affected product vendor,\nTippingPoint provides its customers with zero day protection through\nits intrusion prevention technology. Explicit details regarding the\nspecifics of the vulnerability are not exposed to any parties until\nan official vendor patch is publicly available. Furthermore, with the\naltruistic aim of helping to secure a broader user base, TippingPoint\nprovides this vulnerability information confidentially to security\nvendors (including competitors) who have a vulnerability protection or\nmitigation product. \n\nOur vulnerability disclosure policy is available online at:\n\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\n\nFollow the ZDI on Twitter:\n\n http://twitter.com/thezdi\n\n. In a typical operating environment, these are of low security risk as\nthe runtime is not used on untrusted applets. 6) - x86_64\n\n3. \n\nRelease Date: 2012-01-23\nLast Updated: 2012-01-23\n\n ------------------------------------------------------------------------------\n\nPotential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. \nHP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.12 or earlier\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2011-3516 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6\nCVE-2011-3521 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3544 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3545 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3546 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8\nCVE-2011-3547 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2011-3548 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3549 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3550 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6\nCVE-2011-3551 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\nCVE-2011-3552 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6\nCVE-2011-3553 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\nCVE-2011-3554 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3556 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2011-3557 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2011-3558 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2011-3560 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2011-3561 (AV:A/AC:H/Au:N/C:P/I:N/A:N) 1.8\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following Java version upgrades to resolve these vulnerabilities. This bulletin will be revised as other upgrades for additional supported Java versions become available. \nThe upgrades are available from the following location\n\nhttp://www.hp.com/go/java\n\nHP-UX B.11.11, B.11.23, B.11.31\n JDK and JRE v6.0.13 or subsequent\n\nMANUAL ACTIONS: Yes - Update\nFor Java v6.0.12 and earlier, update to Java v6.0.13 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\nHP-UX B.11.23\nHP-UX B.11.31\n===========\nJre60.JRE60-COM\nJre60.JRE60-IPF32\nJre60.JRE60-IPF32-HS\nJre60.JRE60-IPF64\nJre60.JRE60-IPF64-HS\nJre60.JRE60-PA20\nJre60.JRE60-PA20-HS\nJre60.JRE60-PA20W\nJre60.JRE60-PA20W-HS\nJdk60.JDK60-COM\nJdk60.JDK60-IPF32\nJdk60.JDK60-IPF64\nJdk60.JDK60-PA20\nJdk60.JDK60-PA20W\naction: install revision 1.6.0.13.00 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) 23 January 2012 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in the title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners", "sources": [ { "db": "NVD", "id": "CVE-2011-3545" }, { "db": "ZDI", "id": "ZDI-11-307" }, { "db": "BID", "id": "50220" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "107305" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "106269" }, { "db": "PACKETSTORM", "id": "123734" }, { "db": "PACKETSTORM", "id": "110287" }, { "db": "PACKETSTORM", "id": "111633" }, { "db": "PACKETSTORM", "id": "109072" }, { "db": "PACKETSTORM", "id": "112826" } ], "trust": 2.61 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-3545", "trust": 3.4 }, { "db": "BID", "id": "50220", "trust": 1.9 }, { "db": "ZDI", "id": "ZDI-11-307", "trust": 1.1 }, { "db": "SECUNIA", "id": "48308", "trust": 1.0 }, { "db": "SECUNIA", "id": "49198", "trust": 1.0 }, { "db": "SECUNIA", "id": "48692", "trust": 1.0 }, { "db": "SECTRACK", "id": "1026215", "trust": 1.0 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-1218", "trust": 0.7 }, { "db": "NSFOCUS", "id": "18002", "trust": 0.6 }, { "db": "NSFOCUS", "id": "19032", "trust": 0.6 }, { "db": "NSFOCUS", "id": "19819", "trust": 0.6 }, { "db": "NSFOCUS", "id": "19096", "trust": 0.6 }, { "db": "NSFOCUS", "id": "20539", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201110-486", "trust": 0.6 }, { "db": "HITACHI", "id": "HS11-024", "trust": 0.4 }, { "db": "ICS CERT", "id": "ICSA-17-213-02", "trust": 0.3 }, { "db": "SECUNIA", "id": "46694", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "106640", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "107305", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106747", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106269", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "123734", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "110287", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "111633", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "109072", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "112826", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-11-307" }, { "db": "BID", "id": "50220" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "107305" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "106269" }, { "db": "PACKETSTORM", "id": "123734" }, { "db": "PACKETSTORM", "id": "110287" }, { "db": "PACKETSTORM", "id": "111633" }, { "db": "PACKETSTORM", "id": "109072" }, { "db": "PACKETSTORM", "id": "112826" }, { "db": "CNNVD", "id": "CNNVD-201110-486" }, { "db": "NVD", "id": "CVE-2011-3545" } ] }, "id": "VAR-201110-0392", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 1.0 }, "last_update_date": "2024-09-19T21:37:24.193000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Oracle has issued an update to correct this vulnerability.", "trust": 0.7, "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" } ], "sources": [ { "db": "ZDI", "id": "ZDI-11-307" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2011-3545" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.8, "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/50220" }, { "trust": 1.5, "url": "http://www.ibm.com/developerworks/java/jdk/alerts/" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2013-1455.html" }, { "trust": 1.0, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html" }, { "trust": 1.0, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2" }, { "trust": 1.0, "url": "http://secunia.com/advisories/48308" }, { "trust": 1.0, "url": "http://secunia.com/advisories/48692" }, { "trust": 1.0, "url": "http://secunia.com/advisories/49198" }, { "trust": 1.0, "url": "http://www.redhat.com/support/errata/rhsa-2011-1384.html" }, { "trust": 1.0, "url": "http://www.redhat.com/support/errata/rhsa-2011-1478.html" }, { "trust": 1.0, "url": "http://www.redhat.com/support/errata/rhsa-2012-0006.html" }, { "trust": 1.0, "url": "http://www.securitytracker.com/id?1026215" }, { "trust": 1.0, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70848" }, { "trust": 1.0, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14180" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3545" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3549" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3552" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3556" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3548" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3547" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/18002" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/19096" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/19032" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/19819" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/20539" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3389" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3560" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3557" }, { "trust": 0.4, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs11-024/index.html" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3554" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-213-02" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100150852" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100154049" }, { "trust": 0.3, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03358587" }, { "trust": 0.3, "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?docid=emr_na-c03909126-1\u0026ac.admitted=1378134276525.876444892.492883150" }, { "trust": 0.3, "url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03266681\u0026ac.admitted=1333452464452.876444892.492883150" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21609004" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21609022" }, { "trust": 0.3, "url": "http://lists.vmware.com/pipermail/security-announce/2012/000162.html" }, { "trust": 0.3, "url": "http://www.vmware.com/security/advisories/vmsa-2012-0005.html" }, { "trust": 0.3, "url": "http://www.xerox.com/download/security/security-bulletin/1284333-14afb-4baadb5bccb00/cert_xrx12-002_v1.1.pdf" }, { "trust": 0.3, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-307/" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3547.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3548.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3556.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3549.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3545.html" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.3, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3552.html" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.3, "url": "http://bugzilla.redhat.com/):" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3521" }, { "trust": 0.3, "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.3, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.3, "url": "http://www.hp.com/go/java" }, { "trust": 0.3, "url": "https://www.hp.com/go/swa" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3554.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3546" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3389.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0862" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3553" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3551" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3516" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3561" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0867" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3560.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3550" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3557.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0865" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3544" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0871" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0802" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0814" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3563" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0499" }, { "trust": 0.2, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4474" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3565" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0814" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3563" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3570" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0864" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3553" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4451" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3516" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3557" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3550" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0865" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4471" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3550" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3557" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3562" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3567" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3556" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3550" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4447" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4476" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3549" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3554" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3563" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0862" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4466" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3568" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4467" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3567" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4465" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4472" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3556" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0863" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3568" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3548" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3558" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3566" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3549" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3562" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3556" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3573" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3552" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4462" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4469" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4448" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3521" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3546" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3569" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3559" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0871" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0815" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3561" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3554" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4475" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3569" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3559" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3573" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3549" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3565" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0872" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3552" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3554" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3552" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4470" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4422" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3553" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0867" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4468" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3551" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4463" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3544" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3570" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3545" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3547" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0869" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3566" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4452" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0802" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3551" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4422" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3553" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4473" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3558" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201111-02.xml" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0873" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0868" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4454" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3389" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3551" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3557" }, { "trust": 0.1, "url": "https://access.redhat.com/kb/docs/doc-11259" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2011-1478.html" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46694/#comments" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/products/corporate/vim/ovum_2011_request/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46694" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46694/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/disclosure_policy/" }, { "trust": 0.1, "url": "http://twitter.com/thezdi" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-307" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2468.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0873.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1540.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1476.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2463.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2446.html" }, { "trust": 0.1, "url": "https://access.redhat.com/site/articles/11258" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1500.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0428.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1480.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2419.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3563.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0401.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2444.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0425.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2454.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5089.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3551.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1722.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5079.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0497.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0500.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0419.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2422.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3561.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1721.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5081.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0409.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5071.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0863.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0423.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1532.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3216.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5069.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0499.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0867.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5084.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0443.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0507.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2451.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0809.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1487.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0351.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0814.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-4820.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0503.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0427.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0433.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1493.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1569.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5073.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-4823.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2435.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2456.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-3743.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#low" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2407.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3516.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0871.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2470.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5068.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1541.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0868.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-4822.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0873" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3159.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1557.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5075.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2471.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2429.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3521.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2443.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1713.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3213.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0441.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2457.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2412.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5072.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3553.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1718.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0432.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0446.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1481.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1537.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1717.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1531.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2432.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2447.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0802.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2452.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0865.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0450.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1491.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2464.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0862.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1571.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2383.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2418.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1473.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0547.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1563.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2465.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2472.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2466.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2424.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2453.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3544.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2473.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2433.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2437.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1716.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0506.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5083.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0501.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1533.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3342.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0869" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0426.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2450.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3143.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0440.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1725.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0502.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2417.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0445.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2394.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2455.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0498.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1682.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2442.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2459.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2430.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3546.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0442.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0551.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0424.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0869.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2448.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0863" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1719.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3550.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1486.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-5035.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2384.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0169.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0505.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2469.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0438.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0868" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1478.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0435.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0434.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2420.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2440.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://access.redhat.com/knowledge/articles/11258" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2012-0343.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0507" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0503" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0501" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0498" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0502" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0505" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0506" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3558" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4469" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4448" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0864" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4454" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0815" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4476" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4462" }, { "trust": 0.1, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4465" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4475" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4473" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4447" } ], "sources": [ { "db": "ZDI", "id": "ZDI-11-307" }, { "db": "BID", "id": "50220" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "107305" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "106269" }, { "db": "PACKETSTORM", "id": "123734" }, { "db": "PACKETSTORM", "id": "110287" }, { "db": "PACKETSTORM", "id": "111633" }, { "db": "PACKETSTORM", "id": "109072" }, { "db": "PACKETSTORM", "id": "112826" }, { "db": "CNNVD", "id": "CNNVD-201110-486" }, { "db": "NVD", "id": "CVE-2011-3545" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-11-307" }, { "db": "BID", "id": "50220" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "107305" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "106269" }, { "db": "PACKETSTORM", "id": "123734" }, { "db": "PACKETSTORM", "id": "110287" }, { "db": "PACKETSTORM", "id": "111633" }, { "db": "PACKETSTORM", "id": "109072" }, { "db": "PACKETSTORM", "id": "112826" }, { "db": "CNNVD", "id": "CNNVD-201110-486" }, { "db": "NVD", "id": "CVE-2011-3545" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-10-26T00:00:00", "db": "ZDI", "id": "ZDI-11-307" }, { "date": "2011-10-18T00:00:00", "db": "BID", "id": "50220" }, { "date": "2011-11-06T01:01:42", "db": "PACKETSTORM", "id": "106640" }, { "date": "2011-11-24T19:22:00", "db": "PACKETSTORM", "id": "107305" }, { "date": "2011-11-08T04:55:18", "db": "PACKETSTORM", "id": "106747" }, { "date": "2011-10-26T23:20:02", "db": "PACKETSTORM", "id": "106269" }, { "date": "2013-10-23T22:57:57", "db": "PACKETSTORM", "id": "123734" }, { "date": "2012-02-29T16:04:30", "db": "PACKETSTORM", "id": "110287" }, { "date": "2012-04-06T02:42:03", "db": "PACKETSTORM", "id": "111633" }, { "date": "2012-01-25T16:35:02", "db": "PACKETSTORM", "id": "109072" }, { "date": "2012-05-17T21:16:37", "db": "PACKETSTORM", "id": "112826" }, { "date": "1900-01-01T00:00:00", "db": "CNNVD", "id": "CNNVD-201110-486" }, { "date": "2011-10-19T21:55:01.143000", "db": "NVD", "id": "CVE-2011-3545" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-10-26T00:00:00", "db": "ZDI", "id": "ZDI-11-307" }, { "date": "2017-08-02T18:10:00", "db": "BID", "id": "50220" }, { "date": "2011-10-21T00:00:00", "db": "CNNVD", "id": "CNNVD-201110-486" }, { "date": "2018-01-06T02:29:19.537000", "db": "NVD", "id": "CVE-2011-3545" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "106269" }, { "db": "PACKETSTORM", "id": "111633" }, { "db": "PACKETSTORM", "id": "109072" }, { "db": "PACKETSTORM", "id": "112826" }, { "db": "CNNVD", "id": "CNNVD-201110-486" } ], "trust": 1.0 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Oracle Java MixerSequencer.nAddControllerEventCallback Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-11-307" } ], "trust": 0.7 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-201110-486" } ], "trust": 0.6 } }
var-201110-0389
Vulnerability from variot
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to HotSpot. The vulnerability can be exploited over multiple protocols. This issue affects the 'HotSpot' sub-component. This vulnerability affects the following supported versions: JDK and JRE 7, 6 Update 27. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Hitachi Cosminexus Products Java Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA46694
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46694/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46694
RELEASE DATE: 2011-11-08
DISCUSS ADVISORY: http://secunia.com/advisories/46694/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46694/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46694
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Hitachi has acknowledged multiple vulnerabilities in Hitachi Cosminexus products, which can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
The vulnerabilities are caused due to vulnerabilities in the bundled version of Cosminexus Developer's Kit for Java.
For more information: SA46512
Please see the vendor's advisory for a list of affected products.
SOLUTION: Update to a fixed version. Please see the vendor's advisory for details.
ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-024/index.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201406-32
http://security.gentoo.org/
Severity: High Title: IcedTea JDK: Multiple vulnerabilities Date: June 29, 2014 Bugs: #312297, #330205, #340819, #346799, #352035, #353418, #354231, #355127, #370787, #387637, #404095, #421031, #429522, #433389, #438750, #442478, #457206, #458410, #461714, #466822, #477210, #489570, #508270 ID: 201406-32
Synopsis
Multiple vulnerabilities have been found in the IcedTea JDK, the worst of which could lead to arbitrary code execution.
Background
IcedTea is a distribution of the Java OpenJDK source code built with free build tools.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/icedtea-bin < 6.1.13.3 >= 6.1.13.3
Description
Multiple vulnerabilities have been discovered in the IcedTea JDK. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, bypass intended security policies, or have other unspecified impact.
Workaround
There is no known workaround at this time.
Resolution
All IcedTea JDK users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-6.1.13.3"
References
[ 1 ] CVE-2009-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555 [ 2 ] CVE-2010-2548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2548 [ 3 ] CVE-2010-2783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2783 [ 4 ] CVE-2010-3541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541 [ 5 ] CVE-2010-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548 [ 6 ] CVE-2010-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549 [ 7 ] CVE-2010-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551 [ 8 ] CVE-2010-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553 [ 9 ] CVE-2010-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554 [ 10 ] CVE-2010-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557 [ 11 ] CVE-2010-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561 [ 12 ] CVE-2010-3562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562 [ 13 ] CVE-2010-3564 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3564 [ 14 ] CVE-2010-3565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565 [ 15 ] CVE-2010-3566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566 [ 16 ] CVE-2010-3567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567 [ 17 ] CVE-2010-3568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568 [ 18 ] CVE-2010-3569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569 [ 19 ] CVE-2010-3573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573 [ 20 ] CVE-2010-3574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574 [ 21 ] CVE-2010-3860 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3860 [ 22 ] CVE-2010-4351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4351 [ 23 ] CVE-2010-4448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448 [ 24 ] CVE-2010-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450 [ 25 ] CVE-2010-4465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465 [ 26 ] CVE-2010-4467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467 [ 27 ] CVE-2010-4469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469 [ 28 ] CVE-2010-4470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470 [ 29 ] CVE-2010-4471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471 [ 30 ] CVE-2010-4472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472 [ 31 ] CVE-2010-4476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476 [ 32 ] CVE-2011-0025 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0025 [ 33 ] CVE-2011-0706 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0706 [ 34 ] CVE-2011-0815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815 [ 35 ] CVE-2011-0822 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0822 [ 36 ] CVE-2011-0862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862 [ 37 ] CVE-2011-0864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864 [ 38 ] CVE-2011-0865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865 [ 39 ] CVE-2011-0868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868 [ 40 ] CVE-2011-0869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869 [ 41 ] CVE-2011-0870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0870 [ 42 ] CVE-2011-0871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871 [ 43 ] CVE-2011-0872 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872 [ 44 ] CVE-2011-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389 [ 45 ] CVE-2011-3521 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521 [ 46 ] CVE-2011-3544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544 [ 47 ] CVE-2011-3547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547 [ 48 ] CVE-2011-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548 [ 49 ] CVE-2011-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551 [ 50 ] CVE-2011-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552 [ 51 ] CVE-2011-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553 [ 52 ] CVE-2011-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554 [ 53 ] CVE-2011-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556 [ 54 ] CVE-2011-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557 [ 55 ] CVE-2011-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558 [ 56 ] CVE-2011-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560 [ 57 ] CVE-2011-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563 [ 58 ] CVE-2011-3571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3571 [ 59 ] CVE-2011-5035 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035 [ 60 ] CVE-2012-0497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497 [ 61 ] CVE-2012-0501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501 [ 62 ] CVE-2012-0502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502 [ 63 ] CVE-2012-0503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503 [ 64 ] CVE-2012-0505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505 [ 65 ] CVE-2012-0506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506 [ 66 ] CVE-2012-0547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547 [ 67 ] CVE-2012-1711 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711 [ 68 ] CVE-2012-1713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713 [ 69 ] CVE-2012-1716 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716 [ 70 ] CVE-2012-1717 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717 [ 71 ] CVE-2012-1718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718 [ 72 ] CVE-2012-1719 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719 [ 73 ] CVE-2012-1723 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723 [ 74 ] CVE-2012-1724 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724 [ 75 ] CVE-2012-1725 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725 [ 76 ] CVE-2012-1726 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726 [ 77 ] CVE-2012-3216 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216 [ 78 ] CVE-2012-3422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3422 [ 79 ] CVE-2012-3423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3423 [ 80 ] CVE-2012-4416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416 [ 81 ] CVE-2012-4540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4540 [ 82 ] CVE-2012-5068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068 [ 83 ] CVE-2012-5069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069 [ 84 ] CVE-2012-5070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070 [ 85 ] CVE-2012-5071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071 [ 86 ] CVE-2012-5072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072 [ 87 ] CVE-2012-5073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073 [ 88 ] CVE-2012-5074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074 [ 89 ] CVE-2012-5075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075 [ 90 ] CVE-2012-5076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076 [ 91 ] CVE-2012-5077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077 [ 92 ] CVE-2012-5081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081 [ 93 ] CVE-2012-5084 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084 [ 94 ] CVE-2012-5085 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085 [ 95 ] CVE-2012-5086 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086 [ 96 ] CVE-2012-5087 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087 [ 97 ] CVE-2012-5089 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089 [ 98 ] CVE-2012-5979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5979 [ 99 ] CVE-2013-0169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169 [ 100 ] CVE-2013-0401 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401 [ 101 ] CVE-2013-0424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0424 [ 102 ] CVE-2013-0425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0425 [ 103 ] CVE-2013-0426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0426 [ 104 ] CVE-2013-0427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0427 [ 105 ] CVE-2013-0428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0428 [ 106 ] CVE-2013-0429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0429 [ 107 ] CVE-2013-0431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0431 [ 108 ] CVE-2013-0432 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0432 [ 109 ] CVE-2013-0433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0433 [ 110 ] CVE-2013-0434 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0434 [ 111 ] CVE-2013-0435 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0435 [ 112 ] CVE-2013-0440 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0440 [ 113 ] CVE-2013-0441 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0441 [ 114 ] CVE-2013-0442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0442 [ 115 ] CVE-2013-0443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0443 [ 116 ] CVE-2013-0444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0444 [ 117 ] CVE-2013-0450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0450 [ 118 ] CVE-2013-0809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809 [ 119 ] CVE-2013-1475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1475 [ 120 ] CVE-2013-1476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1476 [ 121 ] CVE-2013-1478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1478 [ 122 ] CVE-2013-1480 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1480 [ 123 ] CVE-2013-1484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484 [ 124 ] CVE-2013-1485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485 [ 125 ] CVE-2013-1486 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486 [ 126 ] CVE-2013-1488 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488 [ 127 ] CVE-2013-1493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493 [ 128 ] CVE-2013-1500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500 [ 129 ] CVE-2013-1518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518 [ 130 ] CVE-2013-1537 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537 [ 131 ] CVE-2013-1557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557 [ 132 ] CVE-2013-1569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569 [ 133 ] CVE-2013-1571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571 [ 134 ] CVE-2013-2383 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383 [ 135 ] CVE-2013-2384 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384 [ 136 ] CVE-2013-2407 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407 [ 137 ] CVE-2013-2412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412 [ 138 ] CVE-2013-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415 [ 139 ] CVE-2013-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417 [ 140 ] CVE-2013-2419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419 [ 141 ] CVE-2013-2420 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420 [ 142 ] CVE-2013-2421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421 [ 143 ] CVE-2013-2422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422 [ 144 ] CVE-2013-2423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423 [ 145 ] CVE-2013-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424 [ 146 ] CVE-2013-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426 [ 147 ] CVE-2013-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429 [ 148 ] CVE-2013-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430 [ 149 ] CVE-2013-2431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431 [ 150 ] CVE-2013-2436 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436 [ 151 ] CVE-2013-2443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443 [ 152 ] CVE-2013-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444 [ 153 ] CVE-2013-2445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445 [ 154 ] CVE-2013-2446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446 [ 155 ] CVE-2013-2447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447 [ 156 ] CVE-2013-2448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448 [ 157 ] CVE-2013-2449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449 [ 158 ] CVE-2013-2450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450 [ 159 ] CVE-2013-2451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451 [ 160 ] CVE-2013-2452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452 [ 161 ] CVE-2013-2453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453 [ 162 ] CVE-2013-2454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454 [ 163 ] CVE-2013-2455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455 [ 164 ] CVE-2013-2456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456 [ 165 ] CVE-2013-2457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457 [ 166 ] CVE-2013-2458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458 [ 167 ] CVE-2013-2459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459 [ 168 ] CVE-2013-2460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460 [ 169 ] CVE-2013-2461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461 [ 170 ] CVE-2013-2463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463 [ 171 ] CVE-2013-2465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465 [ 172 ] CVE-2013-2469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469 [ 173 ] CVE-2013-2470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470 [ 174 ] CVE-2013-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471 [ 175 ] CVE-2013-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472 [ 176 ] CVE-2013-2473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473 [ 177 ] CVE-2013-3829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829 [ 178 ] CVE-2013-4002 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4002 [ 179 ] CVE-2013-5772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772 [ 180 ] CVE-2013-5774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774 [ 181 ] CVE-2013-5778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778 [ 182 ] CVE-2013-5780 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780 [ 183 ] CVE-2013-5782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782 [ 184 ] CVE-2013-5783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783 [ 185 ] CVE-2013-5784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784 [ 186 ] CVE-2013-5790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790 [ 187 ] CVE-2013-5797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797 [ 188 ] CVE-2013-5800 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800 [ 189 ] CVE-2013-5802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802 [ 190 ] CVE-2013-5803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803 [ 191 ] CVE-2013-5804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804 [ 192 ] CVE-2013-5805 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805 [ 193 ] CVE-2013-5806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806 [ 194 ] CVE-2013-5809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809 [ 195 ] CVE-2013-5814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814 [ 196 ] CVE-2013-5817 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817 [ 197 ] CVE-2013-5820 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820 [ 198 ] CVE-2013-5823 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823 [ 199 ] CVE-2013-5825 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825 [ 200 ] CVE-2013-5829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829 [ 201 ] CVE-2013-5830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830 [ 202 ] CVE-2013-5840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840 [ 203 ] CVE-2013-5842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842 [ 204 ] CVE-2013-5849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849 [ 205 ] CVE-2013-5850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850 [ 206 ] CVE-2013-5851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851 [ 207 ] CVE-2013-6629 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6629 [ 208 ] CVE-2013-6954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6954 [ 209 ] CVE-2014-0429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0429 [ 210 ] CVE-2014-0446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0446 [ 211 ] CVE-2014-0451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0451 [ 212 ] CVE-2014-0452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0452 [ 213 ] CVE-2014-0453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0453 [ 214 ] CVE-2014-0456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0456 [ 215 ] CVE-2014-0457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0457 [ 216 ] CVE-2014-0458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0458 [ 217 ] CVE-2014-0459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0459 [ 218 ] CVE-2014-0460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0460 [ 219 ] CVE-2014-0461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0461 [ 220 ] CVE-2014-1876 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1876 [ 221 ] CVE-2014-2397 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2397 [ 222 ] CVE-2014-2398 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2398 [ 223 ] CVE-2014-2403 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2403 [ 224 ] CVE-2014-2412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2412 [ 225 ] CVE-2014-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2414 [ 226 ] CVE-2014-2421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2421 [ 227 ] CVE-2014-2423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2423 [ 228 ] CVE-2014-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2427
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201406-32.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 .
IcedTea6 prior to 1.10.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D (CVE-2011-3551).
IcedTea6 prior to 1.10.4 allows remote attackers to affect integrity via unknown vectors related to Networking (CVE-2011-3552).
IcedTea6 prior to 1.10.4 allows remote authenticated users to affect confidentiality, related to JAXWS (CVE-2011-3553).
IcedTea6 prior to 1.10.4 allows remote attackers to affect confidentiality, integrity, and availability, related to RMI (CVE-2011-3556).
IcedTea6 prior to 1.10.4 allows remote attackers to affect confidentiality, integrity, and availability, related to RMI (CVE-2011-3557).
Deepak Bhole discovered a flaw in the Same Origin Policy (SOP) implementation in the IcedTea project Web browser plugin. A malicious applet could use this flaw to bypass SOP protection and open connections to any sub-domain of the second-level domain of the applet's origin, as well as any sub-domain of the domain that is the suffix of the origin second-level domain. For example, IcedTea-Web plugin allowed applet from some.host.example.com to connect to other.host.example.com, www.example.com, and example.com, as well as www.ample.com or ample.com. (CVE-2011-3377). The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFOvSWxmqjQ0CJFipgRAnk1AKDUddZYCqwkfhoUpLxEL0BT3mDf0ACfbuTI aaF2JGTyfceBABs92un/yVA= =yPsD -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6
Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 are now available and address the following:
Java Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, Mac OS X v10.7.2, Mac OS X Server v10.7.2 Impact: Multiple vulnerabilities in Java 1.6.0_26 Description: Multiple vulnerabilities exist in Java 1.6.0_26, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_29. Further information is available via the Java website at http://java.sun.com/javase/6/webnotes/ReleaseNotes.html CVE-ID CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3545 CVE-2011-3546 CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 CVE-2011-3560 CVE-2011-3561
Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
For Mac OS X v10.6 systems The download file is named: JavaForMacOSX10.6.dmg Its SHA-1 digest is: be0ac75b8bac967f1d39a94ebf9482a61fb7d70b
For Mac OS X v10.7 systems The download file is named: JavaForMacOSX10.7.dmg Its SHA-1 digest is: 7768e6aeb5adaa638c74d4c04150517ed99fed20
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iQEcBAEBAgAGBQJOuZNKAAoJEGnF2JsdZQeece8H/1I98YQ1LF4iDD442zB+WjZP 2Vxd3euXYwySD6qDCYNLJ0hUKu90c/4nr5d5rRH3xYdBzAHuZG39m069lpN1UZIW t5ube+j9zjiejnXlPbAgq+vIAg22nu0EdxhOOZZeQOoEYqyoKhXNCt3fR+tzo3o4 mN/LWMO1NwrM0sGDPuUGs2TWdPZbC4QJJz4Z4S+FsTlujYh9MRd3dyxLBIg7BKCL wgnFdpFW8bPmVdiTj91pC0Gb3XtolQxexXGHsdI15KeFMbQ06nKV/AyvxMF8O5jS D089GEHE52NAQCZ0YJ6TJsisrGqTZZ77js55cPU259FogxEKKBuwfdFbn4qVeD8= =4KBF -----END PGP SIGNATURE----- .
Release Date: 2012-01-23 Last Updated: 2012-01-23
Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.12 or earlier
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-3516 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2011-3521 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3544 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3545 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3546 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8 CVE-2011-3547 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3548 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3549 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3550 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2011-3551 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2011-3552 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2011-3553 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2011-3554 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3556 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-3557 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2011-3558 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3560 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2011-3561 (AV:A/AC:H/Au:N/C:P/I:N/A:N) 1.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following Java version upgrades to resolve these vulnerabilities. This bulletin will be revised as other upgrades for additional supported Java versions become available. The upgrades are available from the following location
http://www.hp.com/go/java
HP-UX B.11.11, B.11.23, B.11.31 JDK and JRE v6.0.13 or subsequent
MANUAL ACTIONS: Yes - Update For Java v6.0.12 and earlier, update to Java v6.0.13 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 =========== Jre60.JRE60-COM Jre60.JRE60-IPF32 Jre60.JRE60-IPF32-HS Jre60.JRE60-IPF64 Jre60.JRE60-IPF64-HS Jre60.JRE60-PA20 Jre60.JRE60-PA20-HS Jre60.JRE60-PA20W Jre60.JRE60-PA20W-HS Jdk60.JDK60-COM Jdk60.JDK60-IPF32 Jdk60.JDK60-IPF64 Jdk60.JDK60-PA20 Jdk60.JDK60-PA20W action: install revision 1.6.0.13.00 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) 23 January 2012 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: java-1.6.0-openjdk security update Advisory ID: RHSA-2011:1380-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1380.html Issue date: 2011-10-18 CVE Names: CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3547 CVE-2011-3548 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 CVE-2011-3560 =====================================================================
- Summary:
Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
- Description:
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.
A flaw was found in the Java RMI (Remote Method Invocation) registry implementation. A remote RMI client could use this flaw to execute arbitrary code on the RMI server running the registry. (CVE-2011-3556)
A flaw was found in the Java RMI registry implementation. A remote RMI client could use this flaw to execute code on the RMI server with unrestricted privileges. (CVE-2011-3557)
A flaw was found in the IIOP (Internet Inter-Orb Protocol) deserialization code. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions by deserializing specially-crafted input. (CVE-2011-3521)
It was found that the Java ScriptingEngine did not properly restrict the privileges of sandboxed applications. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3544)
A flaw was found in the AWTKeyStroke implementation. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3548)
An integer overflow flaw, leading to a heap-based buffer overflow, was found in the Java2D code used to perform transformations of graphic shapes and images. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3551)
An insufficient error checking flaw was found in the unpacker for JAR files in pack200 format. A specially-crafted JAR file could use this flaw to crash the Java Virtual Machine (JVM) or, possibly, execute arbitrary code with JVM privileges. (CVE-2011-3554)
It was found that HttpsURLConnection did not perform SecurityManager checks in the setSSLSocketFactory method. An untrusted Java application or applet running in a sandbox could use this flaw to bypass connection restrictions defined in the policy. (CVE-2011-3560)
A flaw was found in the way the SSL 3 and TLS 1.0 protocols used block ciphers in cipher-block chaining (CBC) mode. An attacker able to perform a chosen plain text attack against a connection mixing trusted and untrusted data could use this flaw to recover portions of the trusted data sent over the connection. (CVE-2011-3389)
Note: This update mitigates the CVE-2011-3389 issue by splitting the first application data record byte to a separate SSL/TLS protocol record. This mitigation may cause compatibility issues with some SSL/TLS implementations and can be disabled using the jsse.enableCBCProtection boolean property. This can be done on the command line by appending the flag "-Djsse.enableCBCProtection=false" to the java command.
An information leak flaw was found in the InputStream.skip implementation. An untrusted Java application or applet could possibly use this flaw to obtain bytes skipped by other threads. (CVE-2011-3547)
A flaw was found in the Java HotSpot virtual machine. An untrusted Java application or applet could use this flaw to disclose portions of the VM memory, or cause it to crash. (CVE-2011-3558)
The Java API for XML Web Services (JAX-WS) implementation in OpenJDK was configured to include the stack trace in error messages sent to clients. A remote client could possibly use this flaw to obtain sensitive information. (CVE-2011-3553)
It was found that Java applications running with SecurityManager restrictions were allowed to use too many UDP sockets by default. If multiple instances of a malicious application were started at the same time, they could exhaust all available UDP sockets on the system. (CVE-2011-3552)
This erratum also upgrades the OpenJDK package to IcedTea6 1.9.10. Refer to the NEWS file, linked to in the References, for further information.
All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
- Bugs fixed (http://bugzilla.redhat.com/):
737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) 745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936) 745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600) 745391 - CVE-2011-3551 OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640) 745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417) 745399 - CVE-2011-3544 OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823) 745442 - CVE-2011-3521 OpenJDK: IIOP deserialization code execution (Deserialization, 7055902) 745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857) 745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466) 745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012) 745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773) 745476 - CVE-2011-3553 OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794) 745492 - CVE-2011-3558 OpenJDK: Hotspot unspecified issue (Hotspot, 7070134)
- Package List:
Red Hat Enterprise Linux Desktop (v. 5 client):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.src.rpm
i386: java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm
x86_64: java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.src.rpm
i386: java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm
x86_64: java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm
Red Hat Enterprise Linux Desktop (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm
i386: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm
x86_64: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm
i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm
x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm
x86_64: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm
x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm
i386: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm
x86_64: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm
i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm
x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm
i386: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm
x86_64: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm
i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm
x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-3389.html https://www.redhat.com/security/data/cve/CVE-2011-3521.html https://www.redhat.com/security/data/cve/CVE-2011-3544.html https://www.redhat.com/security/data/cve/CVE-2011-3547.html https://www.redhat.com/security/data/cve/CVE-2011-3548.html https://www.redhat.com/security/data/cve/CVE-2011-3551.html https://www.redhat.com/security/data/cve/CVE-2011-3552.html https://www.redhat.com/security/data/cve/CVE-2011-3553.html https://www.redhat.com/security/data/cve/CVE-2011-3554.html https://www.redhat.com/security/data/cve/CVE-2011-3556.html https://www.redhat.com/security/data/cve/CVE-2011-3557.html https://www.redhat.com/security/data/cve/CVE-2011-3558.html https://www.redhat.com/security/data/cve/CVE-2011-3560.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html http://icedtea.classpath.org/hg/release/icedtea6-1.9/file/328afd896e3e/NEWS
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFOngvzXlSAg2UNWIIRArb8AKCaS923HYBco1E2eOOedT1aefjmyACgherU 1E1DMZpv3ExBmKhD4Emi2no= =sMXo -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201110-0389", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jdk", "scope": "eq", "trust": 1.6, "vendor": "sun", "version": "1.6.0" }, { "model": "jre", "scope": "eq", "trust": 1.6, "vendor": "sun", "version": "1.6.0" }, { "model": "esx", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "3.5" }, { "model": "esx", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "4.0" }, { "model": "esx", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "4.1" }, { "model": "jre", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.7.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.7.0" }, { "model": "jdk", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jre 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 28", "scope": "ne", "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 27", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 27", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 12", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.7" }, { "model": "jre 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 01", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 28", "scope": "ne", "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 26", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 26", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 24", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 11", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.7" }, { "model": "jdk 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 24", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "vcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "4.0 (windows)" }, { "model": "vcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "4.1 (windows)" }, { "model": "vcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "5.0 (windows)" }, { "model": "virtualcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "2.5 (windows)" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6.8" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.7.2" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6.8" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.7.2" }, { "model": "jdk", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "6 update 27" }, { "model": "jdk", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "7" }, { "model": "jre", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "6 update 27" }, { "model": "jre", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "7" }, { "model": "hp systems insight manager", "scope": "lt", "trust": 0.8, "vendor": "hewlett packard", "version": "7.0" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 extras" }, { "model": "enterprise linux hpc node supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux server supplementary eus", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6.1.z" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "enterprise version 6" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard version 6" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "cosminexus client", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "cosminexus developer\u0027s kit for java", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base" }, { "model": "cosminexus server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard edition version 4" }, { "model": "cosminexus server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "web edition version 4" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard edition version 4" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "web edition version 4" }, { "model": "hirdb for java /xml", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "developer\u0027s kit for java", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "processing kit for xml", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "enterprise" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "express" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "smart edition" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard-r" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "for plug-in" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "01" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional for plug-in" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard" }, { "model": "ucosminexus operator", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus portal framework", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "entry set" }, { "model": "ucosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "architect" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "platform" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "platform - messaging" }, { "model": "jdk 01-b06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 2", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 01", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 20", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "cosminexus server web edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8" }, { "model": "trio tview software", "scope": "eq", "trust": 0.3, "vendor": "schneider electric", "version": "3.27.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.1" }, { "model": "processing kit for xml", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.16.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.19.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "enterprise linux as extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.10" }, { "model": "jdk 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6" }, { "model": "cosminexus studio web edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "nonstop server j06.08.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.15.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.06" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "trio tview software", "scope": "ne", "trust": 0.3, "vendor": "schneider electric", "version": "3.29.0" }, { "model": "nonstop server j06.06.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "15.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1" }, { "model": "nonstop server j06.14", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5" }, { "model": "ucosminexus application server express", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-70" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.8" }, { "model": "nonstop server j06.09.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.26", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.06" }, { "model": "systems insight manager sp2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "systems insight manager sp1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "nonstop server j06.04.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system platform sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.2" }, { "model": "nonstop server j06.13", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "nonstop server j06.09.04", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.2" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0.0.52" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "cosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "nonstop server h06.18.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.15.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.22.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.014" }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server j06.12.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ir", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server j06.05.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.011" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.02" }, { "model": "nonstop server j06.08.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus server standard edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server j06.09.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "systems insight manager sp5", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.01" }, { "model": "nonstop server j06.16", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "systems insight manager sp1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.1" }, { "model": "ucosminexus client for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server j6.0.14.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "freeflow print server 73.c0.41", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.011" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.2" }, { "model": "enterprise linux desktop supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "010" }, { "model": "enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "ucosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "ucosminexus service platform messaging", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0" }, { "model": "nonstop server j06.07.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2011" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "nonstop server j06.09.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "nonstop server j06.10.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "nonstop server j06.06.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.96" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.012" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "nonstop server h06.24.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.3" }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.0" }, { "model": "nonstop server h06.25", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "messaging storage server sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.012" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.04" }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.0.2" }, { "model": "ucosminexus application server light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.15.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "freeflow print server 73.b3.61", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.04" }, { "model": "virtualcenter update 6b", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "2.5" }, { "model": "openjdk", "scope": "eq", "trust": 0.3, "vendor": "openjdk", "version": "6" }, { "model": "security appscan standard", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "enterprise linux ws extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "nonstop server j06.07.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "enterprise linux es extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "message networking sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "openjdk", "scope": "eq", "trust": 0.3, "vendor": "openjdk", "version": "1.6" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.010" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.013" }, { "model": "nonstop server j06.08.04", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "nonstop server j06.08.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura system manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "messaging storage server sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "enterprise server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "systems insight manager update", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.31" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.015" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.010" }, { "model": "nonstop server h06.15.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.24", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.013" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.018" }, { "model": "cosminexus primary server base", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.019" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "nonstop server h06.16.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus developer professional for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.18.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.20.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "enterprise linux hpc node optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.6" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.015" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "systems insight manager sp2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.2" }, { "model": "systems insight manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "nonstop server j06.13.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "nonstop server h06.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.014" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.019" }, { "model": "enterprise server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "nonstop server h06.19.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "openpages grc platform", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.2.1" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "nonstop server h06.22.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "enterprise linux workstation optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "systems insight manager sp3", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.020" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "cosminexus studio standard edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "nonstop server h06.19.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.03" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.7" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.05" }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.1" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.020" }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "interactive response", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.1" }, { "model": "nonstop server j06.11.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.15", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.03" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2011" }, { "model": "messaging application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "update manager update", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "5.01" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.21.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "virtualcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "systems insight manager sp2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "nonstop server h06.20.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-80" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "cosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "messaging storage server sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "nonstop server j06.05.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.07.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cms server aux", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "15.0" }, { "model": "nonstop server h06.21.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server h06.19.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "hirdb for java", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.2" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.10" }, { "model": "ucosminexus application server smart edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.7" }, { "model": "nonstop server j06.11.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "nonstop server h06.26.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.021" }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "enterprise linux server optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "desktop extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "nonstop server j06.04.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "systems insight manager sp6", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "nonstop server j06.04.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "nonstop server j06.06.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus primary server base", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.016" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "nonstop server h06.21.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.021" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.07" }, { "model": "nonstop server j06.06.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.17.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.016" }, { "model": "systems insight manager sp1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.018" }, { "model": "update manager", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura system platform sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "jdk 1.6.0 01-b06", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "cosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.07" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "nonstop server h06.20.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "nonstop server j06.10.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "enterprise linux desktop optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server h06.17.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.017" }, { "model": "enterprise linux hpc node supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "ucosminexus application server standard-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "nonstop server h06.16.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.4" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.2" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "nonstop server j06.05.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.017" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "nonstop server h06.20.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus developer no version", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "nonstop server j06.09.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0.1" }, { "model": "nonstop server h06.17.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.08.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura conferencing standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server j06.10.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "nonstop server h06.25.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.18.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus application server no version", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.27", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.05" }, { "model": "nonstop server h06.17.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.14.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.2" } ], "sources": [ { "db": "BID", "id": "50242" }, { "db": "JVNDB", "id": "JVNDB-2011-002592" }, { "db": "CNNVD", "id": "CNNVD-201110-476" }, { "db": "NVD", "id": "CVE-2011-3558" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:vmware:esx", "vulnerable": true }, { "cpe22Uri": "cpe:/a:vmware:vcenter", "vulnerable": true }, { "cpe22Uri": "cpe:/a:vmware:virtualcenter", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:sun:jdk", "vulnerable": true }, { "cpe22Uri": "cpe:/a:sun:jre", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hp:systems_insight_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:enterprise_linux", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:enterprise_linux_hpc_node_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_server_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_server_supplementary_eus", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_workstation_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_desktop_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_client", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developers_kit_for_java", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_primary_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:hirdb_for_java_xml", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:hitachi_developers_kit_for_java", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:processing_kit_for_xml", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_client", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_operator", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_portal_framework", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_primary_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_service", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-002592" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Oracle", "sources": [ { "db": "BID", "id": "50242" }, { "db": "CNNVD", "id": "CNNVD-201110-476" } ], "trust": 0.9 }, "cve": "CVE-2011-3558", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2011-3558", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2011-3558", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2011-3558", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201110-476", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2011-3558", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3558" }, { "db": "JVNDB", "id": "JVNDB-2011-002592" }, { "db": "CNNVD", "id": "CNNVD-201110-476" }, { "db": "NVD", "id": "CVE-2011-3558" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to HotSpot. \nThe vulnerability can be exploited over multiple protocols. This issue affects the \u0027HotSpot\u0027 sub-component. \nThis vulnerability affects the following supported versions:\nJDK and JRE 7, 6 Update 27. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nHitachi Cosminexus Products Java Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA46694\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46694/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46694\n\nRELEASE DATE:\n2011-11-08\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46694/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46694/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46694\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nHitachi has acknowledged multiple vulnerabilities in Hitachi\nCosminexus products, which can be exploited by malicious users to\ndisclose certain information and by malicious people to disclose\npotentially sensitive information, hijack a user\u0027s session, conduct\nDNS cache poisoning attacks, manipulate certain data, cause a DoS\n(Denial of Service), and compromise a vulnerable system. \n\nThe vulnerabilities are caused due to vulnerabilities in the bundled\nversion of Cosminexus Developer\u0027s Kit for Java. \n\nFor more information:\nSA46512\n\nPlease see the vendor\u0027s advisory for a list of affected products. \n\nSOLUTION:\nUpdate to a fixed version. Please see the vendor\u0027s advisory for\ndetails. \n\nORIGINAL ADVISORY:\nhttp://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-024/index.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201406-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: IcedTea JDK: Multiple vulnerabilities\n Date: June 29, 2014\n Bugs: #312297, #330205, #340819, #346799, #352035, #353418,\n #354231, #355127, #370787, #387637, #404095, #421031,\n #429522, #433389, #438750, #442478, #457206, #458410,\n #461714, #466822, #477210, #489570, #508270\n ID: 201406-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in the IcedTea JDK, the worst\nof which could lead to arbitrary code execution. \n\nBackground\n==========\n\nIcedTea is a distribution of the Java OpenJDK source code built with\nfree build tools. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-java/icedtea-bin \u003c 6.1.13.3 \u003e= 6.1.13.3 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in the IcedTea JDK. \nPlease review the CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker could possibly execute arbitrary code with the\nprivileges of the process, cause a Denial of Service condition, obtain\nsensitive information, bypass intended security policies, or have other\nunspecified impact. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll IcedTea JDK users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-java/icedtea-bin-6.1.13.3\"\n\nReferences\n==========\n\n[ 1 ] CVE-2009-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555\n[ 2 ] CVE-2010-2548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2548\n[ 3 ] CVE-2010-2783\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2783\n[ 4 ] CVE-2010-3541\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541\n[ 5 ] CVE-2010-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548\n[ 6 ] CVE-2010-3549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549\n[ 7 ] CVE-2010-3551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551\n[ 8 ] CVE-2010-3553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553\n[ 9 ] CVE-2010-3554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554\n[ 10 ] CVE-2010-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557\n[ 11 ] CVE-2010-3561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561\n[ 12 ] CVE-2010-3562\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562\n[ 13 ] CVE-2010-3564\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3564\n[ 14 ] CVE-2010-3565\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565\n[ 15 ] CVE-2010-3566\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566\n[ 16 ] CVE-2010-3567\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567\n[ 17 ] CVE-2010-3568\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568\n[ 18 ] CVE-2010-3569\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569\n[ 19 ] CVE-2010-3573\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573\n[ 20 ] CVE-2010-3574\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574\n[ 21 ] CVE-2010-3860\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3860\n[ 22 ] CVE-2010-4351\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4351\n[ 23 ] CVE-2010-4448\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448\n[ 24 ] CVE-2010-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450\n[ 25 ] CVE-2010-4465\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465\n[ 26 ] CVE-2010-4467\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467\n[ 27 ] CVE-2010-4469\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469\n[ 28 ] CVE-2010-4470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470\n[ 29 ] CVE-2010-4471\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471\n[ 30 ] CVE-2010-4472\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472\n[ 31 ] CVE-2010-4476\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476\n[ 32 ] CVE-2011-0025\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0025\n[ 33 ] CVE-2011-0706\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0706\n[ 34 ] CVE-2011-0815\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815\n[ 35 ] CVE-2011-0822\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0822\n[ 36 ] CVE-2011-0862\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862\n[ 37 ] CVE-2011-0864\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864\n[ 38 ] CVE-2011-0865\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865\n[ 39 ] CVE-2011-0868\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868\n[ 40 ] CVE-2011-0869\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869\n[ 41 ] CVE-2011-0870\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0870\n[ 42 ] CVE-2011-0871\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871\n[ 43 ] CVE-2011-0872\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872\n[ 44 ] CVE-2011-3389\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389\n[ 45 ] CVE-2011-3521\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521\n[ 46 ] CVE-2011-3544\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544\n[ 47 ] CVE-2011-3547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547\n[ 48 ] CVE-2011-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548\n[ 49 ] CVE-2011-3551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551\n[ 50 ] CVE-2011-3552\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552\n[ 51 ] CVE-2011-3553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553\n[ 52 ] CVE-2011-3554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554\n[ 53 ] CVE-2011-3556\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556\n[ 54 ] CVE-2011-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557\n[ 55 ] CVE-2011-3558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558\n[ 56 ] CVE-2011-3560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560\n[ 57 ] CVE-2011-3563\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563\n[ 58 ] CVE-2011-3571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3571\n[ 59 ] CVE-2011-5035\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035\n[ 60 ] CVE-2012-0497\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497\n[ 61 ] CVE-2012-0501\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501\n[ 62 ] CVE-2012-0502\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502\n[ 63 ] CVE-2012-0503\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503\n[ 64 ] CVE-2012-0505\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505\n[ 65 ] CVE-2012-0506\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506\n[ 66 ] CVE-2012-0547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547\n[ 67 ] CVE-2012-1711\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711\n[ 68 ] CVE-2012-1713\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713\n[ 69 ] CVE-2012-1716\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716\n[ 70 ] CVE-2012-1717\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717\n[ 71 ] CVE-2012-1718\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718\n[ 72 ] CVE-2012-1719\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719\n[ 73 ] CVE-2012-1723\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723\n[ 74 ] CVE-2012-1724\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724\n[ 75 ] CVE-2012-1725\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725\n[ 76 ] CVE-2012-1726\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726\n[ 77 ] CVE-2012-3216\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216\n[ 78 ] CVE-2012-3422\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3422\n[ 79 ] CVE-2012-3423\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3423\n[ 80 ] CVE-2012-4416\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416\n[ 81 ] CVE-2012-4540\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4540\n[ 82 ] CVE-2012-5068\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068\n[ 83 ] CVE-2012-5069\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069\n[ 84 ] CVE-2012-5070\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070\n[ 85 ] CVE-2012-5071\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071\n[ 86 ] CVE-2012-5072\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072\n[ 87 ] CVE-2012-5073\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073\n[ 88 ] CVE-2012-5074\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074\n[ 89 ] CVE-2012-5075\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075\n[ 90 ] CVE-2012-5076\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076\n[ 91 ] CVE-2012-5077\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077\n[ 92 ] CVE-2012-5081\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081\n[ 93 ] CVE-2012-5084\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084\n[ 94 ] CVE-2012-5085\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085\n[ 95 ] CVE-2012-5086\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086\n[ 96 ] CVE-2012-5087\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087\n[ 97 ] CVE-2012-5089\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089\n[ 98 ] CVE-2012-5979\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5979\n[ 99 ] CVE-2013-0169\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169\n[ 100 ] CVE-2013-0401\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401\n[ 101 ] CVE-2013-0424\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0424\n[ 102 ] CVE-2013-0425\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0425\n[ 103 ] CVE-2013-0426\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0426\n[ 104 ] CVE-2013-0427\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0427\n[ 105 ] CVE-2013-0428\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0428\n[ 106 ] CVE-2013-0429\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0429\n[ 107 ] CVE-2013-0431\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0431\n[ 108 ] CVE-2013-0432\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0432\n[ 109 ] CVE-2013-0433\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0433\n[ 110 ] CVE-2013-0434\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0434\n[ 111 ] CVE-2013-0435\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0435\n[ 112 ] CVE-2013-0440\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0440\n[ 113 ] CVE-2013-0441\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0441\n[ 114 ] CVE-2013-0442\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0442\n[ 115 ] CVE-2013-0443\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0443\n[ 116 ] CVE-2013-0444\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0444\n[ 117 ] CVE-2013-0450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0450\n[ 118 ] CVE-2013-0809\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809\n[ 119 ] CVE-2013-1475\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1475\n[ 120 ] CVE-2013-1476\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1476\n[ 121 ] CVE-2013-1478\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1478\n[ 122 ] CVE-2013-1480\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1480\n[ 123 ] CVE-2013-1484\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484\n[ 124 ] CVE-2013-1485\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485\n[ 125 ] CVE-2013-1486\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486\n[ 126 ] CVE-2013-1488\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488\n[ 127 ] CVE-2013-1493\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493\n[ 128 ] CVE-2013-1500\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500\n[ 129 ] CVE-2013-1518\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518\n[ 130 ] CVE-2013-1537\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537\n[ 131 ] CVE-2013-1557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557\n[ 132 ] CVE-2013-1569\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569\n[ 133 ] CVE-2013-1571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571\n[ 134 ] CVE-2013-2383\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383\n[ 135 ] CVE-2013-2384\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384\n[ 136 ] CVE-2013-2407\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407\n[ 137 ] CVE-2013-2412\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412\n[ 138 ] CVE-2013-2415\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415\n[ 139 ] CVE-2013-2417\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417\n[ 140 ] CVE-2013-2419\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419\n[ 141 ] CVE-2013-2420\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420\n[ 142 ] CVE-2013-2421\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421\n[ 143 ] CVE-2013-2422\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422\n[ 144 ] CVE-2013-2423\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423\n[ 145 ] CVE-2013-2424\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424\n[ 146 ] CVE-2013-2426\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426\n[ 147 ] CVE-2013-2429\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429\n[ 148 ] CVE-2013-2430\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430\n[ 149 ] CVE-2013-2431\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431\n[ 150 ] CVE-2013-2436\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436\n[ 151 ] CVE-2013-2443\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443\n[ 152 ] CVE-2013-2444\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444\n[ 153 ] CVE-2013-2445\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445\n[ 154 ] CVE-2013-2446\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446\n[ 155 ] CVE-2013-2447\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447\n[ 156 ] CVE-2013-2448\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448\n[ 157 ] CVE-2013-2449\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449\n[ 158 ] CVE-2013-2450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450\n[ 159 ] CVE-2013-2451\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451\n[ 160 ] CVE-2013-2452\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452\n[ 161 ] CVE-2013-2453\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453\n[ 162 ] CVE-2013-2454\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454\n[ 163 ] CVE-2013-2455\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455\n[ 164 ] CVE-2013-2456\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456\n[ 165 ] CVE-2013-2457\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457\n[ 166 ] CVE-2013-2458\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458\n[ 167 ] CVE-2013-2459\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459\n[ 168 ] CVE-2013-2460\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460\n[ 169 ] CVE-2013-2461\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461\n[ 170 ] CVE-2013-2463\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463\n[ 171 ] CVE-2013-2465\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465\n[ 172 ] CVE-2013-2469\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469\n[ 173 ] CVE-2013-2470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470\n[ 174 ] CVE-2013-2471\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471\n[ 175 ] CVE-2013-2472\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472\n[ 176 ] CVE-2013-2473\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473\n[ 177 ] CVE-2013-3829\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829\n[ 178 ] CVE-2013-4002\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4002\n[ 179 ] CVE-2013-5772\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772\n[ 180 ] CVE-2013-5774\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774\n[ 181 ] CVE-2013-5778\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778\n[ 182 ] CVE-2013-5780\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780\n[ 183 ] CVE-2013-5782\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782\n[ 184 ] CVE-2013-5783\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783\n[ 185 ] CVE-2013-5784\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784\n[ 186 ] CVE-2013-5790\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790\n[ 187 ] CVE-2013-5797\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797\n[ 188 ] CVE-2013-5800\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800\n[ 189 ] CVE-2013-5802\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802\n[ 190 ] CVE-2013-5803\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803\n[ 191 ] CVE-2013-5804\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804\n[ 192 ] CVE-2013-5805\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805\n[ 193 ] CVE-2013-5806\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806\n[ 194 ] CVE-2013-5809\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809\n[ 195 ] CVE-2013-5814\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814\n[ 196 ] CVE-2013-5817\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817\n[ 197 ] CVE-2013-5820\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820\n[ 198 ] CVE-2013-5823\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823\n[ 199 ] CVE-2013-5825\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825\n[ 200 ] CVE-2013-5829\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829\n[ 201 ] CVE-2013-5830\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830\n[ 202 ] CVE-2013-5840\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840\n[ 203 ] CVE-2013-5842\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842\n[ 204 ] CVE-2013-5849\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849\n[ 205 ] CVE-2013-5850\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850\n[ 206 ] CVE-2013-5851\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851\n[ 207 ] CVE-2013-6629\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6629\n[ 208 ] CVE-2013-6954\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6954\n[ 209 ] CVE-2014-0429\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0429\n[ 210 ] CVE-2014-0446\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0446\n[ 211 ] CVE-2014-0451\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0451\n[ 212 ] CVE-2014-0452\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0452\n[ 213 ] CVE-2014-0453\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0453\n[ 214 ] CVE-2014-0456\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0456\n[ 215 ] CVE-2014-0457\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0457\n[ 216 ] CVE-2014-0458\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0458\n[ 217 ] CVE-2014-0459\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0459\n[ 218 ] CVE-2014-0460\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0460\n[ 219 ] CVE-2014-0461\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0461\n[ 220 ] CVE-2014-1876\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1876\n[ 221 ] CVE-2014-2397\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2397\n[ 222 ] CVE-2014-2398\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2398\n[ 223 ] CVE-2014-2403\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2403\n[ 224 ] CVE-2014-2412\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2412\n[ 225 ] CVE-2014-2414\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2414\n[ 226 ] CVE-2014-2421\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2421\n[ 227 ] CVE-2014-2423\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2423\n[ 228 ] CVE-2014-2427\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2427\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201406-32.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n \n IcedTea6 prior to 1.10.4 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown vectors\n related to 2D (CVE-2011-3551). \n \n IcedTea6 prior to 1.10.4 allows remote attackers to affect integrity\n via unknown vectors related to Networking (CVE-2011-3552). \n \n IcedTea6 prior to 1.10.4 allows remote authenticated users to affect\n confidentiality, related to JAXWS (CVE-2011-3553). \n \n IcedTea6 prior to 1.10.4 allows remote attackers to affect\n confidentiality, integrity, and availability, related to RMI\n (CVE-2011-3556). \n \n IcedTea6 prior to 1.10.4 allows remote attackers to affect\n confidentiality, integrity, and availability, related to RMI\n (CVE-2011-3557). \n \n Deepak Bhole discovered a flaw in the Same Origin Policy (SOP)\n implementation in the IcedTea project Web browser plugin. A\n malicious applet could use this flaw to bypass SOP protection and\n open connections to any sub-domain of the second-level domain of\n the applet\u0026#039;s origin, as well as any sub-domain of the domain that\n is the suffix of the origin second-level domain. For example,\n IcedTea-Web plugin allowed applet from some.host.example.com to\n connect to other.host.example.com, www.example.com, and example.com,\n as well as www.ample.com or ample.com. (CVE-2011-3377). The verification\n of md5 checksums and GPG signatures is performed automatically for you. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niD8DBQFOvSWxmqjQ0CJFipgRAnk1AKDUddZYCqwkfhoUpLxEL0BT3mDf0ACfbuTI\naaF2JGTyfceBABs92un/yVA=\n=yPsD\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. Further\ninformation about these flaws can be found on the Oracle Java SE Critical\nPatch page, listed in the References section. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac\nOS X 10.6 Update 6\n\nJava for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6\nare now available and address the following:\n\nJava\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nMac OS X v10.7.2, Mac OS X Server v10.7.2\nImpact: Multiple vulnerabilities in Java 1.6.0_26\nDescription: Multiple vulnerabilities exist in Java 1.6.0_26, the\nmost serious of which may allow an untrusted Java applet to execute\narbitrary code outside the Java sandbox. Visiting a web page\ncontaining a maliciously crafted untrusted Java applet may lead to\narbitrary code execution with the privileges of the current user. \nThese issues are addressed by updating to Java version 1.6.0_29. \nFurther information is available via the Java website at\nhttp://java.sun.com/javase/6/webnotes/ReleaseNotes.html\nCVE-ID\nCVE-2011-3389\nCVE-2011-3521\nCVE-2011-3544\nCVE-2011-3545\nCVE-2011-3546\nCVE-2011-3547\nCVE-2011-3548\nCVE-2011-3549\nCVE-2011-3551\nCVE-2011-3552\nCVE-2011-3553\nCVE-2011-3554\nCVE-2011-3556\nCVE-2011-3557\nCVE-2011-3558\nCVE-2011-3560\nCVE-2011-3561\n\nJava for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6\nmay be obtained from the Software Update pane in System Preferences,\nor Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nFor Mac OS X v10.6 systems\nThe download file is named: JavaForMacOSX10.6.dmg\nIts SHA-1 digest is: be0ac75b8bac967f1d39a94ebf9482a61fb7d70b\n\nFor Mac OS X v10.7 systems\nThe download file is named: JavaForMacOSX10.7.dmg\nIts SHA-1 digest is: 7768e6aeb5adaa638c74d4c04150517ed99fed20\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.16 (Darwin)\n\niQEcBAEBAgAGBQJOuZNKAAoJEGnF2JsdZQeece8H/1I98YQ1LF4iDD442zB+WjZP\n2Vxd3euXYwySD6qDCYNLJ0hUKu90c/4nr5d5rRH3xYdBzAHuZG39m069lpN1UZIW\nt5ube+j9zjiejnXlPbAgq+vIAg22nu0EdxhOOZZeQOoEYqyoKhXNCt3fR+tzo3o4\nmN/LWMO1NwrM0sGDPuUGs2TWdPZbC4QJJz4Z4S+FsTlujYh9MRd3dyxLBIg7BKCL\nwgnFdpFW8bPmVdiTj91pC0Gb3XtolQxexXGHsdI15KeFMbQ06nKV/AyvxMF8O5jS\nD089GEHE52NAQCZ0YJ6TJsisrGqTZZ77js55cPU259FogxEKKBuwfdFbn4qVeD8=\n=4KBF\n-----END PGP SIGNATURE-----\n. \n\nRelease Date: 2012-01-23\nLast Updated: 2012-01-23\n\n ------------------------------------------------------------------------------\n\nPotential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.12 or earlier\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2011-3516 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6\nCVE-2011-3521 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3544 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3545 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3546 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8\nCVE-2011-3547 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2011-3548 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3549 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3550 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6\nCVE-2011-3551 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\nCVE-2011-3552 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6\nCVE-2011-3553 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\nCVE-2011-3554 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3556 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2011-3557 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2011-3558 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2011-3560 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2011-3561 (AV:A/AC:H/Au:N/C:P/I:N/A:N) 1.8\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following Java version upgrades to resolve these vulnerabilities. This bulletin will be revised as other upgrades for additional supported Java versions become available. \nThe upgrades are available from the following location\n\nhttp://www.hp.com/go/java\n\nHP-UX B.11.11, B.11.23, B.11.31\n JDK and JRE v6.0.13 or subsequent\n\nMANUAL ACTIONS: Yes - Update\nFor Java v6.0.12 and earlier, update to Java v6.0.13 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\nHP-UX B.11.23\nHP-UX B.11.31\n===========\nJre60.JRE60-COM\nJre60.JRE60-IPF32\nJre60.JRE60-IPF32-HS\nJre60.JRE60-IPF64\nJre60.JRE60-IPF64-HS\nJre60.JRE60-PA20\nJre60.JRE60-PA20-HS\nJre60.JRE60-PA20W\nJre60.JRE60-PA20W-HS\nJdk60.JDK60-COM\nJdk60.JDK60-IPF32\nJdk60.JDK60-IPF64\nJdk60.JDK60-PA20\nJdk60.JDK60-PA20W\naction: install revision 1.6.0.13.00 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) 23 January 2012 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in the title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: java-1.6.0-openjdk security update\nAdvisory ID: RHSA-2011:1380-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2011-1380.html\nIssue date: 2011-10-18\nCVE Names: CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 \n CVE-2011-3547 CVE-2011-3548 CVE-2011-3551 \n CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 \n CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 \n CVE-2011-3560 \n=====================================================================\n\n1. Summary:\n\nUpdated java-1.6.0-openjdk packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5 and 6. \n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux (v. 5 server) - i386, x86_64\nRed Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit. \n\nA flaw was found in the Java RMI (Remote Method Invocation) registry\nimplementation. A remote RMI client could use this flaw to execute\narbitrary code on the RMI server running the registry. (CVE-2011-3556)\n\nA flaw was found in the Java RMI registry implementation. A remote RMI\nclient could use this flaw to execute code on the RMI server with\nunrestricted privileges. (CVE-2011-3557)\n\nA flaw was found in the IIOP (Internet Inter-Orb Protocol) deserialization\ncode. An untrusted Java application or applet running in a sandbox could\nuse this flaw to bypass sandbox restrictions by deserializing\nspecially-crafted input. (CVE-2011-3521)\n\nIt was found that the Java ScriptingEngine did not properly restrict the\nprivileges of sandboxed applications. An untrusted Java application or\napplet running in a sandbox could use this flaw to bypass sandbox\nrestrictions. (CVE-2011-3544)\n\nA flaw was found in the AWTKeyStroke implementation. An untrusted Java\napplication or applet running in a sandbox could use this flaw to bypass\nsandbox restrictions. (CVE-2011-3548)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the Java2D code used to perform transformations of graphic shapes\nand images. An untrusted Java application or applet running in a sandbox\ncould use this flaw to bypass sandbox restrictions. (CVE-2011-3551)\n\nAn insufficient error checking flaw was found in the unpacker for JAR files\nin pack200 format. A specially-crafted JAR file could use this flaw to\ncrash the Java Virtual Machine (JVM) or, possibly, execute arbitrary code\nwith JVM privileges. (CVE-2011-3554)\n\nIt was found that HttpsURLConnection did not perform SecurityManager checks\nin the setSSLSocketFactory method. An untrusted Java application or applet\nrunning in a sandbox could use this flaw to bypass connection restrictions\ndefined in the policy. (CVE-2011-3560)\n\nA flaw was found in the way the SSL 3 and TLS 1.0 protocols used block\nciphers in cipher-block chaining (CBC) mode. An attacker able to perform a\nchosen plain text attack against a connection mixing trusted and untrusted\ndata could use this flaw to recover portions of the trusted data sent over\nthe connection. (CVE-2011-3389)\n\nNote: This update mitigates the CVE-2011-3389 issue by splitting the first\napplication data record byte to a separate SSL/TLS protocol record. This\nmitigation may cause compatibility issues with some SSL/TLS implementations\nand can be disabled using the jsse.enableCBCProtection boolean property. \nThis can be done on the command line by appending the flag\n\"-Djsse.enableCBCProtection=false\" to the java command. \n\nAn information leak flaw was found in the InputStream.skip implementation. \nAn untrusted Java application or applet could possibly use this flaw to\nobtain bytes skipped by other threads. (CVE-2011-3547)\n\nA flaw was found in the Java HotSpot virtual machine. An untrusted Java\napplication or applet could use this flaw to disclose portions of the VM\nmemory, or cause it to crash. (CVE-2011-3558)\n\nThe Java API for XML Web Services (JAX-WS) implementation in OpenJDK was\nconfigured to include the stack trace in error messages sent to clients. A\nremote client could possibly use this flaw to obtain sensitive information. \n(CVE-2011-3553)\n\nIt was found that Java applications running with SecurityManager\nrestrictions were allowed to use too many UDP sockets by default. If\nmultiple instances of a malicious application were started at the same\ntime, they could exhaust all available UDP sockets on the system. \n(CVE-2011-3552)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.9.10. Refer to\nthe NEWS file, linked to in the References, for further information. \n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)\n745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936)\n745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600)\n745391 - CVE-2011-3551 OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640)\n745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417)\n745399 - CVE-2011-3544 OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823)\n745442 - CVE-2011-3521 OpenJDK: IIOP deserialization code execution (Deserialization, 7055902)\n745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857)\n745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466)\n745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012)\n745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773)\n745476 - CVE-2011-3553 OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794)\n745492 - CVE-2011-3558 OpenJDK: Hotspot unspecified issue (Hotspot, 7070134)\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm\n\ni386:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm\n\ni386:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm\n\ni386:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3389.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3521.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3544.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3547.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3548.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3551.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3552.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3553.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3554.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3556.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3557.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3558.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3560.html\nhttps://access.redhat.com/security/updates/classification/#critical\nhttp://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html\nhttp://icedtea.classpath.org/hg/release/icedtea6-1.9/file/328afd896e3e/NEWS\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2011 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFOngvzXlSAg2UNWIIRArb8AKCaS923HYBco1E2eOOedT1aefjmyACgherU\n1E1DMZpv3ExBmKhD4Emi2no=\n=sMXo\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2011-3558" }, { "db": "JVNDB", "id": "JVNDB-2011-002592" }, { "db": "BID", "id": "50242" }, { "db": "VULMON", "id": "CVE-2011-3558" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "127267" }, { "db": "PACKETSTORM", "id": "106868" }, { "db": "PACKETSTORM", "id": "105998" }, { "db": "PACKETSTORM", "id": "106792" }, { "db": "PACKETSTORM", "id": "109072" }, { "db": "PACKETSTORM", "id": "105967" } ], "trust": 2.61 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-3558", "trust": 3.4 }, { "db": "BID", "id": "50242", "trust": 2.0 }, { "db": "SECUNIA", "id": "48308", "trust": 1.1 }, { "db": "OSVDB", "id": "76510", "trust": 1.1 }, { "db": "SECTRACK", "id": "1026215", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2011-002592", "trust": 0.8 }, { "db": "NSFOCUS", "id": "19032", "trust": 0.6 }, { "db": "NSFOCUS", "id": "17988", "trust": 0.6 }, { "db": "NSFOCUS", "id": "19096", "trust": 0.6 }, { "db": "NSFOCUS", "id": "20539", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201110-476", "trust": 0.6 }, { "db": "HITACHI", "id": "HS11-024", "trust": 0.4 }, { "db": "ICS CERT", "id": "ICSA-17-213-02", "trust": 0.3 }, { "db": "SECUNIA", "id": "46694", "trust": 0.2 }, { "db": "VULMON", "id": "CVE-2011-3558", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106747", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127267", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106868", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "105998", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106792", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "109072", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "105967", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3558" }, { "db": "BID", "id": "50242" }, { "db": "JVNDB", "id": "JVNDB-2011-002592" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "127267" }, { "db": "PACKETSTORM", "id": "106868" }, { "db": "PACKETSTORM", "id": "105998" }, { "db": "PACKETSTORM", "id": "106792" }, { "db": "PACKETSTORM", "id": "109072" }, { "db": "PACKETSTORM", "id": "105967" }, { "db": "CNNVD", "id": "CNNVD-201110-476" }, { "db": "NVD", "id": "CVE-2011-3558" } ] }, "id": "VAR-201110-0389", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 1.0 }, "last_update_date": "2024-09-19T22:23:28.442000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "HT5045", "trust": 0.8, "url": "http://support.apple.com/kb/HT5045" }, { "title": "HS11-024", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-024/index.html" }, { "title": "HPSBMU02769 SSRT100846", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03298151" }, { "title": "Oracle Java SE Critical Patch Update Advisory - October 2011", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" }, { "title": "RHSA-2011:1384", "trust": 0.8, "url": "http://rhn.redhat.com/errata/RHSA-2011-1384.html" }, { "title": "October 2011 Critical Patch Updates Released", "trust": 0.8, "url": "http://blogs.oracle.com/security/entry/october_2011_critical_patch_updates" }, { "title": "VMSA-2012-0003", "trust": 0.8, "url": "http://www.vmware.com/jp/support/support-resources/advisories/VMSA-2012-0003.html" }, { "title": "HS11-024", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-024/index.html" }, { "title": "Ubuntu Security Notice: openjdk-6, openjdk-6b18 regression", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1263-2" }, { "title": "Ubuntu Security Notice: icedtea-web, openjdk-6, openjdk-6b18 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1263-1" }, { "title": "Amazon Linux AMI: ALAS-2011-010", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2011-010" } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3558" }, { "db": "JVNDB", "id": "JVNDB-2011-002592" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2011-3558" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.2, "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" }, { "trust": 1.8, "url": "http://www.securityfocus.com/bid/50242" }, { "trust": 1.2, "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2011-1384.html" }, { "trust": 1.1, "url": "http://www.ibm.com/developerworks/java/jdk/alerts/" }, { "trust": 1.1, "url": "http://osvdb.org/76510" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id?1026215" }, { "trust": 1.1, "url": "http://www.ubuntu.com/usn/usn-1263-1" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2" }, { "trust": 1.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70835" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a13475" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2" }, { "trust": 1.1, "url": "http://secunia.com/advisories/48308" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3558" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3558" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/17988" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/19096" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/19032" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/20539" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3521" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3553" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3558" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3560" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3554" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3552" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3544" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3389" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3556" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3557" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3548" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3551" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3547" }, { "trust": 0.4, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs11-024/index.html" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-213-02" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100151219" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100150852" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100154049" }, { "trust": 0.3, "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?docid=emr_na-c03909126-1\u0026ac.admitted=1378134276525.876444892.492883150" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643845" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21641966" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21609004" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21609022" }, { "trust": 0.3, "url": "http://lists.vmware.com/pipermail/security-announce/2012/000162.html" }, { "trust": 0.3, "url": "http://www.vmware.com/security/advisories/vmsa-2012-0005.html" }, { "trust": 0.3, "url": "http://www.xerox.com/download/security/security-bulletin/1284333-14afb-4baadb5bccb00/cert_xrx12-002_v1.1.pdf" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3549" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3546" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3545" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3561" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3560.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3547.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3550" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3548.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3557.html" }, { "trust": 0.2, "url": "https://access.redhat.com/kb/docs/doc-11259" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3554.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3553.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3556.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3551.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3516" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3389.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3544.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3521.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3558.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3552.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.2, "url": "http://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/1263-2/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46694/#comments" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/products/corporate/vim/ovum_2011_request/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46694" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46694/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4470" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3423" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3565" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2469" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0864" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3553" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2443" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1717" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2412" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1716" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0505" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1518" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2419" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3557" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2414" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3829" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5829" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5804" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1485" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5806" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5087" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2422" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0865" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4471" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5075" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3557" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3562" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2426" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3567" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4002" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5084" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1711" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1478" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2461" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5820" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5979" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6954" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2470" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4476" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0547" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4540" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0429" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0441" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2451" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2459" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5823" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2421" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0870" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3554" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0862" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2460" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1713" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0706" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0434" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5784" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3568" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5830" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5800" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4467" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3567" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2456" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5803" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4465" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4472" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5086" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3556" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0425" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2383" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2423" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2447" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2452" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2445" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5778" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5780" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5073" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3568" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1493" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2446" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5069" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-5035" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3566" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3549" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1500" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3562" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0426" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0457" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5850" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2783" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3573" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3552" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0451" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0459" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2423" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1876" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2384" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4469" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0431" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1557" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0458" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2453" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4448" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3521" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0401" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5085" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2407" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2421" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3564" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2429" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4465" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3569" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2403" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5068" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0871" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5071" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2398" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0432" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0815" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0444" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1475" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0497" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5774" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5782" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3554" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4469" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1725" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5790" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5805" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3564" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5802" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5849" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1719" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3569" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3573" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0461" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0442" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2448" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2458" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0427" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2427" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5825" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0506" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1484" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2430" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3541" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2415" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3549" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3565" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0872" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3216" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0429" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1718" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5772" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3860" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3422" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0433" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5074" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3554" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2454" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2444" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5072" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4470" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2436" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4416" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0822" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1537" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3553" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3551" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2449" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0503" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0025" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2457" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1476" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0169" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0424" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3563" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0809" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5077" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0435" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3544" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0456" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1723" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1726" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1571" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4467" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0460" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5081" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3547" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5840" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5851" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2465" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2431" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2473" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6629" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5783" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4448" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2783" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2463" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2412" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5809" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1480" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4351" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2420" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0501" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0428" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0869" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2417" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2471" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3566" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3551" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2424" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5076" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5842" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2397" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0452" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3553" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1569" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1724" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5797" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5070" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1486" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2472" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0446" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0453" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3860" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1488" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0502" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0868" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0440" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0443" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3389" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5814" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5817" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4351" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3551" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2455" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3557" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5089" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3377" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3556" }, { "trust": 0.1, "url": "http://secunia.com/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3552" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3560" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3553" }, { "trust": 0.1, "url": "https://www.ample.com" }, { "trust": 0.1, "url": "https://www.example.com," }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3389" }, { "trust": 0.1, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3557" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3554" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/advisories" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3551" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3377" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3544" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3521" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3548" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3547" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3555" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3549.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3546.html" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2011-1384.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3516.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3545.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3561.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3550.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3555.html" }, { "trust": 0.1, "url": "http://support.apple.com/kb/ht1222" }, { "trust": 0.1, "url": "http://www.apple.com/support/downloads/" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "http://java.sun.com/javase/6/webnotes/releasenotes.html" }, { "trust": 0.1, "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.1, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.1, "url": "http://www.hp.com/go/java" }, { "trust": 0.1, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430" }, { "trust": 0.1, "url": "https://www.hp.com/go/swa" }, { "trust": 0.1, "url": "http://icedtea.classpath.org/hg/release/icedtea6-1.9/file/328afd896e3e/news" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2011-1380.html" } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3558" }, { "db": "BID", "id": "50242" }, { "db": "JVNDB", "id": "JVNDB-2011-002592" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "127267" }, { "db": "PACKETSTORM", "id": "106868" }, { "db": "PACKETSTORM", "id": "105998" }, { "db": "PACKETSTORM", "id": "106792" }, { "db": "PACKETSTORM", "id": "109072" }, { "db": "PACKETSTORM", "id": "105967" }, { "db": "CNNVD", "id": "CNNVD-201110-476" }, { "db": "NVD", "id": "CVE-2011-3558" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2011-3558" }, { "db": "BID", "id": "50242" }, { "db": "JVNDB", "id": "JVNDB-2011-002592" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "127267" }, { "db": "PACKETSTORM", "id": "106868" }, { "db": "PACKETSTORM", "id": "105998" }, { "db": "PACKETSTORM", "id": "106792" }, { "db": "PACKETSTORM", "id": "109072" }, { "db": "PACKETSTORM", "id": "105967" }, { "db": "CNNVD", "id": "CNNVD-201110-476" }, { "db": "NVD", "id": "CVE-2011-3558" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-10-19T00:00:00", "db": "VULMON", "id": "CVE-2011-3558" }, { "date": "2011-10-18T00:00:00", "db": "BID", "id": "50242" }, { "date": "2011-10-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-002592" }, { "date": "2011-11-08T04:55:18", "db": "PACKETSTORM", "id": "106747" }, { "date": "2014-06-30T23:39:28", "db": "PACKETSTORM", "id": "127267" }, { "date": "2011-11-12T00:06:50", "db": "PACKETSTORM", "id": "106868" }, { "date": "2011-10-19T22:54:10", "db": "PACKETSTORM", "id": "105998" }, { "date": "2011-11-09T18:31:22", "db": "PACKETSTORM", "id": "106792" }, { "date": "2012-01-25T16:35:02", "db": "PACKETSTORM", "id": "109072" }, { "date": "2011-10-19T00:58:21", "db": "PACKETSTORM", "id": "105967" }, { "date": "1900-01-01T00:00:00", "db": "CNNVD", "id": "CNNVD-201110-476" }, { "date": "2011-10-19T21:55:01.677000", "db": "NVD", "id": "CVE-2011-3558" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-01-06T00:00:00", "db": "VULMON", "id": "CVE-2011-3558" }, { "date": "2017-08-02T18:09:00", "db": "BID", "id": "50242" }, { "date": "2013-03-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-002592" }, { "date": "2011-10-21T00:00:00", "db": "CNNVD", "id": "CNNVD-201110-476" }, { "date": "2018-01-06T02:29:21.003000", "db": "NVD", "id": "CVE-2011-3558" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "106868" }, { "db": "PACKETSTORM", "id": "109072" }, { "db": "PACKETSTORM", "id": "105967" }, { "db": "CNNVD", "id": "CNNVD-201110-476" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Oracle Java SE of Java Runtime Environment (JRE) Component vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-002592" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-201110-476" } ], "trust": 0.6 } }
var-201110-0387
Vulnerability from variot
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI, a different vulnerability than CVE-2011-3557. IBM ServeRAID Manager version 9.30-17006 and prior exposes a Java RMI that allows a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Oracle Java SE is prone to a remote vulnerability in Java Runtime Environment. The vulnerability can be exploited over multiple protocols. This issue affects the 'RMI' sub-component. This vulnerability affects the following supported versions: JDK and JRE 7, 6 Update 27, 5.0 Update 31, 1.4.2_33, JRockit R28.1.4. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Hitachi Cosminexus Products Java Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA46694
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46694/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46694
RELEASE DATE: 2011-11-08
DISCUSS ADVISORY: http://secunia.com/advisories/46694/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46694/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46694
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Hitachi has acknowledged multiple vulnerabilities in Hitachi Cosminexus products, which can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
The vulnerabilities are caused due to vulnerabilities in the bundled version of Cosminexus Developer's Kit for Java.
For more information: SA46512
Please see the vendor's advisory for a list of affected products.
SOLUTION: Update to a fixed version. Please see the vendor's advisory for details.
ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-024/index.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201406-32
http://security.gentoo.org/
Severity: High Title: IcedTea JDK: Multiple vulnerabilities Date: June 29, 2014 Bugs: #312297, #330205, #340819, #346799, #352035, #353418, #354231, #355127, #370787, #387637, #404095, #421031, #429522, #433389, #438750, #442478, #457206, #458410, #461714, #466822, #477210, #489570, #508270 ID: 201406-32
Synopsis
Multiple vulnerabilities have been found in the IcedTea JDK, the worst of which could lead to arbitrary code execution.
Background
IcedTea is a distribution of the Java OpenJDK source code built with free build tools.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/icedtea-bin < 6.1.13.3 >= 6.1.13.3
Description
Multiple vulnerabilities have been discovered in the IcedTea JDK. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All IcedTea JDK users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-6.1.13.3"
References
[ 1 ] CVE-2009-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555 [ 2 ] CVE-2010-2548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2548 [ 3 ] CVE-2010-2783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2783 [ 4 ] CVE-2010-3541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541 [ 5 ] CVE-2010-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548 [ 6 ] CVE-2010-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549 [ 7 ] CVE-2010-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551 [ 8 ] CVE-2010-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553 [ 9 ] CVE-2010-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554 [ 10 ] CVE-2010-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557 [ 11 ] CVE-2010-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561 [ 12 ] CVE-2010-3562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562 [ 13 ] CVE-2010-3564 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3564 [ 14 ] CVE-2010-3565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565 [ 15 ] CVE-2010-3566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566 [ 16 ] CVE-2010-3567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567 [ 17 ] CVE-2010-3568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568 [ 18 ] CVE-2010-3569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569 [ 19 ] CVE-2010-3573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573 [ 20 ] CVE-2010-3574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574 [ 21 ] CVE-2010-3860 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3860 [ 22 ] CVE-2010-4351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4351 [ 23 ] CVE-2010-4448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448 [ 24 ] CVE-2010-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450 [ 25 ] CVE-2010-4465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465 [ 26 ] CVE-2010-4467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467 [ 27 ] CVE-2010-4469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469 [ 28 ] CVE-2010-4470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470 [ 29 ] CVE-2010-4471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471 [ 30 ] CVE-2010-4472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472 [ 31 ] CVE-2010-4476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476 [ 32 ] CVE-2011-0025 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0025 [ 33 ] CVE-2011-0706 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0706 [ 34 ] CVE-2011-0815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815 [ 35 ] CVE-2011-0822 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0822 [ 36 ] CVE-2011-0862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862 [ 37 ] CVE-2011-0864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864 [ 38 ] CVE-2011-0865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865 [ 39 ] CVE-2011-0868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868 [ 40 ] CVE-2011-0869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869 [ 41 ] CVE-2011-0870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0870 [ 42 ] CVE-2011-0871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871 [ 43 ] CVE-2011-0872 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872 [ 44 ] CVE-2011-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389 [ 45 ] CVE-2011-3521 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521 [ 46 ] CVE-2011-3544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544 [ 47 ] CVE-2011-3547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547 [ 48 ] CVE-2011-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548 [ 49 ] CVE-2011-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551 [ 50 ] CVE-2011-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552 [ 51 ] CVE-2011-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553 [ 52 ] CVE-2011-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554 [ 53 ] CVE-2011-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556 [ 54 ] CVE-2011-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557 [ 55 ] CVE-2011-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558 [ 56 ] CVE-2011-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560 [ 57 ] CVE-2011-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563 [ 58 ] CVE-2011-3571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3571 [ 59 ] CVE-2011-5035 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035 [ 60 ] CVE-2012-0497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497 [ 61 ] CVE-2012-0501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501 [ 62 ] CVE-2012-0502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502 [ 63 ] CVE-2012-0503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503 [ 64 ] CVE-2012-0505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505 [ 65 ] CVE-2012-0506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506 [ 66 ] CVE-2012-0547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547 [ 67 ] CVE-2012-1711 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711 [ 68 ] CVE-2012-1713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713 [ 69 ] CVE-2012-1716 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716 [ 70 ] CVE-2012-1717 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717 [ 71 ] CVE-2012-1718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718 [ 72 ] CVE-2012-1719 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719 [ 73 ] CVE-2012-1723 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723 [ 74 ] CVE-2012-1724 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724 [ 75 ] CVE-2012-1725 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725 [ 76 ] CVE-2012-1726 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726 [ 77 ] CVE-2012-3216 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216 [ 78 ] CVE-2012-3422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3422 [ 79 ] CVE-2012-3423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3423 [ 80 ] CVE-2012-4416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416 [ 81 ] CVE-2012-4540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4540 [ 82 ] CVE-2012-5068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068 [ 83 ] CVE-2012-5069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069 [ 84 ] CVE-2012-5070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070 [ 85 ] CVE-2012-5071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071 [ 86 ] CVE-2012-5072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072 [ 87 ] CVE-2012-5073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073 [ 88 ] CVE-2012-5074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074 [ 89 ] CVE-2012-5075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075 [ 90 ] CVE-2012-5076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076 [ 91 ] CVE-2012-5077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077 [ 92 ] CVE-2012-5081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081 [ 93 ] CVE-2012-5084 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084 [ 94 ] CVE-2012-5085 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085 [ 95 ] CVE-2012-5086 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086 [ 96 ] CVE-2012-5087 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087 [ 97 ] CVE-2012-5089 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089 [ 98 ] CVE-2012-5979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5979 [ 99 ] CVE-2013-0169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169 [ 100 ] CVE-2013-0401 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401 [ 101 ] CVE-2013-0424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0424 [ 102 ] CVE-2013-0425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0425 [ 103 ] CVE-2013-0426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0426 [ 104 ] CVE-2013-0427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0427 [ 105 ] CVE-2013-0428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0428 [ 106 ] CVE-2013-0429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0429 [ 107 ] CVE-2013-0431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0431 [ 108 ] CVE-2013-0432 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0432 [ 109 ] CVE-2013-0433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0433 [ 110 ] CVE-2013-0434 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0434 [ 111 ] CVE-2013-0435 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0435 [ 112 ] CVE-2013-0440 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0440 [ 113 ] CVE-2013-0441 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0441 [ 114 ] CVE-2013-0442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0442 [ 115 ] CVE-2013-0443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0443 [ 116 ] CVE-2013-0444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0444 [ 117 ] CVE-2013-0450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0450 [ 118 ] CVE-2013-0809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809 [ 119 ] CVE-2013-1475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1475 [ 120 ] CVE-2013-1476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1476 [ 121 ] CVE-2013-1478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1478 [ 122 ] CVE-2013-1480 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1480 [ 123 ] CVE-2013-1484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484 [ 124 ] CVE-2013-1485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485 [ 125 ] CVE-2013-1486 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486 [ 126 ] CVE-2013-1488 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488 [ 127 ] CVE-2013-1493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493 [ 128 ] CVE-2013-1500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500 [ 129 ] CVE-2013-1518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518 [ 130 ] CVE-2013-1537 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537 [ 131 ] CVE-2013-1557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557 [ 132 ] CVE-2013-1569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569 [ 133 ] CVE-2013-1571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571 [ 134 ] CVE-2013-2383 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383 [ 135 ] CVE-2013-2384 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384 [ 136 ] CVE-2013-2407 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407 [ 137 ] CVE-2013-2412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412 [ 138 ] CVE-2013-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415 [ 139 ] CVE-2013-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417 [ 140 ] CVE-2013-2419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419 [ 141 ] CVE-2013-2420 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420 [ 142 ] CVE-2013-2421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421 [ 143 ] CVE-2013-2422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422 [ 144 ] CVE-2013-2423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423 [ 145 ] CVE-2013-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424 [ 146 ] CVE-2013-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426 [ 147 ] CVE-2013-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429 [ 148 ] CVE-2013-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430 [ 149 ] CVE-2013-2431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431 [ 150 ] CVE-2013-2436 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436 [ 151 ] CVE-2013-2443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443 [ 152 ] CVE-2013-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444 [ 153 ] CVE-2013-2445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445 [ 154 ] CVE-2013-2446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446 [ 155 ] CVE-2013-2447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447 [ 156 ] CVE-2013-2448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448 [ 157 ] CVE-2013-2449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449 [ 158 ] CVE-2013-2450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450 [ 159 ] CVE-2013-2451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451 [ 160 ] CVE-2013-2452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452 [ 161 ] CVE-2013-2453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453 [ 162 ] CVE-2013-2454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454 [ 163 ] CVE-2013-2455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455 [ 164 ] CVE-2013-2456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456 [ 165 ] CVE-2013-2457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457 [ 166 ] CVE-2013-2458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458 [ 167 ] CVE-2013-2459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459 [ 168 ] CVE-2013-2460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460 [ 169 ] CVE-2013-2461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461 [ 170 ] CVE-2013-2463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463 [ 171 ] CVE-2013-2465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465 [ 172 ] CVE-2013-2469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469 [ 173 ] CVE-2013-2470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470 [ 174 ] CVE-2013-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471 [ 175 ] CVE-2013-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472 [ 176 ] CVE-2013-2473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473 [ 177 ] CVE-2013-3829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829 [ 178 ] CVE-2013-4002 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4002 [ 179 ] CVE-2013-5772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772 [ 180 ] CVE-2013-5774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774 [ 181 ] CVE-2013-5778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778 [ 182 ] CVE-2013-5780 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780 [ 183 ] CVE-2013-5782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782 [ 184 ] CVE-2013-5783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783 [ 185 ] CVE-2013-5784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784 [ 186 ] CVE-2013-5790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790 [ 187 ] CVE-2013-5797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797 [ 188 ] CVE-2013-5800 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800 [ 189 ] CVE-2013-5802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802 [ 190 ] CVE-2013-5803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803 [ 191 ] CVE-2013-5804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804 [ 192 ] CVE-2013-5805 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805 [ 193 ] CVE-2013-5806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806 [ 194 ] CVE-2013-5809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809 [ 195 ] CVE-2013-5814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814 [ 196 ] CVE-2013-5817 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817 [ 197 ] CVE-2013-5820 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820 [ 198 ] CVE-2013-5823 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823 [ 199 ] CVE-2013-5825 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825 [ 200 ] CVE-2013-5829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829 [ 201 ] CVE-2013-5830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830 [ 202 ] CVE-2013-5840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840 [ 203 ] CVE-2013-5842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842 [ 204 ] CVE-2013-5849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849 [ 205 ] CVE-2013-5850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850 [ 206 ] CVE-2013-5851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851 [ 207 ] CVE-2013-6629 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6629 [ 208 ] CVE-2013-6954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6954 [ 209 ] CVE-2014-0429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0429 [ 210 ] CVE-2014-0446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0446 [ 211 ] CVE-2014-0451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0451 [ 212 ] CVE-2014-0452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0452 [ 213 ] CVE-2014-0453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0453 [ 214 ] CVE-2014-0456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0456 [ 215 ] CVE-2014-0457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0457 [ 216 ] CVE-2014-0458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0458 [ 217 ] CVE-2014-0459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0459 [ 218 ] CVE-2014-0460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0460 [ 219 ] CVE-2014-0461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0461 [ 220 ] CVE-2014-1876 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1876 [ 221 ] CVE-2014-2397 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2397 [ 222 ] CVE-2014-2398 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2398 [ 223 ] CVE-2014-2403 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2403 [ 224 ] CVE-2014-2412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2412 [ 225 ] CVE-2014-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2414 [ 226 ] CVE-2014-2421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2421 [ 227 ] CVE-2014-2423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2423 [ 228 ] CVE-2014-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2427
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201406-32.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-1263-1 November 16, 2011
icedtea-web, openjdk-6, openjdk-6b18 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Summary:
Multiple OpenJDK 6 and IcedTea-Web vulnerabilities have been fixed.
Software Description: - icedtea-web: A web browser plugin to execute Java applets - openjdk-6: Open Source Java implementation - openjdk-6b18: Open Source Java implementation
Details:
Deepak Bhole discovered a flaw in the Same Origin Policy (SOP) implementation in the IcedTea web browser plugin. This could allow a remote attacker to open connections to certain hosts that should not be permitted. (CVE-2011-3377)
Juliano Rizzo and Thai Duong discovered that the block-wise AES encryption algorithm block-wise as used in TLS/SSL was vulnerable to a chosen-plaintext attack. This could allow a remote attacker to view confidential data. (CVE-2011-3521)
It was discovered that the Java scripting engine did not perform SecurityManager checks. (CVE-2011-3544)
It was discovered that the InputStream class used a global buffer to store input bytes skipped. (CVE-2011-3547)
It was discovered that a vulnerability existed in the AWTKeyStroke class. (CVE-2011-3548)
It was discovered that an integer overflow vulnerability existed in the TransformHelper class in the Java2D implementation. (CVE-2011-3556, CVE-2011-3557)
It was discovered that the HotSpot VM could be made to crash, allowing an attacker to cause a denial of service or possibly leak sensitive information. (CVE-2011-3558)
It was discovered that the HttpsURLConnection class did not properly perform SecurityManager checks in certain situations. This could allow a remote attacker to bypass restrictions on HTTPS connections. (CVE-2011-3560)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.10: icedtea-6-jre-cacao 6b23~pre11-0ubuntu1.11.10 icedtea-6-jre-jamvm 6b23~pre11-0ubuntu1.11.10 icedtea-netx 1.1.3-1ubuntu1.1 icedtea-plugin 1.1.3-1ubuntu1.1 openjdk-6-jre 6b23~pre11-0ubuntu1.11.10 openjdk-6-jre-headless 6b23~pre11-0ubuntu1.11.10 openjdk-6-jre-lib 6b23~pre11-0ubuntu1.11.10 openjdk-6-jre-zero 6b23~pre11-0ubuntu1.11.10
Ubuntu 11.04: icedtea-6-jre-cacao 6b22-1.10.4-0ubuntu1~11.04.1 icedtea-6-jre-jamvm 6b22-1.10.4-0ubuntu1~11.04.1 icedtea-netx 1.1.1-0ubuntu1~11.04.2 icedtea-plugin 1.1.1-0ubuntu1~11.04.2 openjdk-6-jre 6b22-1.10.4-0ubuntu1~11.04.1 openjdk-6-jre-headless 6b22-1.10.4-0ubuntu1~11.04.1 openjdk-6-jre-lib 6b22-1.10.4-0ubuntu1~11.04.1 openjdk-6-jre-zero 6b22-1.10.4-0ubuntu1~11.04.1
Ubuntu 10.10: icedtea-6-jre-cacao 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-demo 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-jdk 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-jre 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-jre-headless 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-jre-lib 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-jre-zero 6b20-1.9.10-0ubuntu1~10.10.2
Ubuntu 10.04 LTS: icedtea-6-jre-cacao 6b20-1.9.10-0ubuntu1~10.04.2 icedtea6-plugin 6b20-1.9.10-0ubuntu1~10.04.2 openjdk-6-demo 6b20-1.9.10-0ubuntu1~10.04.2 openjdk-6-jre 6b20-1.9.10-0ubuntu1~10.04.2 openjdk-6-jre-headless 6b20-1.9.10-0ubuntu1~10.04.2 openjdk-6-jre-lib 6b20-1.9.10-0ubuntu1~10.04.2 openjdk-6-jre-zero 6b20-1.9.10-0ubuntu1~10.04.2
After a standard system update you need to restart any Java applications or applets to make all the necessary changes.
IcedTea6 prior to 1.10.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D (CVE-2011-3551).
IcedTea6 prior to 1.10.4 allows remote attackers to affect integrity via unknown vectors related to Networking (CVE-2011-3552).
IcedTea6 prior to 1.10.4 allows remote authenticated users to affect confidentiality, related to JAXWS (CVE-2011-3553).
IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to HotSpot (CVE-2011-3558). A malicious applet could use this flaw to bypass SOP protection and open connections to any sub-domain of the second-level domain of the applet's origin, as well as any sub-domain of the domain that is the suffix of the origin second-level domain. For example, IcedTea-Web plugin allowed applet from some.host.example.com to connect to other.host.example.com, www.example.com, and example.com, as well as www.ample.com or ample.com. (CVE-2011-3377). The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFOvSWxmqjQ0CJFipgRAnk1AKDUddZYCqwkfhoUpLxEL0BT3mDf0ACfbuTI aaF2JGTyfceBABs92un/yVA= =yPsD -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 5.0.24 or earlier
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-3521 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3545 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3547 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3548 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3549 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3552 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2011-3554 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3556 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-3557 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2011-3560 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2011-3563 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2012-0498 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-0499 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-0501 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-0502 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2012-0503 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-0505 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-0506 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2012-0507 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following Java version upgrades to resolve these vulnerabilities. The upgrades are available from the following location
http://www.hp.com/go/java
HP-UX B.11.11, B.11.23, B.11.31 JDK and JRE v5.0.25 or subsequent
MANUAL ACTIONS: Yes - Update For Java v5.0.24 and earlier, update to Java v5.0.25 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 =========== Jdk15.JDK15 Jdk15.JDK15-COM Jdk15.JDK15-DEMO Jdk15.JDK15-IPF32 Jdk15.JDK15-IPF64 Jdk15.JDK15-COM Jdk15.JDK15-DEMO Jdk15.JDK15-PA20 Jdk15.JDK15-PA20W Jre15.JRE15 Jre15.JRE15-COM Jre15.JRE15-IPF32 Jre15.JRE15-IPF32-HS Jre15.JRE15-IPF64 Jre15.JRE15-IPF64-HS Jre15.JRE15-PA20 Jre15.JRE15-PA20-HS Jre15.JRE15-PA20W Jre15.JRE15-PA20W-HS action: install revision 1.5.0.25.00 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) 2 April 2012 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6
Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 are now available and address the following:
Java Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, Mac OS X v10.7.2, Mac OS X Server v10.7.2 Impact: Multiple vulnerabilities in Java 1.6.0_26 Description: Multiple vulnerabilities exist in Java 1.6.0_26, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. These issues are addressed by updating to Java version 1.6.0_29. Further information is available via the Java website at http://java.sun.com/javase/6/webnotes/ReleaseNotes.html CVE-ID CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3545 CVE-2011-3546 CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 CVE-2011-3560 CVE-2011-3561
Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
For Mac OS X v10.6 systems The download file is named: JavaForMacOSX10.6.dmg Its SHA-1 digest is: be0ac75b8bac967f1d39a94ebf9482a61fb7d70b
For Mac OS X v10.7 systems The download file is named: JavaForMacOSX10.7.dmg Its SHA-1 digest is: 7768e6aeb5adaa638c74d4c04150517ed99fed20
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iQEcBAEBAgAGBQJOuZNKAAoJEGnF2JsdZQeece8H/1I98YQ1LF4iDD442zB+WjZP 2Vxd3euXYwySD6qDCYNLJ0hUKu90c/4nr5d5rRH3xYdBzAHuZG39m069lpN1UZIW t5ube+j9zjiejnXlPbAgq+vIAg22nu0EdxhOOZZeQOoEYqyoKhXNCt3fR+tzo3o4 mN/LWMO1NwrM0sGDPuUGs2TWdPZbC4QJJz4Z4S+FsTlujYh9MRd3dyxLBIg7BKCL wgnFdpFW8bPmVdiTj91pC0Gb3XtolQxexXGHsdI15KeFMbQ06nKV/AyvxMF8O5jS D089GEHE52NAQCZ0YJ6TJsisrGqTZZ77js55cPU259FogxEKKBuwfdFbn4qVeD8= =4KBF -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: java-1.6.0-openjdk security update Advisory ID: RHSA-2011:1380-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1380.html Issue date: 2011-10-18 CVE Names: CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3547 CVE-2011-3548 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 CVE-2011-3560 =====================================================================
- Summary:
Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
- Description:
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.
A flaw was found in the Java RMI (Remote Method Invocation) registry implementation. (CVE-2011-3556)
A flaw was found in the Java RMI registry implementation. A remote RMI client could use this flaw to execute code on the RMI server with unrestricted privileges. (CVE-2011-3557)
A flaw was found in the IIOP (Internet Inter-Orb Protocol) deserialization code. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions by deserializing specially-crafted input. (CVE-2011-3521)
It was found that the Java ScriptingEngine did not properly restrict the privileges of sandboxed applications. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3544)
A flaw was found in the AWTKeyStroke implementation. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3548)
An integer overflow flaw, leading to a heap-based buffer overflow, was found in the Java2D code used to perform transformations of graphic shapes and images. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3551)
An insufficient error checking flaw was found in the unpacker for JAR files in pack200 format. A specially-crafted JAR file could use this flaw to crash the Java Virtual Machine (JVM) or, possibly, execute arbitrary code with JVM privileges. (CVE-2011-3554)
It was found that HttpsURLConnection did not perform SecurityManager checks in the setSSLSocketFactory method. An untrusted Java application or applet running in a sandbox could use this flaw to bypass connection restrictions defined in the policy. (CVE-2011-3560)
A flaw was found in the way the SSL 3 and TLS 1.0 protocols used block ciphers in cipher-block chaining (CBC) mode. An attacker able to perform a chosen plain text attack against a connection mixing trusted and untrusted data could use this flaw to recover portions of the trusted data sent over the connection. (CVE-2011-3389)
Note: This update mitigates the CVE-2011-3389 issue by splitting the first application data record byte to a separate SSL/TLS protocol record. This mitigation may cause compatibility issues with some SSL/TLS implementations and can be disabled using the jsse.enableCBCProtection boolean property. This can be done on the command line by appending the flag "-Djsse.enableCBCProtection=false" to the java command.
An information leak flaw was found in the InputStream.skip implementation. An untrusted Java application or applet could possibly use this flaw to obtain bytes skipped by other threads. (CVE-2011-3547)
A flaw was found in the Java HotSpot virtual machine. An untrusted Java application or applet could use this flaw to disclose portions of the VM memory, or cause it to crash. (CVE-2011-3558)
The Java API for XML Web Services (JAX-WS) implementation in OpenJDK was configured to include the stack trace in error messages sent to clients. A remote client could possibly use this flaw to obtain sensitive information. (CVE-2011-3553)
It was found that Java applications running with SecurityManager restrictions were allowed to use too many UDP sockets by default. If multiple instances of a malicious application were started at the same time, they could exhaust all available UDP sockets on the system. (CVE-2011-3552)
This erratum also upgrades the OpenJDK package to IcedTea6 1.9.10. Refer to the NEWS file, linked to in the References, for further information.
All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
- Bugs fixed (http://bugzilla.redhat.com/):
737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) 745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936) 745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600) 745391 - CVE-2011-3551 OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640) 745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417) 745399 - CVE-2011-3544 OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823) 745442 - CVE-2011-3521 OpenJDK: IIOP deserialization code execution (Deserialization, 7055902) 745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857) 745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466) 745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012) 745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773) 745476 - CVE-2011-3553 OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794) 745492 - CVE-2011-3558 OpenJDK: Hotspot unspecified issue (Hotspot, 7070134)
- Package List:
Red Hat Enterprise Linux Desktop (v. 5 client):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.src.rpm
i386: java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm
x86_64: java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.src.rpm
i386: java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm
x86_64: java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm
Red Hat Enterprise Linux Desktop (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm
i386: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm
x86_64: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm
i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm
x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm
x86_64: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm
x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm
i386: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm
x86_64: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm
i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm
x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm
i386: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm
x86_64: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm
i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm
x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-3389.html https://www.redhat.com/security/data/cve/CVE-2011-3521.html https://www.redhat.com/security/data/cve/CVE-2011-3544.html https://www.redhat.com/security/data/cve/CVE-2011-3547.html https://www.redhat.com/security/data/cve/CVE-2011-3548.html https://www.redhat.com/security/data/cve/CVE-2011-3551.html https://www.redhat.com/security/data/cve/CVE-2011-3552.html https://www.redhat.com/security/data/cve/CVE-2011-3553.html https://www.redhat.com/security/data/cve/CVE-2011-3554.html https://www.redhat.com/security/data/cve/CVE-2011-3556.html https://www.redhat.com/security/data/cve/CVE-2011-3557.html https://www.redhat.com/security/data/cve/CVE-2011-3558.html https://www.redhat.com/security/data/cve/CVE-2011-3560.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html http://icedtea.classpath.org/hg/release/icedtea6-1.9/file/328afd896e3e/NEWS
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFOngvzXlSAg2UNWIIRArb8AKCaS923HYBco1E2eOOedT1aefjmyACgherU 1E1DMZpv3ExBmKhD4Emi2no= =sMXo -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201110-0387", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jdk", "scope": "eq", "trust": 1.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre", "scope": "eq", "trust": 1.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre", "scope": "eq", "trust": 1.6, "vendor": "sun", "version": "1.4.2_22" }, { "model": "jre", "scope": "eq", "trust": 1.6, "vendor": "sun", "version": "1.4.2_19" }, { "model": "jre", "scope": "eq", "trust": 1.6, "vendor": "sun", "version": "1.4.2_25" }, { "model": "jre", "scope": "eq", "trust": 1.6, "vendor": "sun", "version": "1.5.0" }, { "model": "jre", "scope": "eq", "trust": 1.6, "vendor": "sun", "version": "1.4.2_20" }, { "model": "jre", "scope": "eq", "trust": 1.6, "vendor": "sun", "version": "1.4.2_23" }, { "model": "jre", "scope": "eq", "trust": 1.6, "vendor": "sun", "version": "1.4.2_24" }, { "model": "jre", "scope": "eq", "trust": 1.6, "vendor": "sun", "version": "1.4.2_26" }, { "model": "jre", "scope": "eq", "trust": 1.6, "vendor": "sun", "version": "1.4.2_18" }, { "model": "jre", "scope": "eq", "trust": 1.6, "vendor": "sun", "version": "1.4.2_21" }, { "model": "jre", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "jdk", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_22" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_26" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_17" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_6" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_17" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_6" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_27" }, { "model": "jrockit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "r28.1.3" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_27" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_1" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_1" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_18" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_7" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_7" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_25" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_31" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_31" }, { "model": "jrockit", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "r28.1.4" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_21" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_4" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_4" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_28" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_28" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_11" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_11" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_2" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_2" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_10" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_10" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_16" }, { "model": "jrockit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "r28.1.1" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_16" }, { "model": "jrockit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "r28.1.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_14" }, { "model": "jrockit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "r28.0.2" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_14" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_12" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_12" }, { "model": "jrockit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "r28.0.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_29" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_29" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_20" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_24" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_5" }, { "model": "jre", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.4.2_33" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_5" }, { "model": "jdk", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.4.2_33" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_8" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_8" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_32" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_32" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_15" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_15" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_30" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_30" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_3" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_3" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_9" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_9" }, { "model": "jre", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jdk", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_23" }, { "model": "jrockit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "r28.0.1" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_19" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_13" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_13" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.7.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.7.0" }, { "model": "jre 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.5.0 32", "scope": "ne", "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 08", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "sdk 1.4.2 30", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 24", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.6.0 28", "scope": "ne", "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.4.2 30", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 17", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 16", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 08", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 1.5.0 32", "scope": "ne", "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.4.2 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.5.0 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 27", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 23", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 22", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 18", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 1.4.2 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.4.2 32", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 28", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 12", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 1.4.2 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 22", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 27", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "sdk 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.4.2 12", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 24", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 09", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 16", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 12", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 1.4.2 12", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.5.0 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.7" }, { "model": "jre 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.4.2 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 01", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 1.5.0 28", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.4.2 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 22", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.4.2 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 1.5.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 28", "scope": "ne", "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "sdk 09", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.4.2 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 23", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.4.2 17", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 10", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 28", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 1.4.2 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.4.2 33", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 26", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 30", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 26", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 24", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 1.4.2 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 22", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 11", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.4.2 16", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 18", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.7" }, { "model": "sdk 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "sdk 1.4.2 16", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 17", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 24", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "sdk 1.4.2 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 30", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "sdk 1.4.2 33", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "sdk 1.4.2 32", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk .0 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 0 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 24", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "jdk 1.5.0.0 11", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.5.0.0 09", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 11-b03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0 12", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 28", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk .0 04", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 01-b06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.6" }, { "model": "jdk .0 03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0.0 08", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0.0 09", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.5.0.0 07", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 2", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 01", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 27", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 07-b03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0.0 08", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 20", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0.0 12", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "cosminexus server web edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux enterprise for sap applications sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "java se sr8 fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8" }, { "model": "linux enterprise sdk sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "trio tview software", "scope": "eq", "trust": 0.3, "vendor": "schneider electric", "version": "3.27.0" }, { "model": "jrockit r27.6.0-50", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.5.015" }, { "model": "antivirus update19", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "processing kit for xml", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.16.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.1" }, { "model": "nonstop server h06.19.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr11 pf1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "enterprise linux as extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.225" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.10" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "jdk 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "nonstop server j06.08.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus studio web edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "nonstop server h06.15.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.06" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "trio tview software", "scope": "ne", "trust": 0.3, "vendor": "schneider electric", "version": "3.29.0" }, { "model": "nonstop server j06.06.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "15.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1" }, { "model": "nonstop server j06.14", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "sdk 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "jrockit r27.6.2", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "jrockit r27.6.5", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "antivirus update17", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5" }, { "model": "ucosminexus application server express", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-70" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.8" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server j06.09.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.26", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.06" }, { "model": "systems insight manager sp2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "systems insight manager sp1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "java se sr10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "nonstop server j06.04.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system platform sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.2" }, { "model": "nonstop server j06.13", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr13", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "linux enterprise server sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "java se sr12", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.0" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "nonstop server j06.09.04", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.2" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "jre 27", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0.0.52" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "cosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "nonstop server h06.18.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.15.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.22.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.014" }, { "model": "nonstop server j06.12.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "ir", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "esx", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.5" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "jrockit r27.6.9", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server j06.05.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.011" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.02" }, { "model": "nonstop server j06.08.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus server standard edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server j06.09.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jrockit r27.6.3", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "systems insight manager sp5", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "jdk update14", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "antivirus update23", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.220" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "jdk update24", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.01" }, { "model": "nonstop server j06.16", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "systems insight manager sp1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.1" }, { "model": "ucosminexus client for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "java se sr6", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "nonstop server j6.0.14.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "freeflow print server 73.c0.41", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.011" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.2" }, { "model": "enterprise linux desktop supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "jrockit r27.1.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "antivirus update14", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "010" }, { "model": "enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "jrockit r28.1.4", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 11", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "ucosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "ucosminexus service platform messaging", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "antivirus update22", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "antivirus update24", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0" }, { "model": "nonstop server j06.07.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2011" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "nonstop server j06.09.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk 1.5.0.0 04", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "jrockit r28.0.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "nonstop server j06.10.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "jrockit r27.6.6", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "nonstop server j06.06.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.96" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.012" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "nonstop server h06.24.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "jdk 1.5.0.0 06", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.3" }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.0" }, { "model": "jrockit r27.6.8", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.223" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.219" }, { "model": "nonstop server h06.25", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "messaging storage server sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.012" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.04" }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.0.2" }, { "model": "ucosminexus application server light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.15.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "freeflow print server 73.b3.61", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "linux enterprise software development kit sp1 for sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "antivirus update16", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.04" }, { "model": "antivirus update18", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "enterprise linux for sap server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "virtualcenter update 6b", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "2.5" }, { "model": "java se sr12-fp5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "openjdk", "scope": "eq", "trust": 0.3, "vendor": "openjdk", "version": "6" }, { "model": "security appscan standard", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "jre 1.5.0 09", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "enterprise linux ws extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "java se sr9", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0" }, { "model": "jrockit r28.1.1", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "enterprise linux es extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "jre beta", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "nonstop server j06.07.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "message networking sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux enterprise server for vmware sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "openjdk", "scope": "eq", "trust": 0.3, "vendor": "openjdk", "version": "1.6" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.010" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.013" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "jrockit r27.6.4", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "nonstop server j06.08.04", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.08.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura system manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "messaging storage server sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "esx", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "enterprise server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "jdk 07", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "systems insight manager update", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.31" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.015" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.010" }, { "model": "nonstop server h06.15.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.24", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.013" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.018" }, { "model": "cosminexus primary server base", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.019" }, { "model": "antivirus update20", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "java se sr10", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "nonstop server h06.16.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus developer professional for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.18.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.20.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "enterprise linux hpc node optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "java se sr11", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.6" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.015" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "systems insight manager sp2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.2" }, { "model": "systems insight manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "nonstop server j06.13.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update13", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "nonstop server h06.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.014" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.019" }, { "model": "enterprise server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "jdk 1.5.0 11-b03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "nonstop server h06.19.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "java se sr7", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "java se sr13-fp10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "esx", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "antivirus update21", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "jdk update16", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "jrockit r28.0.1", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "jdk update19", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "openpages grc platform", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.2.1" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "nonstop server h06.22.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "enterprise linux workstation optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "jrockit r28.1.3", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "systems insight manager sp3", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.020" }, { "model": "enterprise linux as for sap", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "cosminexus studio standard edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "nonstop server h06.19.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update23", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "linux enterprise server sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.03" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.7" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.05" }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.1" }, { "model": "jre 28", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.020" }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "interactive response", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.1" }, { "model": "nonstop server j06.11.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr9-fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0" }, { "model": "nonstop server j06.15", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.03" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2011" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "2008" }, { "model": "messaging application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "update manager update", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "5.01" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.226" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.21.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "virtualcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5" }, { "model": "jrockit r27.6.7", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "systems insight manager sp2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "antivirus update25", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "nonstop server h06.20.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "jre 10-b03", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "jrockit r27.6.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-80" }, { "model": "cosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.2" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0" }, { "model": "messaging storage server sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "nonstop server j06.05.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jre 07", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "nonstop server j06.07.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cms server aux", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "15.0" }, { "model": "nonstop server h06.21.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server h06.19.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk 0 09", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "linux enterprise java sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "jre 1.5.0 08", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "hirdb for java", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.2" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.10" }, { "model": "ucosminexus application server smart edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.227" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.7" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.224" }, { "model": "nonstop server j06.11.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "nonstop server h06.26.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "cosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "linux enterprise server sp1 for sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.221" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.021" }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "enterprise linux server optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "desktop extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "systems insight manager sp6", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "nonstop server j06.04.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "nonstop server j06.04.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "nonstop server j06.06.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus primary server base", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.016" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "nonstop server h06.21.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.021" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.07" }, { "model": "nonstop server j06.06.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.17.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk 1.5.0 07-b03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "jdk update25", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "jdk update21", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.016" }, { "model": "linux enterprise software development kit sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "systems insight manager sp1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "java se sr13-fp11", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.4.2" }, { "model": "network node manager i", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.1" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.018" }, { "model": "update manager", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura system platform sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "jdk 1.6.0 01-b06", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "cosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.07" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "enterprise linux sap", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "nonstop server h06.20.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "nonstop server j06.10.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "enterprise linux desktop optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server h06.17.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.017" }, { "model": "enterprise linux hpc node supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "ucosminexus application server standard-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "nonstop server h06.16.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update17", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "jdk 1.5.0.0 03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.4" }, { "model": "antivirus update15", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.5.0" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.2" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "nonstop server j06.05.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "linux enterprise java sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "sdk 02", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.017" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "jdk update22", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "antivirus", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.4.222" }, { "model": "java se sr1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "nonstop server h06.20.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update15", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "cosminexus developer no version", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5" }, { "model": "jdk 0 03", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "jdk update18", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "jdk update20", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "nonstop server j06.09.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0.1" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "nonstop server h06.17.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.08.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura conferencing standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "nonstop server j06.10.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "nonstop server h06.25.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.18.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus application server no version", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.27", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.05" }, { "model": "nonstop server h06.17.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.14.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.2" } ], "sources": [ { "db": "CERT/CC", "id": "VU#597809" }, { "db": "BID", "id": "50231" }, { "db": "CNNVD", "id": "CNNVD-201110-481" }, { "db": "NVD", "id": "CVE-2011-3556" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Oracle", "sources": [ { "db": "CNNVD", "id": "CNNVD-201110-481" } ], "trust": 0.6 }, "cve": "CVE-2011-3556", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2011-3556", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.1, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "availabilityRequirement": "NOT DEFINED", "baseScore": 10.0, "collateralDamagePotential": "NOT DEFINED", "confidentialityImpact": "COMPLETE", "confidentialityRequirement": "NOT DEFINED", "enviromentalScore": 2.4, "exploitability": "FUNCTIONAL", "exploitabilityScore": 10.0, "id": "CVE-2011-3556", "impactScore": 10.0, "integrityImpact": "COMPLETE", "integrityRequirement": "NOT DEFINED", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "remediationLevel": "UNAVAILABLE", "reportConfidence": "CONFIRMED", "severity": "HIGH", "targetDistribution": "LOW", "trust": 0.8, "userInteractionRequired": null, "vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2011-3556", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2011-3556", "trust": 0.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201110-481", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2011-3556", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#597809" }, { "db": "VULMON", "id": "CVE-2011-3556" }, { "db": "CNNVD", "id": "CNNVD-201110-481" }, { "db": "NVD", "id": "CVE-2011-3556" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI, a different vulnerability than CVE-2011-3557. IBM ServeRAID Manager version 9.30-17006 and prior exposes a Java RMI that allows a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Oracle Java SE is prone to a remote vulnerability in Java Runtime Environment. \nThe vulnerability can be exploited over multiple protocols. This issue affects the \u0027RMI\u0027 sub-component. \nThis vulnerability affects the following supported versions:\nJDK and JRE 7, 6 Update 27, 5.0 Update 31, 1.4.2_33, JRockit R28.1.4. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nHitachi Cosminexus Products Java Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA46694\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46694/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46694\n\nRELEASE DATE:\n2011-11-08\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46694/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46694/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46694\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nHitachi has acknowledged multiple vulnerabilities in Hitachi\nCosminexus products, which can be exploited by malicious users to\ndisclose certain information and by malicious people to disclose\npotentially sensitive information, hijack a user\u0027s session, conduct\nDNS cache poisoning attacks, manipulate certain data, cause a DoS\n(Denial of Service), and compromise a vulnerable system. \n\nThe vulnerabilities are caused due to vulnerabilities in the bundled\nversion of Cosminexus Developer\u0027s Kit for Java. \n\nFor more information:\nSA46512\n\nPlease see the vendor\u0027s advisory for a list of affected products. \n\nSOLUTION:\nUpdate to a fixed version. Please see the vendor\u0027s advisory for\ndetails. \n\nORIGINAL ADVISORY:\nhttp://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-024/index.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. In a typical operating environment, these are of low security risk as\nthe runtime is not used on untrusted applets. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201406-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: IcedTea JDK: Multiple vulnerabilities\n Date: June 29, 2014\n Bugs: #312297, #330205, #340819, #346799, #352035, #353418,\n #354231, #355127, #370787, #387637, #404095, #421031,\n #429522, #433389, #438750, #442478, #457206, #458410,\n #461714, #466822, #477210, #489570, #508270\n ID: 201406-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in the IcedTea JDK, the worst\nof which could lead to arbitrary code execution. \n\nBackground\n==========\n\nIcedTea is a distribution of the Java OpenJDK source code built with\nfree build tools. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-java/icedtea-bin \u003c 6.1.13.3 \u003e= 6.1.13.3 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in the IcedTea JDK. \nPlease review the CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll IcedTea JDK users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-java/icedtea-bin-6.1.13.3\"\n\nReferences\n==========\n\n[ 1 ] CVE-2009-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555\n[ 2 ] CVE-2010-2548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2548\n[ 3 ] CVE-2010-2783\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2783\n[ 4 ] CVE-2010-3541\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541\n[ 5 ] CVE-2010-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548\n[ 6 ] CVE-2010-3549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549\n[ 7 ] CVE-2010-3551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551\n[ 8 ] CVE-2010-3553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553\n[ 9 ] CVE-2010-3554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554\n[ 10 ] CVE-2010-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557\n[ 11 ] CVE-2010-3561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561\n[ 12 ] CVE-2010-3562\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562\n[ 13 ] CVE-2010-3564\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3564\n[ 14 ] CVE-2010-3565\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565\n[ 15 ] CVE-2010-3566\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566\n[ 16 ] CVE-2010-3567\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567\n[ 17 ] CVE-2010-3568\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568\n[ 18 ] CVE-2010-3569\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569\n[ 19 ] CVE-2010-3573\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573\n[ 20 ] CVE-2010-3574\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574\n[ 21 ] CVE-2010-3860\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3860\n[ 22 ] CVE-2010-4351\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4351\n[ 23 ] CVE-2010-4448\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448\n[ 24 ] CVE-2010-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450\n[ 25 ] CVE-2010-4465\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465\n[ 26 ] CVE-2010-4467\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467\n[ 27 ] CVE-2010-4469\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469\n[ 28 ] CVE-2010-4470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470\n[ 29 ] CVE-2010-4471\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471\n[ 30 ] CVE-2010-4472\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472\n[ 31 ] CVE-2010-4476\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476\n[ 32 ] CVE-2011-0025\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0025\n[ 33 ] CVE-2011-0706\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0706\n[ 34 ] CVE-2011-0815\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815\n[ 35 ] CVE-2011-0822\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0822\n[ 36 ] CVE-2011-0862\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862\n[ 37 ] CVE-2011-0864\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864\n[ 38 ] CVE-2011-0865\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865\n[ 39 ] CVE-2011-0868\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868\n[ 40 ] CVE-2011-0869\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869\n[ 41 ] CVE-2011-0870\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0870\n[ 42 ] CVE-2011-0871\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871\n[ 43 ] CVE-2011-0872\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872\n[ 44 ] CVE-2011-3389\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389\n[ 45 ] CVE-2011-3521\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521\n[ 46 ] CVE-2011-3544\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544\n[ 47 ] CVE-2011-3547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547\n[ 48 ] CVE-2011-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548\n[ 49 ] CVE-2011-3551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551\n[ 50 ] CVE-2011-3552\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552\n[ 51 ] CVE-2011-3553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553\n[ 52 ] CVE-2011-3554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554\n[ 53 ] CVE-2011-3556\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556\n[ 54 ] CVE-2011-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557\n[ 55 ] CVE-2011-3558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558\n[ 56 ] CVE-2011-3560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560\n[ 57 ] CVE-2011-3563\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563\n[ 58 ] CVE-2011-3571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3571\n[ 59 ] CVE-2011-5035\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035\n[ 60 ] CVE-2012-0497\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497\n[ 61 ] CVE-2012-0501\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501\n[ 62 ] CVE-2012-0502\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502\n[ 63 ] CVE-2012-0503\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503\n[ 64 ] CVE-2012-0505\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505\n[ 65 ] CVE-2012-0506\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506\n[ 66 ] CVE-2012-0547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547\n[ 67 ] CVE-2012-1711\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711\n[ 68 ] CVE-2012-1713\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713\n[ 69 ] CVE-2012-1716\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716\n[ 70 ] CVE-2012-1717\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717\n[ 71 ] CVE-2012-1718\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718\n[ 72 ] CVE-2012-1719\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719\n[ 73 ] CVE-2012-1723\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723\n[ 74 ] CVE-2012-1724\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724\n[ 75 ] CVE-2012-1725\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725\n[ 76 ] CVE-2012-1726\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726\n[ 77 ] CVE-2012-3216\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216\n[ 78 ] CVE-2012-3422\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3422\n[ 79 ] CVE-2012-3423\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3423\n[ 80 ] CVE-2012-4416\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416\n[ 81 ] CVE-2012-4540\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4540\n[ 82 ] CVE-2012-5068\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068\n[ 83 ] CVE-2012-5069\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069\n[ 84 ] CVE-2012-5070\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070\n[ 85 ] CVE-2012-5071\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071\n[ 86 ] CVE-2012-5072\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072\n[ 87 ] CVE-2012-5073\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073\n[ 88 ] CVE-2012-5074\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074\n[ 89 ] CVE-2012-5075\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075\n[ 90 ] CVE-2012-5076\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076\n[ 91 ] CVE-2012-5077\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077\n[ 92 ] CVE-2012-5081\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081\n[ 93 ] CVE-2012-5084\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084\n[ 94 ] CVE-2012-5085\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085\n[ 95 ] CVE-2012-5086\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086\n[ 96 ] CVE-2012-5087\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087\n[ 97 ] CVE-2012-5089\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089\n[ 98 ] CVE-2012-5979\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5979\n[ 99 ] CVE-2013-0169\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169\n[ 100 ] CVE-2013-0401\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401\n[ 101 ] CVE-2013-0424\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0424\n[ 102 ] CVE-2013-0425\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0425\n[ 103 ] CVE-2013-0426\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0426\n[ 104 ] CVE-2013-0427\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0427\n[ 105 ] CVE-2013-0428\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0428\n[ 106 ] CVE-2013-0429\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0429\n[ 107 ] CVE-2013-0431\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0431\n[ 108 ] CVE-2013-0432\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0432\n[ 109 ] CVE-2013-0433\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0433\n[ 110 ] CVE-2013-0434\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0434\n[ 111 ] CVE-2013-0435\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0435\n[ 112 ] CVE-2013-0440\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0440\n[ 113 ] CVE-2013-0441\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0441\n[ 114 ] CVE-2013-0442\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0442\n[ 115 ] CVE-2013-0443\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0443\n[ 116 ] CVE-2013-0444\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0444\n[ 117 ] CVE-2013-0450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0450\n[ 118 ] CVE-2013-0809\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809\n[ 119 ] CVE-2013-1475\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1475\n[ 120 ] CVE-2013-1476\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1476\n[ 121 ] CVE-2013-1478\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1478\n[ 122 ] CVE-2013-1480\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1480\n[ 123 ] CVE-2013-1484\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484\n[ 124 ] CVE-2013-1485\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485\n[ 125 ] CVE-2013-1486\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486\n[ 126 ] CVE-2013-1488\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488\n[ 127 ] CVE-2013-1493\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493\n[ 128 ] CVE-2013-1500\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500\n[ 129 ] CVE-2013-1518\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518\n[ 130 ] CVE-2013-1537\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537\n[ 131 ] CVE-2013-1557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557\n[ 132 ] CVE-2013-1569\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569\n[ 133 ] CVE-2013-1571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571\n[ 134 ] CVE-2013-2383\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383\n[ 135 ] CVE-2013-2384\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384\n[ 136 ] CVE-2013-2407\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407\n[ 137 ] CVE-2013-2412\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412\n[ 138 ] CVE-2013-2415\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415\n[ 139 ] CVE-2013-2417\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417\n[ 140 ] CVE-2013-2419\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419\n[ 141 ] CVE-2013-2420\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420\n[ 142 ] CVE-2013-2421\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421\n[ 143 ] CVE-2013-2422\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422\n[ 144 ] CVE-2013-2423\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423\n[ 145 ] CVE-2013-2424\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424\n[ 146 ] CVE-2013-2426\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426\n[ 147 ] CVE-2013-2429\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429\n[ 148 ] CVE-2013-2430\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430\n[ 149 ] CVE-2013-2431\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431\n[ 150 ] CVE-2013-2436\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436\n[ 151 ] CVE-2013-2443\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443\n[ 152 ] CVE-2013-2444\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444\n[ 153 ] CVE-2013-2445\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445\n[ 154 ] CVE-2013-2446\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446\n[ 155 ] CVE-2013-2447\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447\n[ 156 ] CVE-2013-2448\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448\n[ 157 ] CVE-2013-2449\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449\n[ 158 ] CVE-2013-2450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450\n[ 159 ] CVE-2013-2451\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451\n[ 160 ] CVE-2013-2452\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452\n[ 161 ] CVE-2013-2453\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453\n[ 162 ] CVE-2013-2454\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454\n[ 163 ] CVE-2013-2455\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455\n[ 164 ] CVE-2013-2456\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456\n[ 165 ] CVE-2013-2457\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457\n[ 166 ] CVE-2013-2458\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458\n[ 167 ] CVE-2013-2459\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459\n[ 168 ] CVE-2013-2460\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460\n[ 169 ] CVE-2013-2461\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461\n[ 170 ] CVE-2013-2463\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463\n[ 171 ] CVE-2013-2465\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465\n[ 172 ] CVE-2013-2469\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469\n[ 173 ] CVE-2013-2470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470\n[ 174 ] CVE-2013-2471\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471\n[ 175 ] CVE-2013-2472\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472\n[ 176 ] CVE-2013-2473\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473\n[ 177 ] CVE-2013-3829\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829\n[ 178 ] CVE-2013-4002\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4002\n[ 179 ] CVE-2013-5772\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772\n[ 180 ] CVE-2013-5774\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774\n[ 181 ] CVE-2013-5778\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778\n[ 182 ] CVE-2013-5780\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780\n[ 183 ] CVE-2013-5782\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782\n[ 184 ] CVE-2013-5783\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783\n[ 185 ] CVE-2013-5784\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784\n[ 186 ] CVE-2013-5790\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790\n[ 187 ] CVE-2013-5797\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797\n[ 188 ] CVE-2013-5800\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800\n[ 189 ] CVE-2013-5802\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802\n[ 190 ] CVE-2013-5803\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803\n[ 191 ] CVE-2013-5804\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804\n[ 192 ] CVE-2013-5805\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805\n[ 193 ] CVE-2013-5806\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806\n[ 194 ] CVE-2013-5809\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809\n[ 195 ] CVE-2013-5814\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814\n[ 196 ] CVE-2013-5817\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817\n[ 197 ] CVE-2013-5820\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820\n[ 198 ] CVE-2013-5823\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823\n[ 199 ] CVE-2013-5825\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825\n[ 200 ] CVE-2013-5829\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829\n[ 201 ] CVE-2013-5830\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830\n[ 202 ] CVE-2013-5840\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840\n[ 203 ] CVE-2013-5842\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842\n[ 204 ] CVE-2013-5849\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849\n[ 205 ] CVE-2013-5850\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850\n[ 206 ] CVE-2013-5851\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851\n[ 207 ] CVE-2013-6629\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6629\n[ 208 ] CVE-2013-6954\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6954\n[ 209 ] CVE-2014-0429\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0429\n[ 210 ] CVE-2014-0446\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0446\n[ 211 ] CVE-2014-0451\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0451\n[ 212 ] CVE-2014-0452\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0452\n[ 213 ] CVE-2014-0453\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0453\n[ 214 ] CVE-2014-0456\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0456\n[ 215 ] CVE-2014-0457\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0457\n[ 216 ] CVE-2014-0458\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0458\n[ 217 ] CVE-2014-0459\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0459\n[ 218 ] CVE-2014-0460\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0460\n[ 219 ] CVE-2014-0461\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0461\n[ 220 ] CVE-2014-1876\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1876\n[ 221 ] CVE-2014-2397\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2397\n[ 222 ] CVE-2014-2398\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2398\n[ 223 ] CVE-2014-2403\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2403\n[ 224 ] CVE-2014-2412\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2412\n[ 225 ] CVE-2014-2414\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2414\n[ 226 ] CVE-2014-2421\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2421\n[ 227 ] CVE-2014-2423\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2423\n[ 228 ] CVE-2014-2427\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2427\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201406-32.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-1263-1\nNovember 16, 2011\n\nicedtea-web, openjdk-6, openjdk-6b18 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 11.10\n- Ubuntu 11.04\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n\nSummary:\n\nMultiple OpenJDK 6 and IcedTea-Web vulnerabilities have been fixed. \n\nSoftware Description:\n- icedtea-web: A web browser plugin to execute Java applets\n- openjdk-6: Open Source Java implementation\n- openjdk-6b18: Open Source Java implementation\n\nDetails:\n\nDeepak Bhole discovered a flaw in the Same Origin Policy (SOP)\nimplementation in the IcedTea web browser plugin. This could allow a\nremote attacker to open connections to certain hosts that should\nnot be permitted. (CVE-2011-3377)\n\nJuliano Rizzo and Thai Duong discovered that the block-wise AES\nencryption algorithm block-wise as used in TLS/SSL was vulnerable to\na chosen-plaintext attack. This could allow a remote attacker to view\nconfidential data. (CVE-2011-3521)\n\nIt was discovered that the Java scripting engine did not perform\nSecurityManager checks. (CVE-2011-3544)\n\nIt was discovered that the InputStream class used a global buffer to\nstore input bytes skipped. (CVE-2011-3547)\n\nIt was discovered that a vulnerability existed in the AWTKeyStroke\nclass. (CVE-2011-3548)\n\nIt was discovered that an integer overflow vulnerability existed\nin the TransformHelper class in the Java2D implementation. \n(CVE-2011-3556, CVE-2011-3557)\n\nIt was discovered that the HotSpot VM could be made to crash, allowing\nan attacker to cause a denial of service or possibly leak sensitive\ninformation. (CVE-2011-3558)\n\nIt was discovered that the HttpsURLConnection class did not\nproperly perform SecurityManager checks in certain situations. This\ncould allow a remote attacker to bypass restrictions on HTTPS\nconnections. (CVE-2011-3560)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 11.10:\n icedtea-6-jre-cacao 6b23~pre11-0ubuntu1.11.10\n icedtea-6-jre-jamvm 6b23~pre11-0ubuntu1.11.10\n icedtea-netx 1.1.3-1ubuntu1.1\n icedtea-plugin 1.1.3-1ubuntu1.1\n openjdk-6-jre 6b23~pre11-0ubuntu1.11.10\n openjdk-6-jre-headless 6b23~pre11-0ubuntu1.11.10\n openjdk-6-jre-lib 6b23~pre11-0ubuntu1.11.10\n openjdk-6-jre-zero 6b23~pre11-0ubuntu1.11.10\n\nUbuntu 11.04:\n icedtea-6-jre-cacao 6b22-1.10.4-0ubuntu1~11.04.1\n icedtea-6-jre-jamvm 6b22-1.10.4-0ubuntu1~11.04.1\n icedtea-netx 1.1.1-0ubuntu1~11.04.2\n icedtea-plugin 1.1.1-0ubuntu1~11.04.2\n openjdk-6-jre 6b22-1.10.4-0ubuntu1~11.04.1\n openjdk-6-jre-headless 6b22-1.10.4-0ubuntu1~11.04.1\n openjdk-6-jre-lib 6b22-1.10.4-0ubuntu1~11.04.1\n openjdk-6-jre-zero 6b22-1.10.4-0ubuntu1~11.04.1\n\nUbuntu 10.10:\n icedtea-6-jre-cacao 6b20-1.9.10-0ubuntu1~10.10.2\n openjdk-6-demo 6b20-1.9.10-0ubuntu1~10.10.2\n openjdk-6-jdk 6b20-1.9.10-0ubuntu1~10.10.2\n openjdk-6-jre 6b20-1.9.10-0ubuntu1~10.10.2\n openjdk-6-jre-headless 6b20-1.9.10-0ubuntu1~10.10.2\n openjdk-6-jre-lib 6b20-1.9.10-0ubuntu1~10.10.2\n openjdk-6-jre-zero 6b20-1.9.10-0ubuntu1~10.10.2\n\nUbuntu 10.04 LTS:\n icedtea-6-jre-cacao 6b20-1.9.10-0ubuntu1~10.04.2\n icedtea6-plugin 6b20-1.9.10-0ubuntu1~10.04.2\n openjdk-6-demo 6b20-1.9.10-0ubuntu1~10.04.2\n openjdk-6-jre 6b20-1.9.10-0ubuntu1~10.04.2\n openjdk-6-jre-headless 6b20-1.9.10-0ubuntu1~10.04.2\n openjdk-6-jre-lib 6b20-1.9.10-0ubuntu1~10.04.2\n openjdk-6-jre-zero 6b20-1.9.10-0ubuntu1~10.04.2\n\nAfter a standard system update you need to restart any Java applications\nor applets to make all the necessary changes. \n \n IcedTea6 prior to 1.10.4 allows remote attackers to affect\n confidentiality, integrity, and availability via unknown vectors\n related to 2D (CVE-2011-3551). \n \n IcedTea6 prior to 1.10.4 allows remote attackers to affect integrity\n via unknown vectors related to Networking (CVE-2011-3552). \n \n IcedTea6 prior to 1.10.4 allows remote authenticated users to affect\n confidentiality, related to JAXWS (CVE-2011-3553). \n \n IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start\n applications and untrusted Java applets to affect confidentiality\n via unknown vectors related to HotSpot (CVE-2011-3558). A\n malicious applet could use this flaw to bypass SOP protection and\n open connections to any sub-domain of the second-level domain of\n the applet\u0026#039;s origin, as well as any sub-domain of the domain that\n is the suffix of the origin second-level domain. For example,\n IcedTea-Web plugin allowed applet from some.host.example.com to\n connect to other.host.example.com, www.example.com, and example.com,\n as well as www.ample.com or ample.com. (CVE-2011-3377). The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niD8DBQFOvSWxmqjQ0CJFipgRAnk1AKDUddZYCqwkfhoUpLxEL0BT3mDf0ACfbuTI\naaF2JGTyfceBABs92un/yVA=\n=yPsD\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 5.0.24 or earlier\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2011-3521 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3545 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3547 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2011-3548 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3549 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3552 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6\nCVE-2011-3554 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3556 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2011-3557 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2011-3560 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2011-3563 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4\nCVE-2012-0498 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2012-0499 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2012-0501 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2012-0502 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4\nCVE-2012-0503 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2012-0505 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2012-0506 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2012-0507 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following Java version upgrades to resolve these vulnerabilities. \nThe upgrades are available from the following location\n\nhttp://www.hp.com/go/java\n\nHP-UX B.11.11, B.11.23, B.11.31\n JDK and JRE v5.0.25 or subsequent\n\nMANUAL ACTIONS: Yes - Update\nFor Java v5.0.24 and earlier, update to Java v5.0.25 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\nHP-UX B.11.23\nHP-UX B.11.31\n===========\nJdk15.JDK15\nJdk15.JDK15-COM\nJdk15.JDK15-DEMO\nJdk15.JDK15-IPF32\nJdk15.JDK15-IPF64\nJdk15.JDK15-COM\nJdk15.JDK15-DEMO\nJdk15.JDK15-PA20\nJdk15.JDK15-PA20W\nJre15.JRE15\nJre15.JRE15-COM\nJre15.JRE15-IPF32\nJre15.JRE15-IPF32-HS\nJre15.JRE15-IPF64\nJre15.JRE15-IPF64-HS\nJre15.JRE15-PA20\nJre15.JRE15-PA20-HS\nJre15.JRE15-PA20W\nJre15.JRE15-PA20W-HS\naction: install revision 1.5.0.25.00 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) 2 April 2012 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in the title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac\nOS X 10.6 Update 6\n\nJava for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6\nare now available and address the following:\n\nJava\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nMac OS X v10.7.2, Mac OS X Server v10.7.2\nImpact: Multiple vulnerabilities in Java 1.6.0_26\nDescription: Multiple vulnerabilities exist in Java 1.6.0_26, the\nmost serious of which may allow an untrusted Java applet to execute\narbitrary code outside the Java sandbox. \nThese issues are addressed by updating to Java version 1.6.0_29. \nFurther information is available via the Java website at\nhttp://java.sun.com/javase/6/webnotes/ReleaseNotes.html\nCVE-ID\nCVE-2011-3389\nCVE-2011-3521\nCVE-2011-3544\nCVE-2011-3545\nCVE-2011-3546\nCVE-2011-3547\nCVE-2011-3548\nCVE-2011-3549\nCVE-2011-3551\nCVE-2011-3552\nCVE-2011-3553\nCVE-2011-3554\nCVE-2011-3556\nCVE-2011-3557\nCVE-2011-3558\nCVE-2011-3560\nCVE-2011-3561\n\nJava for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6\nmay be obtained from the Software Update pane in System Preferences,\nor Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nFor Mac OS X v10.6 systems\nThe download file is named: JavaForMacOSX10.6.dmg\nIts SHA-1 digest is: be0ac75b8bac967f1d39a94ebf9482a61fb7d70b\n\nFor Mac OS X v10.7 systems\nThe download file is named: JavaForMacOSX10.7.dmg\nIts SHA-1 digest is: 7768e6aeb5adaa638c74d4c04150517ed99fed20\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.16 (Darwin)\n\niQEcBAEBAgAGBQJOuZNKAAoJEGnF2JsdZQeece8H/1I98YQ1LF4iDD442zB+WjZP\n2Vxd3euXYwySD6qDCYNLJ0hUKu90c/4nr5d5rRH3xYdBzAHuZG39m069lpN1UZIW\nt5ube+j9zjiejnXlPbAgq+vIAg22nu0EdxhOOZZeQOoEYqyoKhXNCt3fR+tzo3o4\nmN/LWMO1NwrM0sGDPuUGs2TWdPZbC4QJJz4Z4S+FsTlujYh9MRd3dyxLBIg7BKCL\nwgnFdpFW8bPmVdiTj91pC0Gb3XtolQxexXGHsdI15KeFMbQ06nKV/AyvxMF8O5jS\nD089GEHE52NAQCZ0YJ6TJsisrGqTZZ77js55cPU259FogxEKKBuwfdFbn4qVeD8=\n=4KBF\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: java-1.6.0-openjdk security update\nAdvisory ID: RHSA-2011:1380-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2011-1380.html\nIssue date: 2011-10-18\nCVE Names: CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 \n CVE-2011-3547 CVE-2011-3548 CVE-2011-3551 \n CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 \n CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 \n CVE-2011-3560 \n=====================================================================\n\n1. Summary:\n\nUpdated java-1.6.0-openjdk packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5 and 6. \n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux (v. 5 server) - i386, x86_64\nRed Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit. \n\nA flaw was found in the Java RMI (Remote Method Invocation) registry\nimplementation. (CVE-2011-3556)\n\nA flaw was found in the Java RMI registry implementation. A remote RMI\nclient could use this flaw to execute code on the RMI server with\nunrestricted privileges. (CVE-2011-3557)\n\nA flaw was found in the IIOP (Internet Inter-Orb Protocol) deserialization\ncode. An untrusted Java application or applet running in a sandbox could\nuse this flaw to bypass sandbox restrictions by deserializing\nspecially-crafted input. (CVE-2011-3521)\n\nIt was found that the Java ScriptingEngine did not properly restrict the\nprivileges of sandboxed applications. An untrusted Java application or\napplet running in a sandbox could use this flaw to bypass sandbox\nrestrictions. (CVE-2011-3544)\n\nA flaw was found in the AWTKeyStroke implementation. An untrusted Java\napplication or applet running in a sandbox could use this flaw to bypass\nsandbox restrictions. (CVE-2011-3548)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the Java2D code used to perform transformations of graphic shapes\nand images. An untrusted Java application or applet running in a sandbox\ncould use this flaw to bypass sandbox restrictions. (CVE-2011-3551)\n\nAn insufficient error checking flaw was found in the unpacker for JAR files\nin pack200 format. A specially-crafted JAR file could use this flaw to\ncrash the Java Virtual Machine (JVM) or, possibly, execute arbitrary code\nwith JVM privileges. (CVE-2011-3554)\n\nIt was found that HttpsURLConnection did not perform SecurityManager checks\nin the setSSLSocketFactory method. An untrusted Java application or applet\nrunning in a sandbox could use this flaw to bypass connection restrictions\ndefined in the policy. (CVE-2011-3560)\n\nA flaw was found in the way the SSL 3 and TLS 1.0 protocols used block\nciphers in cipher-block chaining (CBC) mode. An attacker able to perform a\nchosen plain text attack against a connection mixing trusted and untrusted\ndata could use this flaw to recover portions of the trusted data sent over\nthe connection. (CVE-2011-3389)\n\nNote: This update mitigates the CVE-2011-3389 issue by splitting the first\napplication data record byte to a separate SSL/TLS protocol record. This\nmitigation may cause compatibility issues with some SSL/TLS implementations\nand can be disabled using the jsse.enableCBCProtection boolean property. \nThis can be done on the command line by appending the flag\n\"-Djsse.enableCBCProtection=false\" to the java command. \n\nAn information leak flaw was found in the InputStream.skip implementation. \nAn untrusted Java application or applet could possibly use this flaw to\nobtain bytes skipped by other threads. (CVE-2011-3547)\n\nA flaw was found in the Java HotSpot virtual machine. An untrusted Java\napplication or applet could use this flaw to disclose portions of the VM\nmemory, or cause it to crash. (CVE-2011-3558)\n\nThe Java API for XML Web Services (JAX-WS) implementation in OpenJDK was\nconfigured to include the stack trace in error messages sent to clients. A\nremote client could possibly use this flaw to obtain sensitive information. \n(CVE-2011-3553)\n\nIt was found that Java applications running with SecurityManager\nrestrictions were allowed to use too many UDP sockets by default. If\nmultiple instances of a malicious application were started at the same\ntime, they could exhaust all available UDP sockets on the system. \n(CVE-2011-3552)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.9.10. Refer to\nthe NEWS file, linked to in the References, for further information. \n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)\n745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936)\n745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600)\n745391 - CVE-2011-3551 OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640)\n745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417)\n745399 - CVE-2011-3544 OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823)\n745442 - CVE-2011-3521 OpenJDK: IIOP deserialization code execution (Deserialization, 7055902)\n745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857)\n745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466)\n745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012)\n745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773)\n745476 - CVE-2011-3553 OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794)\n745492 - CVE-2011-3558 OpenJDK: Hotspot unspecified issue (Hotspot, 7070134)\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm\n\ni386:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm\n\ni386:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm\n\ni386:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3389.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3521.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3544.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3547.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3548.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3551.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3552.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3553.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3554.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3556.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3557.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3558.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3560.html\nhttps://access.redhat.com/security/updates/classification/#critical\nhttp://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html\nhttp://icedtea.classpath.org/hg/release/icedtea6-1.9/file/328afd896e3e/NEWS\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2011 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFOngvzXlSAg2UNWIIRArb8AKCaS923HYBco1E2eOOedT1aefjmyACgherU\n1E1DMZpv3ExBmKhD4Emi2no=\n=sMXo\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2011-3556" }, { "db": "CERT/CC", "id": "VU#597809" }, { "db": "BID", "id": "50231" }, { "db": "VULMON", "id": "CVE-2011-3556" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "123734" }, { "db": "PACKETSTORM", "id": "127267" }, { "db": "PACKETSTORM", "id": "107051" }, { "db": "PACKETSTORM", "id": "106868" }, { "db": "PACKETSTORM", "id": "111633" }, { "db": "PACKETSTORM", "id": "108498" }, { "db": "PACKETSTORM", "id": "106792" }, { "db": "PACKETSTORM", "id": "105967" } ], "trust": 2.79 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.kb.cert.org/vuls/id/597809", "trust": 0.8, "type": "unknown" }, { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=17535", "trust": 0.1, "type": "exploit" } ], "sources": [ { "db": "CERT/CC", "id": "VU#597809" }, { "db": "VULMON", "id": "CVE-2011-3556" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-3556", "trust": 2.8 }, { "db": "BID", "id": "50231", "trust": 2.0 }, { "db": "CERT/CC", "id": "VU#597809", "trust": 1.9 }, { "db": "SECUNIA", "id": "48308", "trust": 1.1 }, { "db": "SECUNIA", "id": "48692", "trust": 1.1 }, { "db": "SECUNIA", "id": "49198", "trust": 1.1 }, { "db": "OSVDB", "id": "76505", "trust": 1.1 }, { "db": "SECTRACK", "id": "1026215", "trust": 1.1 }, { "db": "NSFOCUS", "id": "17992", "trust": 0.6 }, { "db": "NSFOCUS", "id": "19032", "trust": 0.6 }, { "db": "NSFOCUS", "id": "19819", "trust": 0.6 }, { "db": "NSFOCUS", "id": "19096", "trust": 0.6 }, { "db": "NSFOCUS", "id": "20539", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201110-481", "trust": 0.6 }, { "db": "HITACHI", "id": "HS11-024", "trust": 0.4 }, { "db": "ICS CERT", "id": "ICSA-17-213-02", "trust": 0.3 }, { "db": "SECUNIA", "id": "46694", "trust": 0.2 }, { "db": "EXPLOIT-DB", "id": "17535", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2011-3556", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106747", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "123734", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127267", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "107051", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106868", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "111633", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "108498", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106792", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "105967", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#597809" }, { "db": "VULMON", "id": "CVE-2011-3556" }, { "db": "BID", "id": "50231" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "123734" }, { "db": "PACKETSTORM", "id": "127267" }, { "db": "PACKETSTORM", "id": "107051" }, { "db": "PACKETSTORM", "id": "106868" }, { "db": "PACKETSTORM", "id": "111633" }, { "db": "PACKETSTORM", "id": "108498" }, { "db": "PACKETSTORM", "id": "106792" }, { "db": "PACKETSTORM", "id": "105967" }, { "db": "CNNVD", "id": "CNNVD-201110-481" }, { "db": "NVD", "id": "CVE-2011-3556" } ] }, "id": "VAR-201110-0387", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 1.0 }, "last_update_date": "2024-09-17T22:12:57.677000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Debian CVElist Bug Report Logs: critical update 29 available", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=0fb58df94ac51c16787c86c6429cdbcf" }, { "title": "Red Hat: Critical: java-1.4.2-ibm security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120006 - Security Advisory" }, { "title": "Red Hat: Moderate: java-1.4.2-ibm-sap security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120343 - Security Advisory" }, { "title": "Red Hat: Critical: java-1.5.0-ibm security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20111478 - Security Advisory" }, { "title": "Red Hat: Critical: java-1.6.0-ibm security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120034 - Security Advisory" }, { "title": "Ubuntu Security Notice: openjdk-6, openjdk-6b18 regression", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1263-2" }, { "title": "Ubuntu Security Notice: icedtea-web, openjdk-6, openjdk-6b18 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1263-1" }, { "title": "Debian Security Advisories: DSA-2356-1 openjdk-6 -- several vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a48d7ee302b835c97c950b74a371fcfe" }, { "title": "Amazon Linux AMI: ALAS-2011-010", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2011-010" }, { "title": "Red Hat: Low: Red Hat Network Satellite server IBM Java Runtime security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20131455 - Security Advisory" }, { "title": "cve_2011_3556", "trust": 0.1, "url": "https://github.com/sk4la/cve_2011_3556 " } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3556" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2011-3556" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.1, "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" }, { "trust": 1.8, "url": "http://www.ibm.com/developerworks/java/jdk/alerts/" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/50231" }, { "trust": 1.6, "url": "https://www.ibm.com/support/pages/ibm-serveraid-application-cd-v930-17006-ibm-system-x-and-bladecenter" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2013-1455.html" }, { "trust": 1.2, "url": "http://www.ubuntu.com/usn/usn-1263-1" }, { "trust": 1.2, "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" }, { "trust": 1.2, "url": "https://www.kb.cert.org/vuls/id/597809" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2011-1384.html" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2011-1478.html" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2012-0006.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/49198" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html" }, { "trust": 1.1, "url": "http://osvdb.org/76505" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id?1026215" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/48692" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2" }, { "trust": 1.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70837" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14316" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2" }, { "trust": 1.1, "url": "http://secunia.com/advisories/48308" }, { "trust": 0.8, "url": "https://www.ibm.com/support/pages/node/827256" }, { "trust": 0.8, "url": "https://www.oracle.com/technetwork/java/javase/index-jsp-138567.html" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3389" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3548" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3547" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3556" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3560" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3552" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3557" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3521" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3554" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/17992" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/19096" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/19032" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/19819" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/20539" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3553" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3551" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3544" }, { "trust": 0.4, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs11-024/index.html" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3549" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3545" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3558" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-213-02" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100151219" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100150852" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100154049" }, { "trust": 0.3, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03358587" }, { "trust": 0.3, "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?docid=emr_na-c03909126-1\u0026ac.admitted=1378134276525.876444892.492883150" }, { "trust": 0.3, "url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03266681\u0026ac.admitted=1333452464452.876444892.492883150" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643845" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21641966" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21609004" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21609022" }, { "trust": 0.3, "url": "http://lists.vmware.com/pipermail/security-announce/2012/000162.html" }, { "trust": 0.3, "url": "http://www.vmware.com/security/advisories/vmsa-2012-0005.html" }, { "trust": 0.3, "url": "http://www.xerox.com/download/security/security-bulletin/1284333-14afb-4baadb5bccb00/cert_xrx12-002_v1.1.pdf" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3548.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3556.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3389.html" }, { "trust": 0.3, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3552.html" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3547.html" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.3, "url": "http://bugzilla.redhat.com/):" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3560.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3557.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3546" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3551.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3554.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3549.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3521.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3553.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3545.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3561" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3544.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3377" }, { "trust": 0.2, "url": "https://access.redhat.com/kb/docs/doc-11259" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://github.com/sk4la/cve_2011_3556" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.exploit-db.com/exploits/17535/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46694/#comments" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/products/corporate/vim/ovum_2011_request/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46694" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46694/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2468.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0873.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1540.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1476.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2463.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2446.html" }, { "trust": 0.1, "url": "https://access.redhat.com/site/articles/11258" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1500.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0428.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1480.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2419.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3563.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0401.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2444.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0425.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2454.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5089.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1722.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5079.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0497.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0500.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0419.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2422.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3561.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1721.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5081.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0409.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5071.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0863.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0423.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1532.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3216.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5069.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0499.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0862" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0867.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5084.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0443.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0507.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2451.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0809.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1487.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0351.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0814.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-4820.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0503.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0427.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0433.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1493.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1569.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5073.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-4823.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2435.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2456.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-3743.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#low" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2407.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3516.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0871.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2470.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5068.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1541.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0868.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-4822.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0873" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3159.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1557.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5075.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2471.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2429.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2443.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1713.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3213.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0441.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2457.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2412.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5072.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1718.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0432.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0446.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1481.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1537.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1717.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1531.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2432.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2447.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0802.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2452.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0865.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0450.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3516" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1491.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2464.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0862.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1571.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2383.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2418.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1473.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0547.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1563.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2465.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2472.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2466.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2424.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2453.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0867" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2473.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2433.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2437.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1716.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0506.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5083.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0501.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1533.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3342.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0869" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0426.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2450.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3550" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3143.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0440.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1725.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0865" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0502.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2417.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0445.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2394.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2455.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0498.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1682.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2442.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2459.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2430.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3546.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0442.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0551.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0424.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0869.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2448.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0863" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1719.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3550.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1486.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-5035.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2384.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0169.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0505.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2469.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0438.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0871" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0868" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1478.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0435.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0434.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0802" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0814" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2420.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2440.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4470" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3423" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3565" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2469" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0864" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3553" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2443" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1717" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2412" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1716" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0505" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1518" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2419" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3557" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2414" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3829" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5829" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5804" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1485" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5806" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5087" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2422" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0865" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4471" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5075" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3557" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3562" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2426" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3567" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4002" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5084" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1711" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1478" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2461" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5820" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5979" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6954" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2470" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4476" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0547" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4540" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0429" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0441" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2451" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2459" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5823" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2421" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0870" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3554" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0862" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2460" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1713" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0706" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0434" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5784" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3568" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5830" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5800" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4467" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3567" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2456" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5803" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4465" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4472" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5086" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3556" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0425" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2383" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2423" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2447" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2452" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2445" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5778" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5780" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5073" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3568" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1493" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2446" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5069" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-5035" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3566" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3549" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1500" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3562" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0426" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0457" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5850" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2783" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3573" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3552" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0451" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0459" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2423" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1876" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2384" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4469" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0431" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1557" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0458" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2453" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4448" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3521" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0401" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5085" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2407" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2421" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3564" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2429" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4465" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3569" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2403" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5068" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0871" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5071" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2398" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0432" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0815" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0444" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1475" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0497" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5774" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5782" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3554" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4469" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1725" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5790" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5805" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3564" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5802" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5849" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1719" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3569" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3573" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0461" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0442" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2448" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2458" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0427" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2427" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5825" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0506" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1484" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2430" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3541" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2415" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3549" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3565" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0872" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3216" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0429" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1718" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5772" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3860" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3422" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0433" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5074" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3554" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2454" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2444" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5072" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4470" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2436" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4416" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0822" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1537" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3553" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3551" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2449" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0503" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0025" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2457" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1476" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0169" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0424" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3563" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0809" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5077" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0435" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3544" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0456" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1723" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1726" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1571" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4467" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0460" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5081" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3547" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5840" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5851" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2465" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2431" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2473" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6629" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5783" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4448" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2783" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2463" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2412" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5809" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1480" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4351" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2420" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0501" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0428" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0869" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2417" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2471" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3566" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3551" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2424" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5076" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5842" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2397" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0452" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3553" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1569" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1724" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5797" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5070" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1486" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2472" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0446" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0453" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3860" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1488" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0502" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0868" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0440" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0443" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3389" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5814" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5817" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4351" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3551" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2455" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3557" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5089" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6b18/6b18-1.8.10-0ubuntu1~10.10.2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b20-1.9.10-0ubuntu1~10.04.2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/icedtea-web/1.1.1-0ubuntu1~11.04.2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b23~pre11-0ubuntu1.11.10" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6b18/6b18-1.8.10-0ubuntu1~11.04.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b22-1.10.4-0ubuntu1~11.04.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6b18/6b18-1.8.10-0ubuntu1~10.04.2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b20-1.9.10-0ubuntu1~10.10.2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/icedtea-web/1.1.3-1ubuntu1.1" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3377" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3556" }, { "trust": 0.1, "url": "http://secunia.com/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3552" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3558" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3560" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3553" }, { "trust": 0.1, "url": "https://www.ample.com" }, { "trust": 0.1, "url": "https://www.example.com," }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3389" }, { "trust": 0.1, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3557" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3554" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/advisories" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3551" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3544" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3521" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3548" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3547" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0507" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0503" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3563" }, { "trust": 0.1, "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.1, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.1, "url": "http://www.hp.com/go/java" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0499" }, { "trust": 0.1, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0501" }, { "trust": 0.1, "url": "https://www.hp.com/go/swa" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0498" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0502" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0505" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0506" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2012-0006.html" }, { "trust": 0.1, "url": "http://support.apple.com/kb/ht1222" }, { "trust": 0.1, "url": "http://www.apple.com/support/downloads/" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "http://java.sun.com/javase/6/webnotes/releasenotes.html" }, { "trust": 0.1, "url": "http://icedtea.classpath.org/hg/release/icedtea6-1.9/file/328afd896e3e/news" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2011-1380.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3558.html" } ], "sources": [ { "db": "CERT/CC", "id": "VU#597809" }, { "db": "VULMON", "id": "CVE-2011-3556" }, { "db": "BID", "id": "50231" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "123734" }, { "db": "PACKETSTORM", "id": "127267" }, { "db": "PACKETSTORM", "id": "107051" }, { "db": "PACKETSTORM", "id": "106868" }, { "db": "PACKETSTORM", "id": "111633" }, { "db": "PACKETSTORM", "id": "108498" }, { "db": "PACKETSTORM", "id": "106792" }, { "db": "PACKETSTORM", "id": "105967" }, { "db": "CNNVD", "id": "CNNVD-201110-481" }, { "db": "NVD", "id": "CVE-2011-3556" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#597809" }, { "db": "VULMON", "id": "CVE-2011-3556" }, { "db": "BID", "id": "50231" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "123734" }, { "db": "PACKETSTORM", "id": "127267" }, { "db": "PACKETSTORM", "id": "107051" }, { "db": "PACKETSTORM", "id": "106868" }, { "db": "PACKETSTORM", "id": "111633" }, { "db": "PACKETSTORM", "id": "108498" }, { "db": "PACKETSTORM", "id": "106792" }, { "db": "PACKETSTORM", "id": "105967" }, { "db": "CNNVD", "id": "CNNVD-201110-481" }, { "db": "NVD", "id": "CVE-2011-3556" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-02-12T00:00:00", "db": "CERT/CC", "id": "VU#597809" }, { "date": "2011-10-19T00:00:00", "db": "VULMON", "id": "CVE-2011-3556" }, { "date": "2011-10-18T00:00:00", "db": "BID", "id": "50231" }, { "date": "2011-11-08T04:55:18", "db": "PACKETSTORM", "id": "106747" }, { "date": "2013-10-23T22:57:57", "db": "PACKETSTORM", "id": "123734" }, { "date": "2014-06-30T23:39:28", "db": "PACKETSTORM", "id": "127267" }, { "date": "2011-11-17T02:34:27", "db": "PACKETSTORM", "id": "107051" }, { "date": "2011-11-12T00:06:50", "db": "PACKETSTORM", "id": "106868" }, { "date": "2012-04-06T02:42:03", "db": "PACKETSTORM", "id": "111633" }, { "date": "2012-01-09T22:38:38", "db": "PACKETSTORM", "id": "108498" }, { "date": "2011-11-09T18:31:22", "db": "PACKETSTORM", "id": "106792" }, { "date": "2011-10-19T00:58:21", "db": "PACKETSTORM", "id": "105967" }, { "date": "1900-01-01T00:00:00", "db": "CNNVD", "id": "CNNVD-201110-481" }, { "date": "2011-10-19T21:55:01.613000", "db": "NVD", "id": "CVE-2011-3556" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-02-13T00:00:00", "db": "CERT/CC", "id": "VU#597809" }, { "date": "2018-01-06T00:00:00", "db": "VULMON", "id": "CVE-2011-3556" }, { "date": "2017-08-02T18:10:00", "db": "BID", "id": "50231" }, { "date": "2011-10-21T00:00:00", "db": "CNNVD", "id": "CNNVD-201110-481" }, { "date": "2018-01-06T02:29:20.770000", "db": "NVD", "id": "CVE-2011-3556" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "107051" }, { "db": "PACKETSTORM", "id": "106868" }, { "db": "PACKETSTORM", "id": "111633" }, { "db": "PACKETSTORM", "id": "105967" }, { "db": "CNNVD", "id": "CNNVD-201110-481" } ], "trust": 1.0 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM ServeRAID Manager exposes unauthenticated Java Remote Method Invocation (RMI) service", "sources": [ { "db": "CERT/CC", "id": "VU#597809" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-201110-481" } ], "trust": 0.6 } }
var-200808-0011
Vulnerability from variot
Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. Apache Tomcat is prone to a remote information-disclosure vulnerability. Remote attackers can exploit this issue to obtain the contents of sensitive files stored on the server. Information obtained may lead to further attacks. The following versions are affected: Tomcat 4.1.0 through 4.1.37 Tomcat 5.5.0 through 5.5.26 Tomcat 6.0.0 through 6.0.16 Tomcat 3.x, 4.0.x, and 5.0.x may also be affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
CVE-2008-2370: Apache Tomcat information disclosure vulnerability
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected: Tomcat 4.1.0 to 4.1.37 Tomcat 5.5.0 to 5.5.26 Tomcat 6.0.0 to 6.0.16 The unsupported Tomcat 3.x, 4.0.x and 5.0.x versions may be also affected
Description: When using a RequestDispatcher the target path was normalised before the query string was removed. A request that included a specially crafted request parameter could be used to access content that would otherwise be protected by a security constraint or by locating it in under the WEB-INF directory.
Mitigation: 6.0.x users should upgrade to 6.0.18 5.5.x users should obtain the latest source from svn or apply this patch which will be included from 5.5.27 http://svn.apache.org/viewvc?rev=680949&view=rev 4.1.x users should obtain the latest source from svn or apply this patch which will be included from 4.1.38 http://svn.apache.org/viewvc?rev=680950&view=rev
Example: For a page that contains: <% pageContext.forward("/page2.jsp?somepar=someval&par="+request.getParameter("blah")); %> an attacker can use: http://host/page.jsp?blah=/../WEB-INF/web.xml
Credit: This issue was discovered by Stefano Di Paola of Minded Security Research Labs. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01650939 Version: 1
HPSBUX02401 SSRT090005 rev.1 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Cross-site Scripting (XSS), Execution of Arbitrary Code, Cross-Site Request Forgery (CSRF)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-02-02 Last Updated: 2009-02-02
Potential Security Impact: Remote Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, cross-site request forgery (CSRF)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server or Tomcat-based Servelet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, or cross-site request forgery (CSRF). Apache-based Web Server and Tomcat-based Servelet Engine are contained in the Apache Web Server Suite.
References: CVE-2007-6420, CVE-2008-1232, CVE-2008-1947, CVE-2008-2364, CVE-2008-2370, CVE-2008-2938, CVE-2008-2939, CVE-2008-3658
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.23 and B.11.31 running Apache-based Web Server v2.2.8.01.01 or earlier or Tomcat-based Servelet Engine v5.5.27.01.01 or earlier HP-UX B.11.11 running Apache-based Web Server v2.2.8.01.01 or earlier
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2007-6420 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-1232 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-1947 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-2364 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 5.0 CVE-2008-2370 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 5.0 CVE-2008-2938 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-2939 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-3658 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 7.5 =============================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
RESOLUTION
HP has provided the following upgrades to resolve these vulnerabilities. The upgrades are available from the following location: URL: http://software.hp.com
Note: HP-UX Web Server Suite v.3.02 contains HP-UX Apache-based Web Server v.2.2.8.01.02 and HP-UX Tomcat-based Servlet Engine 5.5.27.01.01
HP-UX Release - B.11.23 and B.11.31 PA-32 Apache Depot name - HPUXWSATW-B302-32.depot
HP-UX Release - B.11.23 and B.11.31 IA-64 Apache Depot name - HPUXWSATW-B302-64.depot
HP-UX Release - B.11.11 PA-32 Apache Depot name - HPUXWSATW-B222-1111.depot
MANUAL ACTIONS: Yes - Update
Install Apache-based Web Server or Tomcat-based Servelet Engine from the Apache Web Server Suite v3.02 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY hpuxwsTOMCAT.TOMCAT hpuxwsWEBMIN.WEBMIN
action: install revision B.2.2.8.01.02 or subsequent URL: http://software.hp.com
HP-UX B.11.23
hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 hpuxws22TOMCAT.TOMCAT hpuxws22WEBMIN.WEBMIN
action: install revision B.2.2.8.01.02 or subsequent URL: http://software.hp.com
HP-UX B.11.31
hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 hpuxws22APACHE.WEBPROXY hpuxws22APACHE.WEBPROXY2 hpuxws22TOMCAT.TOMCAT hpuxws22WEBMIN.WEBMIN
action: install revision B.2.2.8.01.02 or subsequent URL: http://software.hp.com
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) 2 February 2009 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
\xa9Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
VMware Security Advisory
Advisory ID: VMSA-2009-0016 Synopsis: VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components Issue date: 2009-11-20 Updated on: 2009-11-20 (initial release of advisory) CVE numbers: --- JRE --- CVE-2009-1093 CVE-2009-1094 CVE-2009-1095 CVE-2009-1096 CVE-2009-1097 CVE-2009-1098 CVE-2009-1099 CVE-2009-1100 CVE-2009-1101 CVE-2009-1102 CVE-2009-1103 CVE-2009-1104 CVE-2009-1105 CVE-2009-1106 CVE-2009-1107 CVE-2009-2625 CVE-2009-2670 CVE-2009-2671 CVE-2009-2672 CVE-2009-2673 CVE-2009-2675 CVE-2009-2676 CVE-2009-2716 CVE-2009-2718 CVE-2009-2719 CVE-2009-2720 CVE-2009-2721 CVE-2009-2722 CVE-2009-2723 CVE-2009-2724 --- Tomcat --- CVE-2008-5515 CVE-2009-0033 CVE-2009-0580 CVE-2009-0781 CVE-2009-0783 CVE-2008-1232 CVE-2008-1947 CVE-2008-2370 CVE-2007-5333 CVE-2007-5342 CVE-2007-5461 CVE-2007-6286 CVE-2008-0002 --- ntp --- CVE-2009-1252 CVE-2009-0159 --- kernel --- CVE-2008-3528 CVE-2008-5700 CVE-2009-0028 CVE-2009-0269 CVE-2009-0322 CVE-2009-0675 CVE-2009-0676 CVE-2009-0778 CVE-2008-4307 CVE-2009-0834 CVE-2009-1337 CVE-2009-0787 CVE-2009-1336 CVE-2009-1439 CVE-2009-1633 CVE-2009-1072 CVE-2009-1630 CVE-2009-1192 CVE-2007-5966 CVE-2009-1385 CVE-2009-1388 CVE-2009-1389 CVE-2009-1895 CVE-2009-2406 CVE-2009-2407 CVE-2009-2692 CVE-2009-2698 CVE-2009-0745 CVE-2009-0746 CVE-2009-0747 CVE-2009-0748 CVE-2009-2847 CVE-2009-2848 --- python --- CVE-2007-2052 CVE-2007-4965 CVE-2008-1721 CVE-2008-1887 CVE-2008-2315 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144 CVE-2008-4864 CVE-2008-5031 --- bind --- CVE-2009-0696 --- libxml and libxml2 --- CVE-2009-2414 CVE-2009-2416 --- curl -- CVE-2009-2417 --- gnutil --- CVE-2007-2052
- Summary
Updated Java JRE packages and Tomcat packages address several security issues. Updates for the ESX Service Console and vMA include kernel, ntp, Python, bind libxml, libxml2, curl and gnutil packages. ntp is also updated for ESXi userworlds.
- Relevant releases
vCenter Server 4.0 before Update 1
ESXi 4.0 without patch ESXi400-200911201-UG
ESX 4.0 without patches ESX400-200911201-UG, ESX400-200911223-UG, ESX400-200911232-SG, ESX400-200911233-SG, ESX400-200911234-SG, ESX400-200911235-SG, ESX400-200911237-SG, ESX400-200911238-SG
vMA 4.0 before patch 02
- Problem Description
a. JRE Security Update
JRE update to version 1.5.0_20, which addresses multiple security
issues that existed in earlier releases of JRE.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the following names to the security issues fixed in
JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,
CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099,
CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103,
CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the following names to the security issues fixed in
JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671,
CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676,
CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720,
CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 4.0 Windows Update 1
VirtualCenter 2.5 Windows affected, patch pending
VirtualCenter 2.0.2 Windows affected, patch pending
Workstation any any not affected
Player any any not affected
Server 2.0 any affected, patch pending
Server 1.0 any not affected
ACE any any not affected
Fusion any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX ESX400-200911223-UG
ESX 3.5 ESX affected, patch pending
ESX 3.0.3 ESX affected, patch pending
ESX 2.5.5 ESX not affected
vMA 4.0 RHEL5 Patch 2 *
-
vMA JRE is updated to version JRE 1.5.0_21
Notes: These vulnerabilities can be exploited remotely only if the attacker has access to the Service Console network.
Security best practices provided by VMware recommend that the Service Console be isolated from the VM network. Please see http://www.vmware.com/resources/techresources/726 for more information on VMware security best practices. The currently installed version of JRE depends on your patch deployment history.
b. Update Apache Tomcat version to 6.0.20
Update for VirtualCenter and ESX patch update the Tomcat package to version 6.0.20 which addresses multiple security issues that existed in the previous version of Apache Tomcat.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.20: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.18: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.16: CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-0002.
The following table lists what action remediates the vulnerability (column 4) if a solution is available.
VMware Product Running Replace with/ Product Version on Apply Patch ======== ======== ======= ======================= vCenter 4.0 Windows Update 1 VirtualCenter 2.5 Windows affected, patch pending VirtualCenter 2.0.2 Windows affected, patch pending
Workstation any any not affected
Player any any not affected
ACE any Windows not affected
Server 2.x any affected, patch pending Server 1.x any not affected
Fusion any Mac OS/X not affected
ESXi any ESXi not affected
ESX 4.0 ESX ESX400-200911223-UG ESX 3.5 ESX affected, patch pending ESX 3.0.3 ESX affected, patch pending ESX 2.5.5 ESX not affected
vMA 4.0 RHEL5 not affected
Notes: These vulnerabilities can be exploited remotely only if the
attacker has access to the Service Console network.
Security best practices provided by VMware recommend that the
Service Console be isolated from the VM network. Please see
http://www.vmware.com/resources/techresources/726 for more
information on VMware security best practices.
The currently installed version of Tomcat depends on
your patch deployment history.
c. Third party library update for ntp.
The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source.
ESXi 3.5 and ESXi 4.0 have a ntp client that is affected by the following security issue. Note that the same security issue is present in the ESX Service Console as described in section d. of this advisory.
A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially-crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the "ntp" user.
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1252 to this issue.
The NTP security issue identified by CVE-2009-0159 is not relevant for ESXi 3.5 and ESXi 4.0.
The following table lists what action remediates the vulnerability in this component (column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi 4.0 ESXi ESXi400-200911201-UG
ESXi 3.5 ESXi affected, patch pending
ESX 4.0 ESX not affected
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 2.5.5 ESX not affected
vMA 4.0 RHEL5 not affected
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
d. Service Console update for ntp
Service Console package ntp updated to version ntp-4.2.2pl-9.el5_3.2
The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source.
The Service Console present in ESX is affected by the following security issues.
A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially-crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the "ntp" user.
NTP authentication is not enabled by default on the Service Console.
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1252 to this issue.
A buffer overflow flaw was found in the ntpq diagnostic command. A malicious, remote server could send a specially-crafted reply to an ntpq request that could crash ntpq or, potentially, execute arbitrary code with the privileges of the user running the ntpq command.
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-0159 to this issue.
The following table lists what action remediates the vulnerability in the Service Console (column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX ESX400-200911238-SG
ESX 3.5 ESX affected, patch pending **
ESX 3.0.3 ESX affected, patch pending **
ESX 2.5.5 ESX affected, patch pending **
vMA 4.0 RHEL5 Patch 2
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
** The service consoles of ESX 2.5.5, ESX 3.0.3 and ESX 3.5 are not affected by CVE-2009-1252. The security issue identified by CVE-2009-0159 has a low impact on the service console of ESX 2.5.5, ESX 3.0.3 and ESX 3.5.
e. Updated Service Console package kernel
Updated Service Console package kernel addresses the security
issues below.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2008-3528, CVE-2008-5700, CVE-2009-0028,
CVE-2009-0269, CVE-2009-0322, CVE-2009-0675, CVE-2009-0676,
CVE-2009-0778 to the security issues fixed in kernel
2.6.18-128.1.6.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2008-4307, CVE-2009-0834, CVE-2009-1337,
CVE-2009-0787, CVE-2009-1336 to the security issues fixed in
kernel 2.6.18-128.1.10.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2009-1439, CVE-2009-1633, CVE-2009-1072,
CVE-2009-1630, CVE-2009-1192 to the security issues fixed in
kernel 2.6.18-128.1.14.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2007-5966, CVE-2009-1385, CVE-2009-1388,
CVE-2009-1389, CVE-2009-1895, CVE-2009-2406, CVE-2009-2407 to the
security issues fixed in kernel 2.6.18-128.4.1.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2009-2692, CVE-2009-2698 to the
security issues fixed in kernel 2.6.18-128.7.1.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2009-0745, CVE-2009-0746, CVE-2009-0747,
CVE-2009-0748, CVE-2009-2847, CVE-2009-2848 to the security issues
fixed in kernel 2.6.18-164.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not applicable
hosted * any any not applicable
ESXi any ESXi not applicable
ESX 4.0 ESX ESX400-200911201-UG
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
ESX 2.5.5 ESX not applicable
vMA 4.0 RHEL5 Patch 2 **
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
** vMA is updated to kernel version 2.6.18-164.
f. Updated Service Console package python
Service Console package Python update to version 2.4.3-24.el5.
When the assert() system call was disabled, an input sanitization
flaw was revealed in the Python string object implementation that
led to a buffer overflow. The missing check for negative size values
meant the Python memory allocator could allocate less memory than
expected. This could result in arbitrary code execution with the
Python interpreter's privileges.
Multiple buffer and integer overflow flaws were found in the Python
Unicode string processing and in the Python Unicode and string
object implementations. An attacker could use these flaws to cause
a denial of service.
Multiple integer overflow flaws were found in the Python imageop
module. If a Python application used the imageop module to
process untrusted images, it could cause the application to
disclose sensitive information, crash or, potentially, execute
arbitrary code with the Python interpreter's privileges.
Multiple integer underflow and overflow flaws were found in the
Python snprintf() wrapper implementation. An attacker could use
these flaws to cause a denial of service (memory corruption).
Multiple integer overflow flaws were found in various Python
modules. An attacker could use these flaws to cause a denial of
service.
An integer signedness error, leading to a buffer overflow, was
found in the Python zlib extension module. If a Python application
requested the negative byte count be flushed for a decompression
stream, it could cause the application to crash or, potentially,
execute arbitrary code with the Python interpreter's privileges.
A flaw was discovered in the strxfrm() function of the Python
locale module. Strings generated by this function were not properly
NULL-terminated, which could possibly cause disclosure of data
stored in the memory of a Python application using this function.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2007-2052 CVE-2007-4965 CVE-2008-1721
CVE-2008-1887 CVE-2008-2315 CVE-2008-3142 CVE-2008-3143
CVE-2008-3144 CVE-2008-4864 CVE-2008-5031 to these issues.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not applicable
hosted * any any not applicable
ESXi any ESXi not applicable
ESX 4.0 ESX ESX400-200911235-SG
ESX 3.5 ESX affected, patch pending
ESX 3.0.3 ESX affected, patch pending
ESX 2.5.5 ESX affected, patch pending
vMA 4.0 RHEL5 Patch 2
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
g. Updated Service Console package bind
Service Console package bind updated to version 9.3.6-4.P1.el5
The Berkeley Internet Name Domain (BIND) is an implementation of the
Domain Name System (DNS) protocols. BIND includes a DNS server
(named); a resolver library (routines for applications to use when
interfacing with DNS); and tools for verifying that the DNS server
is operating correctly.
A flaw was found in the way BIND handles dynamic update message
packets containing the "ANY" record type. A remote attacker could
use this flaw to send a specially-crafted dynamic update packet
that could cause named to exit with an assertion failure.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-0696 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not applicable
hosted * any any not applicable
ESXi any ESXi not applicable
ESX 4.0 ESX ESX400-200911237-SG
ESX 3.5 ESX affected, patch pending
ESX 3.0.3 ESX affected, patch pending
ESX 2.5.5 ESX affected, patch pending
vMA 4.0 RHEL5 Patch 2
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
h. Updated Service Console package libxml2
Service Console package libxml2 updated to version 2.6.26-2.1.2.8.
libxml is a library for parsing and manipulating XML files. A
Document Type Definition (DTD) defines the legal syntax (and also
which elements can be used) for certain types of files, such as XML
files.
A stack overflow flaw was found in the way libxml processes the
root XML document element definition in a DTD. A remote attacker
could provide a specially-crafted XML file, which once opened by a
local, unsuspecting user, would lead to denial of service.
Multiple use-after-free flaws were found in the way libxml parses
the Notation and Enumeration attribute types. A remote attacker
could provide a specially-crafted XML file, which once opened by a
local, unsuspecting user, would lead to denial of service.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2009-2414 and CVE-2009-2416 to these
issues.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not applicable
hosted * any any not applicable
ESXi any ESXi not applicable
ESX 4.0 ESX ESX400-200911234-SG
ESX 3.5 ESX affected, patch pending
ESX 3.0.3 ESX affected, patch pending
ESX 2.5.5 ESX affected, patch pending
vMA 4.0 RHEL5 Patch 2
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
i. Updated Service Console package curl
Service Console package curl updated to version 7.15.5-2.1.el5_3.5
A cURL is affected by the previously published "null prefix attack",
caused by incorrect handling of NULL characters in X.509
certificates. If an attacker is able to get a carefully-crafted
certificate signed by a trusted Certificate Authority, the attacker
could use the certificate during a man-in-the-middle attack and
potentially confuse cURL into accepting it by mistake.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-2417 to this issue
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not applicable
hosted * any any not applicable
ESXi any ESXi not applicable
ESX 4.0 ESX ESX400-200911232-SG
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 2.5.5 ESX not affected
vMA 4.0 RHEL5 Patch 2
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
j. Updated Service Console package gnutls
Service Console package gnutil updated to version 1.4.1-3.el5_3.5
A flaw was discovered in the way GnuTLS handles NULL characters in
certain fields of X.509 certificates. If an attacker is able to get
a carefully-crafted certificate signed by a Certificate Authority
trusted by an application using GnuTLS, the attacker could use the
certificate during a man-in-the-middle attack and potentially
confuse the application into accepting it by mistake.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-2730 to this issue
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not applicable
hosted * any any not applicable
ESXi any ESXi not applicable
ESX 4.0 ESX ESX400-200911233-SG
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 2.5.5 ESX not affected
vMA 4.0 RHEL5 Patch 2
-
hosted products are VMware Workstation, Player, ACE, Server, Fusion.
-
Solution
Please review the patch/release notes for your product and version and verify the md5sum of your downloaded file.
VMware vCenter Server 4 Update 1
Version 4.0 Update 1 Build Number 208156 Release Date 2009/11/19 Type Product Binaries http://downloads.vmware.com/download/download.do?downloadGroup=VC40U1
VMware vCenter Server 4 and modules File size: 1.8 GB File type: .iso MD5SUM: 057d55b32eb27fe5f3e01bc8d3df3bc5 SHA1SUM: c90134418c2e4d3d6637d8bee44261300ad95ec1
VMware vCenter Server 4 and modules File size: 1.5 GB File type: .zip MD5SUM: f843d9c19795eb3bc5a77f5c545468a8 SHA1SUM: 9a7abd8e70bd983151e2ee40e1b3931525c4480c
VMware vSphere Client and Host Update Utility File size: 113.8 MB File type: .exe MD5SUM: 6cc6b2c958e7e9529c284e48dfae22a9 SHA1SUM: f4c19c63a75d93cffc57b170066358160788c959
VMware vCenter Converter BootCD File size: 98.8 MB File type: .zip MD5SUM: 3df94eb0e93de76b0389132ada2a3799 SHA1SUM: 5d7c04e4f9f8ae25adc8de5963fefd8a4c92464c
VMware vCenter Converter CLI (Linux) File size: 36.9 MB File type: .tar.gz MD5SUM: 3766097563936ba5e03e87e898f6bd48 SHA1SUM: 36d485bdb5eb279296ce8c8523df04bfb12a2cb4
ESXi 4.0 Update 1
ESXi400-200911201-UG
https://hostupdate.vmware.com/software/VUM/OFFLINE/release-155-20091116-013169/ESXi-4.0.0-update01.zip md5sum:c6fdd6722d9e5cacb280bdcc2cca0627 sha1sum:de9d4875f86b6493f9da991a8cff37784215db2e http://kb.vmware.com/kb/1014886
NOTE: The three ESXi patches for Firmware, VMware Tools, and the VI Client "C" are contained in a single download file.
ESX 4.0 Update 1
https://hostupdate.vmware.com/software/VUM/OFFLINE/release-158-20091118-187517/ESX-4.0.0-update01.zip md5sum: 68934321105c34dcda4cbeeab36a2b8f sha1sum: 0d8ae58cf9143d5c7113af9692dea11ed2dd864b http://kb.vmware.com/kb/1014842
To install an individual bulletin use esxupdate with the -b option. esxupdate --bundle=ESX-4.0.0-update01.zip -b ESX400-200911223-UG -b ESX400-200911238-SG -b ESX400-200911201-UG -b ESX400-200911235-SG -b ESX400-200911237-SG -b ESX400-200911234-SG -b ESX400-200911232-SG -b ESX400-200911233-SG update
- References
CVE numbers --- JRE --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1093 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1096 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1097 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1098 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1099 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1100 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1101 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1102 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1103 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1104 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1105 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1106 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1107 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2670 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2671 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2672 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2673 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2675 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2676 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2716 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2718 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2719 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2720 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2721 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2722 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2723 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2724 --- Tomcat --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0002 --- ntp --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1252 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159 --- kernel --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3528 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5700 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0028 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0269 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0322 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0675 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0676 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0778 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4307 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0834 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1337 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1336 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1439 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1633 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1072 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1630 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5966 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1385 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1895 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2406 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2407 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2698 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0745 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0746 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0747 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0748 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2848 --- python --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2052 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4965 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1721 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1887 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3143 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3144 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4864 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5031 --- bind --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696 --- libxml and libxml2 --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2416 --- curl -- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2417 --- gnutil --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2052
- Change log
2009-11-20 VMSA-2009-0016 Initial security advisory after release of vCenter 4.0 Update 1 and ESX 4.0 Update 1 on 2009-11-19 and release of vMA Patch 2 on 2009-11-23.
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
- security-announce at lists.vmware.com
- bugtraq at securityfocus.com
- full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center http://www.vmware.com/security
VMware security response policy http://www.vmware.com/support/policies/security_response.html
General support life cycle policy http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/lifecycle/
Copyright 2009 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAksHAooACgkQS2KysvBH1xmQMACfTEcnuPanvucXPmgJCTT054o+ dtoAniXz+9xLskrkPr3oUzAcDeV729WG =wSRz -----END PGP SIGNATURE----- .
Affected Products
The WiKID Strong Authentication Server - Enterprise Edition The WiKID Strong Authentication Server - Community Edition
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286
Mitigation
Commercial users may download the most recent RPMs from the website: http://www.wikidsystems.com/downloads/
Users of the open source community version may download packages from Sourceforge: https://sourceforge.net/project/showfiles.php?group_id=144774
Nick Owen WiKID Systems, Inc. 404-962-8983 (desk) http://www.wikidsystems.com Two-factor authentication, without the hassle factor. References
Tomcat release notes tomcat.apache.org/security-5.html
CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370
A cross-site scripting vulnerability was found in the HttpServletResponse.sendError() method which could allow a remote attacker to inject arbitrary web script or HTML via forged HTTP headers (CVE-2008-1232).
A cross-site scripting vulnerability was found in the host manager application that could allow a remote attacker to inject arbitrary web script or HTML via the hostname parameter (CVE-2008-1947).
A traversal vulnerability was found when the 'allowLinking' and 'URIencoding' settings were actived which could allow a remote attacker to use a UTF-8-encoded request to extend their privileges and obtain local files accessible to the Tomcat process (CVE-2008-2938).
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938
Updated Packages:
Mandriva Linux 2008.0: 56ca5eb3e331c6675634a5e3f3c5afd7 2008.0/i586/tomcat5-5.5.23-9.2.10.2mdv2008.0.i586.rpm a1c688654decf045f80fb6d8978c73fa 2008.0/i586/tomcat5-admin-webapps-5.5.23-9.2.10.2mdv2008.0.i586.rpm 2b7a97313ece05bbd5596045853cfca0 2008.0/i586/tomcat5-common-lib-5.5.23-9.2.10.2mdv2008.0.i586.rpm e8384332efad0e2317a646241bece6ee 2008.0/i586/tomcat5-jasper-5.5.23-9.2.10.2mdv2008.0.i586.rpm a30cc8061f55f2613c517574263cdd21 2008.0/i586/tomcat5-jasper-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm 4f4a12c8479f27c7f9ed877f5821afa3 2008.0/i586/tomcat5-jsp-2.0-api-5.5.23-9.2.10.2mdv2008.0.i586.rpm ced904c459478c1123ed5da41dddbd7f 2008.0/i586/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm 183e045a9b44747c7a4adaec5c860441 2008.0/i586/tomcat5-server-lib-5.5.23-9.2.10.2mdv2008.0.i586.rpm 78af5a5788ac359a99a24f03a39c7b94 2008.0/i586/tomcat5-servlet-2.4-api-5.5.23-9.2.10.2mdv2008.0.i586.rpm 8e8569bfab5abef912299b9b751e49e9 2008.0/i586/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm 6899c327906423cdd02b930221c2496e 2008.0/i586/tomcat5-webapps-5.5.23-9.2.10.2mdv2008.0.i586.rpm 39fd3985d73f2f20efe4ed97c2a5e7c7 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.2mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64: c4d1c4471c29d8cd34adb9f2002ef294 2008.0/x86_64/tomcat5-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 2caf09173a64a378636496196d99756f 2008.0/x86_64/tomcat5-admin-webapps-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm d6a9a290638267a1117a55041986d31a 2008.0/x86_64/tomcat5-common-lib-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 2eead87d72af58ddc9e934b55e49a1aa 2008.0/x86_64/tomcat5-jasper-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 0fab26f89e83c882c5948a430bf82c8b 2008.0/x86_64/tomcat5-jasper-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 833334424b555a77e2a9951b71ed8fa3 2008.0/x86_64/tomcat5-jsp-2.0-api-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 115561d6233c3890cf3b85a7599ed03b 2008.0/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm eccf76ede6fb9256a2b52c861a9b0bb3 2008.0/x86_64/tomcat5-server-lib-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm cd9df1a8a1a5cb3216221bdefdfe8476 2008.0/x86_64/tomcat5-servlet-2.4-api-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm f7440a4111ec2fd30fa32e4bd74a0a20 2008.0/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 1464eb297888c4df98d8b7eabe7f0197 2008.0/x86_64/tomcat5-webapps-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 39fd3985d73f2f20efe4ed97c2a5e7c7 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.2mdv2008.0.src.rpm
Mandriva Linux 2008.1: 594abdc70bc430657eb831520926c73f 2008.1/i586/tomcat5-5.5.25-1.2.1.1mdv2008.1.i586.rpm bdec2b83b4fdb4d10a01a65fbdac512d 2008.1/i586/tomcat5-admin-webapps-5.5.25-1.2.1.1mdv2008.1.i586.rpm 3dbc007722996d1c36f31642f80b5c2a 2008.1/i586/tomcat5-common-lib-5.5.25-1.2.1.1mdv2008.1.i586.rpm 04b23d162d13f84d1d8707646ea9148c 2008.1/i586/tomcat5-jasper-5.5.25-1.2.1.1mdv2008.1.i586.rpm 602bf7d4ff261e8af20d50b9e76634bb 2008.1/i586/tomcat5-jasper-eclipse-5.5.25-1.2.1.1mdv2008.1.i586.rpm 0066e7519a2d3478f0a3e70bd95a7e5b 2008.1/i586/tomcat5-jasper-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm 1ba4743762cfa4594a27f0393de47823 2008.1/i586/tomcat5-jsp-2.0-api-5.5.25-1.2.1.1mdv2008.1.i586.rpm 262f2a39b800562cef36d724ce3efa35 2008.1/i586/tomcat5-jsp-2.0-api-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm b9f2af35a734d0e3a2d9bfe292aaced1 2008.1/i586/tomcat5-server-lib-5.5.25-1.2.1.1mdv2008.1.i586.rpm 8307ef374c5b995feac394b6f27474d5 2008.1/i586/tomcat5-servlet-2.4-api-5.5.25-1.2.1.1mdv2008.1.i586.rpm 3f4692170c35f992defcb4111a8133cd 2008.1/i586/tomcat5-servlet-2.4-api-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm 02b9d28af879b825754eff6199bf1788 2008.1/i586/tomcat5-webapps-5.5.25-1.2.1.1mdv2008.1.i586.rpm 2621d41df35e895a1ed0ed471f93f211 2008.1/SRPMS/tomcat5-5.5.25-1.2.1.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64: 6b1e03e5206eb262970198dccba7d0a3 2008.1/x86_64/tomcat5-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 930cf38058a0f8902e2741c6512e0aa0 2008.1/x86_64/tomcat5-admin-webapps-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm c527521cb93bab31df3f91422faf02a6 2008.1/x86_64/tomcat5-common-lib-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm f8bef98047ef956c8e4c0f877155e1f1 2008.1/x86_64/tomcat5-jasper-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 97a8a59178259d26838ce20c176c459a 2008.1/x86_64/tomcat5-jasper-eclipse-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 3bb885debc8576bd305c9fa4c9d25bfb 2008.1/x86_64/tomcat5-jasper-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 66dcf08e163fdaaf81992a7d25d84a20 2008.1/x86_64/tomcat5-jsp-2.0-api-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm dd92aab81bf4c75ab30b9b82153b24c0 2008.1/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 517ed776282d089dd84f81d47104f660 2008.1/x86_64/tomcat5-server-lib-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 83d4bb973b7fec461e812d74541a5949 2008.1/x86_64/tomcat5-servlet-2.4-api-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm cbdd58e1c9e1e8f0089af055abbd85e0 2008.1/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm cbee0f1f720269f77a66e30709ecd7ae 2008.1/x86_64/tomcat5-webapps-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 2621d41df35e895a1ed0ed471f93f211 2008.1/SRPMS/tomcat5-5.5.25-1.2.1.1mdv2008.1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFIwYsKmqjQ0CJFipgRApJjAKCVZ1XtEGoADQcp8l/m1ECSRstnjACg4qE8 j+sCdAEJN0CXvurmFcjUvNU= =+kFf -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . HP has updated the Apache Tomcat and Oracle database software to address vulnerabilities affecting confidentiality, availability, and integrity. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/
TITLE: phpPgAds XML-RPC PHP Code Execution Vulnerability
SECUNIA ADVISORY ID: SA15884
VERIFY ADVISORY: http://secunia.com/advisories/15884/
CRITICAL: Highly critical
IMPACT: System access
WHERE:
From remote
SOFTWARE: phpPgAds 2.x http://secunia.com/product/4577/
DESCRIPTION: A vulnerability has been reported in phpPgAds, which can be exploited by malicious people to compromise a vulnerable system. http://sourceforge.net/project/showfiles.php?group_id=36679
OTHER REFERENCES: SA15852: http://secunia.com/advisories/15852/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200808-0011", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "tomcat", "scope": "eq", "trust": 1.9, "vendor": "apache", "version": "6.0.14" }, { "model": "tomcat", "scope": "eq", "trust": 1.9, "vendor": "apache", "version": "6.0.13" }, { "model": "tomcat", "scope": "eq", "trust": 1.9, "vendor": "apache", "version": "6.0.12" }, { "model": "tomcat", "scope": "eq", "trust": 1.9, "vendor": "apache", "version": "6.0.11" }, { "model": "tomcat", "scope": "eq", "trust": 1.9, "vendor": "apache", "version": "6.0.10" }, { "model": "tomcat", "scope": "eq", "trust": 1.9, "vendor": "apache", "version": "6.0.9" }, { "model": "tomcat", "scope": "eq", "trust": 1.9, "vendor": "apache", "version": "6.0.8" }, { "model": "tomcat", "scope": "eq", "trust": 1.9, "vendor": "apache", "version": "6.0.7" }, { "model": "tomcat", "scope": "eq", "trust": 1.9, "vendor": "apache", "version": "6.0.6" }, { "model": "tomcat", "scope": "eq", "trust": 1.9, "vendor": "apache", "version": "6.0.5" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "6.0.16" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "6.0.15" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "6.0.4" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "6.0.3" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "6.0.2" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "6.0.1" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.26" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.25" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.24" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.23" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.22" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.21" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.20" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.19" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.18" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.17" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.16" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.15" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.14" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.13" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.12" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.11" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.10" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.9" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.8" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.7" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.6" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.5" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.4" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.3" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.2" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.1" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.37" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.36" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.34" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.32" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.31" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.30" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.29" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.28" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.24" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.12" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.10" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.3" }, { "model": "virtualcenter", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "2.0.2" }, { "model": "virtualcenter", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "2.5" }, { "model": "vcenter", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "4.0" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.21" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.19" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.0" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.4" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.27" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.5" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.18" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "5.5.0" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.16" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.35" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.15" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.0" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.2" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.20" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.9" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.22" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.25" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.17" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.13" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.26" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.6" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.33" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.23" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.1" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.11" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.14" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.7" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.8" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "drupal", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "gentoo linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "mandriva", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "pear xml rpc", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "phpxmlrpc", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "postnuke", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "red hat", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "serendipity", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "trustix secure linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ubuntu linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "wordpress", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "xoops", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "phpmyfaq", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.8, "vendor": "apache", "version": "4.1.0 to 4.1.37 version" }, { "model": "tomcat", "scope": "eq", "trust": 0.8, "vendor": "apache", "version": "5.5.0 to 5.5.26 version" }, { "model": "tomcat", "scope": "eq", "trust": 0.8, "vendor": "apache", "version": "6.0.0 to 6.0.16 version" }, { "model": "esx", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "3.0.3" }, { "model": "esx", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "3.5" }, { "model": "esx", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "4.0" }, { "model": "server", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "2.x" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5.5" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "2.0" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "2.1" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3 (x86)" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3 (x86-64)" }, { "model": "opensolaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "(sparc)" }, { "model": "opensolaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "(x86)" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "10 (sparc)" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "10 (x86)" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "9 (sparc)" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "9 (x86)" }, { "model": "hp xp p9000 performance advisor software", "scope": "lt", "trust": 0.8, "vendor": "hewlett packard", "version": "5.4.1" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.0 (client)" }, { "model": "rhel desktop workstation", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "webotx application server", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "interstage application framework suite", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage business application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage job workload server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage studio", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage web server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systems wikid server", "scope": "eq", "trust": 0.3, "vendor": "wikid", "version": "3.0.4" }, { "model": "virtualcenter 2.5.update build", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "31" }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.55" }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.52" }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.51" }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.0.25" }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.0.24" }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.0.23" }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.0.22" }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.0.21" }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.0.2" }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.0.1" }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.0" }, { "model": "esx server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.0.3" }, { "model": "esx server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.0.2" }, { "model": "esx server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.0.1" }, { "model": "esx server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.0" }, { "model": "esx server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "esx server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.5" }, { "model": "linux enterprise server sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "solaris 9 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "solaris 9 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "solaris 10 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "solaris 10 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 99", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 96", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 95", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 92", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 91", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 90", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 89", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 88", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 87", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 85", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 84", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 83", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 82", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 81", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 80", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 78", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 77", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 76", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 68", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 67", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 64", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 61", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 59", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 57", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 50", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 39", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 36", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 29", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 22", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 19", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 13", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 100", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.0" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.3" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.2" }, { "model": "red hat network satellite server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5.0.1" }, { "model": "red hat network satellite server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5.0" }, { "model": "red hat network satellite (for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4)5.1" }, { "model": "jboss enterprise application platform el5", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4.2" }, { "model": "jboss enterprise application platform el4", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4.2" }, { "model": "jboss enterprise application platform .cp03", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4.2" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4.2" }, { "model": "enterprise linux desktop workstation client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "developer suite as4", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3" }, { "model": "certificate server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7.3" }, { "model": "application server ws4", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2" }, { "model": "application server es4", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2" }, { "model": "application server as4", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "pardus", "version": "20080" }, { "model": "zenworks linux management", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "7.3" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2008.1" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2008.1" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2008.0" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2008.0" }, { "model": "xp p9000 performance advisor", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.4.1" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage business application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.0" }, { "model": "interstage apworks modelers-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage apworks modelers-j edition 6.0a", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks modelers-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.1" }, { "model": "interstage application server standard-j edition a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.1" }, { "model": "interstage application server enterprise edition a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "meeting exchange enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0.0.52" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.6" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.5" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.4" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.3" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.5" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5" }, { "model": "tomcat beta", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "4.1.9" }, { "model": "tomcat beta", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "4.1.3" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "4.1" }, { "model": "ode", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.2" }, { "model": "ode", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.0" }, { "model": "systems wikid server", "scope": "ne", "trust": 0.3, "vendor": "wikid", "version": "3.0.5" }, { "model": "virtualcenter update", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "2.56" }, { "model": "vcenter update", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "4.01" }, { "model": "opensolaris build snv 101", "scope": "ne", "trust": 0.3, "vendor": "sun", "version": null }, { "model": "jboss enterprise application platform .cp04", "scope": "ne", "trust": 0.3, "vendor": "redhat", "version": "4.2" }, { "model": "xp p9000 performance advisor", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5.5.1" }, { "model": "tomcat", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "6.0.18" }, { "model": "tomcat", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "5.5.27" }, { "model": "tomcat", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "4.1.38" }, { "model": "ode", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "1.3.3" } ], "sources": [ { "db": "CERT/CC", "id": "VU#442845" }, { "db": "BID", "id": "30494" }, { "db": "JVNDB", "id": "JVNDB-2008-001606" }, { "db": "CNNVD", "id": "CNNVD-200808-030" }, { "db": "NVD", "id": "CVE-2008-2370" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:apache:tomcat", "vulnerable": true }, { "cpe22Uri": "cpe:/a:vmware:esx", "vulnerable": true }, { "cpe22Uri": "cpe:/a:vmware:server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:vmware:vcenter", "vulnerable": true }, { "cpe22Uri": "cpe:/a:vmware:virtualcenter", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:sun:opensolaris", "vulnerable": true }, { "cpe22Uri": "cpe:/o:sun:solaris", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hp:xp_9000_performance_advisor_software", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:enterprise_linux", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:rhel_desktop_workstation", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:webotx_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_apworks", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_web_server", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2008-001606" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "\u0026#65279;Stefano Di Paola", "sources": [ { "db": "CNNVD", "id": "CNNVD-200808-030" } ], "trust": 0.6 }, "cve": "CVE-2008-2370", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2008-2370", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2008-2370", "trust": 1.0, "value": "MEDIUM" }, { "author": "CARNEGIE MELLON", "id": "VU#442845", "trust": 0.8, "value": "20.75" }, { "author": "NVD", "id": "CVE-2008-2370", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-200808-030", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2008-2370", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#442845" }, { "db": "VULMON", "id": "CVE-2008-2370" }, { "db": "JVNDB", "id": "JVNDB-2008-001606" }, { "db": "CNNVD", "id": "CNNVD-200808-030" }, { "db": "NVD", "id": "CVE-2008-2370" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. Apache Tomcat is prone to a remote information-disclosure vulnerability. \nRemote attackers can exploit this issue to obtain the contents of sensitive files stored on the server. Information obtained may lead to further attacks. \nThe following versions are affected:\nTomcat 4.1.0 through 4.1.37\nTomcat 5.5.0 through 5.5.26\nTomcat 6.0.0 through 6.0.16\nTomcat 3.x, 4.0.x, and 5.0.x may also be affected. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nCVE-2008-2370: Apache Tomcat information disclosure vulnerability\n\nSeverity: Important\n\nVendor:\nThe Apache Software Foundation\n\nVersions Affected:\nTomcat 4.1.0 to 4.1.37\nTomcat 5.5.0 to 5.5.26\nTomcat 6.0.0 to 6.0.16\nThe unsupported Tomcat 3.x, 4.0.x and 5.0.x versions may be also affected\n\nDescription:\nWhen using a RequestDispatcher the target path was normalised before the\nquery string was removed. A request that included a specially crafted\nrequest parameter could be used to access content that would otherwise be\nprotected by a security constraint or by locating it in under the WEB-INF\ndirectory. \n\nMitigation:\n6.0.x users should upgrade to 6.0.18\n5.5.x users should obtain the latest source from svn or apply this patch\nwhich will be included from 5.5.27\nhttp://svn.apache.org/viewvc?rev=680949\u0026view=rev\n4.1.x users should obtain the latest source from svn or apply this patch\nwhich will be included from 4.1.38\nhttp://svn.apache.org/viewvc?rev=680950\u0026view=rev\n\nExample:\nFor a page that contains:\n\u003c%\npageContext.forward(\"/page2.jsp?somepar=someval\u0026par=\"+request.getParameter(\"blah\"));\n%\u003e\nan attacker can use:\nhttp://host/page.jsp?blah=/../WEB-INF/web.xml\n\nCredit:\nThis issue was discovered by \ufeffStefano Di Paola of Minded Security Research\nLabs. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c01650939\nVersion: 1\n\nHPSBUX02401 SSRT090005 rev.1 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Cross-site Scripting (XSS), Execution of Arbitrary Code, Cross-Site Request Forgery (CSRF)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2009-02-02\nLast Updated: 2009-02-02\n\nPotential Security Impact: Remote Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, cross-site request forgery (CSRF)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX running Apache-based Web Server or Tomcat-based Servelet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, or cross-site request forgery (CSRF). Apache-based Web Server and Tomcat-based Servelet Engine are contained in the Apache Web Server Suite. \n\nReferences: CVE-2007-6420, CVE-2008-1232, CVE-2008-1947, CVE-2008-2364, CVE-2008-2370, CVE-2008-2938, CVE-2008-2939, CVE-2008-3658\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.23 and B.11.31 running Apache-based Web Server v2.2.8.01.01 or earlier or Tomcat-based Servelet Engine v5.5.27.01.01 or earlier \nHP-UX B.11.11 running Apache-based Web Server v2.2.8.01.01 or earlier \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics \n===============================================\nReference Base Vector Base Score \nCVE-2007-6420 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-1232 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-1947 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-2364 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 5.0\nCVE-2008-2370 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 5.0\nCVE-2008-2938 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-2939 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-3658 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 7.5\n===============================================\nInformation on CVSS is documented in HP Customer Notice: HPSN-2008-002. \n \nRESOLUTION\n\nHP has provided the following upgrades to resolve these vulnerabilities. \nThe upgrades are available from the following location: \nURL: http://software.hp.com \n\nNote: HP-UX Web Server Suite v.3.02 contains HP-UX Apache-based Web Server v.2.2.8.01.02 \nand HP-UX Tomcat-based Servlet Engine 5.5.27.01.01 \n\nHP-UX Release - B.11.23 and B.11.31 PA-32\nApache Depot name - HPUXWSATW-B302-32.depot\n \nHP-UX Release - B.11.23 and B.11.31 IA-64\nApache Depot name - HPUXWSATW-B302-64.depot\n \nHP-UX Release - B.11.11 PA-32\nApache Depot name - HPUXWSATW-B222-1111.depot\n \n\nMANUAL ACTIONS: Yes - Update \n\nInstall Apache-based Web Server or Tomcat-based Servelet Engine from the Apache Web Server Suite v3.02 or subsequent \n\nPRODUCT SPECIFIC INFORMATION \n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa \n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS \n\nHP-UX B.11.11 \n================== \nhpuxwsAPACHE.APACHE \nhpuxwsAPACHE.APACHE2 \nhpuxwsAPACHE.AUTH_LDAP \nhpuxwsAPACHE.AUTH_LDAP2 \nhpuxwsAPACHE.MOD_JK \nhpuxwsAPACHE.MOD_JK2 \nhpuxwsAPACHE.MOD_PERL \nhpuxwsAPACHE.MOD_PERL2 \nhpuxwsAPACHE.PHP \nhpuxwsAPACHE.PHP2 \nhpuxwsAPACHE.WEBPROXY \nhpuxwsTOMCAT.TOMCAT \nhpuxwsWEBMIN.WEBMIN \n\naction: install revision B.2.2.8.01.02 or subsequent \nURL: http://software.hp.com \n\nHP-UX B.11.23 \n================== \nhpuxws22APCH32.APACHE \nhpuxws22APCH32.APACHE2 \nhpuxws22APCH32.AUTH_LDAP \nhpuxws22APCH32.AUTH_LDAP2 \nhpuxws22APCH32.MOD_JK \nhpuxws22APCH32.MOD_JK2 \nhpuxws22APCH32.MOD_PERL \nhpuxws22APCH32.MOD_PERL2 \nhpuxws22APCH32.PHP \nhpuxws22APCH32.PHP2 \nhpuxws22APCH32.WEBPROXY \nhpuxws22APCH32.WEBPROXY2 \nhpuxws22TOMCAT.TOMCAT \nhpuxws22WEBMIN.WEBMIN \n\naction: install revision B.2.2.8.01.02 or subsequent \nURL: http://software.hp.com \n\nHP-UX B.11.31 \n================== \nhpuxws22APACHE.APACHE \nhpuxws22APACHE.APACHE2 \nhpuxws22APACHE.AUTH_LDAP \nhpuxws22APACHE.AUTH_LDAP2 \nhpuxws22APACHE.MOD_JK \nhpuxws22APACHE.MOD_JK2 \nhpuxws22APACHE.MOD_PERL \nhpuxws22APACHE.MOD_PERL2 \nhpuxws22APACHE.PHP \nhpuxws22APACHE.PHP2 \nhpuxws22APACHE.WEBPROXY \nhpuxws22APACHE.WEBPROXY2 \nhpuxws22TOMCAT.TOMCAT \nhpuxws22WEBMIN.WEBMIN \n\naction: install revision B.2.2.8.01.02 or subsequent \nURL: http://software.hp.com \n\nEND AFFECTED VERSIONS \n\nHISTORY \nVersion:1 (rev.1) 2 February 2009 Initial release \n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com \n Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n - verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n \nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2009 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- -----------------------------------------------------------------------\n VMware Security Advisory\n\nAdvisory ID: VMSA-2009-0016\nSynopsis: VMware vCenter and ESX update release and vMA patch\n release address multiple security issue in third\n party components\nIssue date: 2009-11-20\nUpdated on: 2009-11-20 (initial release of advisory)\nCVE numbers: --- JRE ---\n CVE-2009-1093 CVE-2009-1094 CVE-2009-1095\n CVE-2009-1096 CVE-2009-1097 CVE-2009-1098\n CVE-2009-1099 CVE-2009-1100 CVE-2009-1101\n CVE-2009-1102 CVE-2009-1103 CVE-2009-1104\n CVE-2009-1105 CVE-2009-1106 CVE-2009-1107\n CVE-2009-2625 CVE-2009-2670 CVE-2009-2671\n CVE-2009-2672 CVE-2009-2673 CVE-2009-2675\n CVE-2009-2676 CVE-2009-2716 CVE-2009-2718\n CVE-2009-2719 CVE-2009-2720 CVE-2009-2721\n CVE-2009-2722 CVE-2009-2723 CVE-2009-2724\n --- Tomcat ---\n CVE-2008-5515 CVE-2009-0033 CVE-2009-0580\n CVE-2009-0781 CVE-2009-0783 CVE-2008-1232\n CVE-2008-1947 CVE-2008-2370 CVE-2007-5333\n CVE-2007-5342 CVE-2007-5461 CVE-2007-6286\n CVE-2008-0002\n --- ntp ---\n CVE-2009-1252 CVE-2009-0159\n --- kernel ---\n CVE-2008-3528 CVE-2008-5700 CVE-2009-0028\n CVE-2009-0269 CVE-2009-0322 CVE-2009-0675\n CVE-2009-0676 CVE-2009-0778 CVE-2008-4307\n CVE-2009-0834 CVE-2009-1337 CVE-2009-0787\n CVE-2009-1336 CVE-2009-1439 CVE-2009-1633\n CVE-2009-1072 CVE-2009-1630 CVE-2009-1192\n CVE-2007-5966 CVE-2009-1385 CVE-2009-1388\n CVE-2009-1389 CVE-2009-1895 CVE-2009-2406\n CVE-2009-2407 CVE-2009-2692 CVE-2009-2698\n CVE-2009-0745 CVE-2009-0746 CVE-2009-0747\n CVE-2009-0748 CVE-2009-2847 CVE-2009-2848\n --- python ---\n CVE-2007-2052 CVE-2007-4965 CVE-2008-1721\n CVE-2008-1887 CVE-2008-2315 CVE-2008-3142\n CVE-2008-3143 CVE-2008-3144 CVE-2008-4864\n CVE-2008-5031\n --- bind ---\n CVE-2009-0696\n --- libxml and libxml2 ---\n CVE-2009-2414 CVE-2009-2416\n --- curl --\n CVE-2009-2417\n --- gnutil ---\n CVE-2007-2052\n- -----------------------------------------------------------------------\n\n1. Summary\n\n Updated Java JRE packages and Tomcat packages address several security\n issues. Updates for the ESX Service Console and vMA include kernel,\n ntp, Python, bind libxml, libxml2, curl and gnutil packages. ntp is\n also updated for ESXi userworlds. \n\n2. Relevant releases\n\n vCenter Server 4.0 before Update 1\n\n ESXi 4.0 without patch ESXi400-200911201-UG\n\n ESX 4.0 without patches ESX400-200911201-UG, ESX400-200911223-UG,\n ESX400-200911232-SG, ESX400-200911233-SG,\n ESX400-200911234-SG, ESX400-200911235-SG,\n ESX400-200911237-SG, ESX400-200911238-SG\n\n vMA 4.0 before patch 02\n\n3. Problem Description\n\n a. JRE Security Update\n\n JRE update to version 1.5.0_20, which addresses multiple security\n issues that existed in earlier releases of JRE. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\n CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099,\n CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103,\n CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671,\n CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676,\n CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720,\n CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter 4.0 Windows Update 1\n VirtualCenter 2.5 Windows affected, patch pending\n VirtualCenter 2.0.2 Windows affected, patch pending\n\n Workstation any any not affected\n\n Player any any not affected\n\n Server 2.0 any affected, patch pending\n Server 1.0 any not affected\n\n ACE any any not affected\n\n Fusion any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.0 ESX ESX400-200911223-UG\n ESX 3.5 ESX affected, patch pending\n ESX 3.0.3 ESX affected, patch pending\n ESX 2.5.5 ESX not affected\n\n vMA 4.0 RHEL5 Patch 2 *\n\n * vMA JRE is updated to version JRE 1.5.0_21\n\n Notes: These vulnerabilities can be exploited remotely only if the\n attacker has access to the Service Console network. \n\n Security best practices provided by VMware recommend that the\n Service Console be isolated from the VM network. Please see\n http://www.vmware.com/resources/techresources/726 for more\n information on VMware security best practices. \n\n The currently installed version of JRE depends on your patch\n deployment history. \n\n\n b. Update Apache Tomcat version to 6.0.20\n\n Update for VirtualCenter and ESX patch update the Tomcat package to\n version 6.0.20 which addresses multiple security issues that existed\n in the previous version of Apache Tomcat. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n Apache Tomcat 6.0.20: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580,\n CVE-2009-0781, CVE-2009-0783. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n Apache Tomcat 6.0.18: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n Apache Tomcat 6.0.16: CVE-2007-5333, CVE-2007-5342, CVE-2007-5461,\n CVE-2007-6286, CVE-2008-0002. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ======== ======== ======= =======================\n vCenter 4.0 Windows Update 1\n VirtualCenter 2.5 Windows affected, patch pending\n VirtualCenter 2.0.2 Windows affected, patch pending\n\n Workstation any any not affected\n\n Player any any not affected\n\n ACE any Windows not affected\n\n Server 2.x any affected, patch pending\n Server 1.x any not affected\n\n Fusion any Mac OS/X not affected\n\n ESXi any ESXi not affected\n\n ESX 4.0 ESX ESX400-200911223-UG\n ESX 3.5 ESX affected, patch pending\n ESX 3.0.3 ESX affected, patch pending\n ESX 2.5.5 ESX not affected\n\n vMA 4.0 RHEL5 not affected\n\n Notes: These vulnerabilities can be exploited remotely only if the\n attacker has access to the Service Console network. \n\n Security best practices provided by VMware recommend that the\n Service Console be isolated from the VM network. Please see\n http://www.vmware.com/resources/techresources/726 for more\n information on VMware security best practices. \n\n The currently installed version of Tomcat depends on\n your patch deployment history. \n\n c. Third party library update for ntp. \n\n The Network Time Protocol (NTP) is used to synchronize a computer\u0027s\n time with a referenced time source. \n\n ESXi 3.5 and ESXi 4.0 have a ntp client that is affected by the\n following security issue. Note that the same security issue is\n present in the ESX Service Console as described in section d. of\n this advisory. \n\n A buffer overflow flaw was discovered in the ntpd daemon\u0027s NTPv4\n authentication code. If ntpd was configured to use public key\n cryptography for NTP packet authentication, a remote attacker could\n use this flaw to send a specially-crafted request packet that could\n crash ntpd or, potentially, execute arbitrary code with the\n privileges of the \"ntp\" user. \n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-1252 to this issue. \n\n The NTP security issue identified by CVE-2009-0159 is not relevant\n for ESXi 3.5 and ESXi 4.0. \n\n The following table lists what action remediates the vulnerability\n in this component (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not affected\n\n hosted * any any not affected\n\n ESXi 4.0 ESXi ESXi400-200911201-UG\n ESXi 3.5 ESXi affected, patch pending\n\n ESX 4.0 ESX not affected\n ESX 3.5 ESX not affected\n ESX 3.0.3 ESX not affected\n ESX 2.5.5 ESX not affected\n\n vMA 4.0 RHEL5 not affected\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n d. Service Console update for ntp\n\n Service Console package ntp updated to version ntp-4.2.2pl-9.el5_3.2\n\n The Network Time Protocol (NTP) is used to synchronize a computer\u0027s\n time with a referenced time source. \n\n The Service Console present in ESX is affected by the following\n security issues. \n\n A buffer overflow flaw was discovered in the ntpd daemon\u0027s NTPv4\n authentication code. If ntpd was configured to use public key\n cryptography for NTP packet authentication, a remote attacker could\n use this flaw to send a specially-crafted request packet that could\n crash ntpd or, potentially, execute arbitrary code with the\n privileges of the \"ntp\" user. \n\n NTP authentication is not enabled by default on the Service Console. \n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-1252 to this issue. \n\n A buffer overflow flaw was found in the ntpq diagnostic command. A\n malicious, remote server could send a specially-crafted reply to an\n ntpq request that could crash ntpq or, potentially, execute\n arbitrary code with the privileges of the user running the ntpq\n command. \n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-0159 to this issue. \n\n The following table lists what action remediates the vulnerability\n in the Service Console (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not affected\n\n hosted * any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.0 ESX ESX400-200911238-SG\n ESX 3.5 ESX affected, patch pending **\n ESX 3.0.3 ESX affected, patch pending **\n ESX 2.5.5 ESX affected, patch pending **\n\n vMA 4.0 RHEL5 Patch 2\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n ** The service consoles of ESX 2.5.5, ESX 3.0.3 and ESX 3.5 are not\naffected\n by CVE-2009-1252. The security issue identified by CVE-2009-0159 has a\n low impact on the service console of ESX 2.5.5, ESX 3.0.3 and ESX 3.5. \n\n e. Updated Service Console package kernel\n\n Updated Service Console package kernel addresses the security\n issues below. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2008-3528, CVE-2008-5700, CVE-2009-0028,\n CVE-2009-0269, CVE-2009-0322, CVE-2009-0675, CVE-2009-0676,\n CVE-2009-0778 to the security issues fixed in kernel\n 2.6.18-128.1.6. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2008-4307, CVE-2009-0834, CVE-2009-1337,\n CVE-2009-0787, CVE-2009-1336 to the security issues fixed in\n kernel 2.6.18-128.1.10. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2009-1439, CVE-2009-1633, CVE-2009-1072,\n CVE-2009-1630, CVE-2009-1192 to the security issues fixed in\n kernel 2.6.18-128.1.14. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2007-5966, CVE-2009-1385, CVE-2009-1388,\n CVE-2009-1389, CVE-2009-1895, CVE-2009-2406, CVE-2009-2407 to the\n security issues fixed in kernel 2.6.18-128.4.1. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2009-2692, CVE-2009-2698 to the\n security issues fixed in kernel 2.6.18-128.7.1. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2009-0745, CVE-2009-0746, CVE-2009-0747,\n CVE-2009-0748, CVE-2009-2847, CVE-2009-2848 to the security issues\n fixed in kernel 2.6.18-164. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not applicable\n\n hosted * any any not applicable\n\n ESXi any ESXi not applicable\n\n ESX 4.0 ESX ESX400-200911201-UG\n ESX 3.5 ESX not applicable\n ESX 3.0.3 ESX not applicable\n ESX 2.5.5 ESX not applicable\n\n vMA 4.0 RHEL5 Patch 2 **\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n ** vMA is updated to kernel version 2.6.18-164. \n\n f. Updated Service Console package python\n\n Service Console package Python update to version 2.4.3-24.el5. \n\n When the assert() system call was disabled, an input sanitization\n flaw was revealed in the Python string object implementation that\n led to a buffer overflow. The missing check for negative size values\n meant the Python memory allocator could allocate less memory than\n expected. This could result in arbitrary code execution with the\n Python interpreter\u0027s privileges. \n\n Multiple buffer and integer overflow flaws were found in the Python\n Unicode string processing and in the Python Unicode and string\n object implementations. An attacker could use these flaws to cause\n a denial of service. \n\n Multiple integer overflow flaws were found in the Python imageop\n module. If a Python application used the imageop module to\n process untrusted images, it could cause the application to\n disclose sensitive information, crash or, potentially, execute\n arbitrary code with the Python interpreter\u0027s privileges. \n\n Multiple integer underflow and overflow flaws were found in the\n Python snprintf() wrapper implementation. An attacker could use\n these flaws to cause a denial of service (memory corruption). \n\n Multiple integer overflow flaws were found in various Python\n modules. An attacker could use these flaws to cause a denial of\n service. \n\n An integer signedness error, leading to a buffer overflow, was\n found in the Python zlib extension module. If a Python application\n requested the negative byte count be flushed for a decompression\n stream, it could cause the application to crash or, potentially,\n execute arbitrary code with the Python interpreter\u0027s privileges. \n\n A flaw was discovered in the strxfrm() function of the Python\n locale module. Strings generated by this function were not properly\n NULL-terminated, which could possibly cause disclosure of data\n stored in the memory of a Python application using this function. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2007-2052 CVE-2007-4965 CVE-2008-1721\n CVE-2008-1887 CVE-2008-2315 CVE-2008-3142 CVE-2008-3143\n CVE-2008-3144 CVE-2008-4864 CVE-2008-5031 to these issues. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not applicable\n\n hosted * any any not applicable\n\n ESXi any ESXi not applicable\n\n ESX 4.0 ESX ESX400-200911235-SG\n ESX 3.5 ESX affected, patch pending\n ESX 3.0.3 ESX affected, patch pending\n ESX 2.5.5 ESX affected, patch pending\n\n vMA 4.0 RHEL5 Patch 2\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n g. Updated Service Console package bind\n\n Service Console package bind updated to version 9.3.6-4.P1.el5\n\n The Berkeley Internet Name Domain (BIND) is an implementation of the\n Domain Name System (DNS) protocols. BIND includes a DNS server\n (named); a resolver library (routines for applications to use when\n interfacing with DNS); and tools for verifying that the DNS server\n is operating correctly. \n\n A flaw was found in the way BIND handles dynamic update message\n packets containing the \"ANY\" record type. A remote attacker could\n use this flaw to send a specially-crafted dynamic update packet\n that could cause named to exit with an assertion failure. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2009-0696 to this issue. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not applicable\n\n hosted * any any not applicable\n\n ESXi any ESXi not applicable\n\n ESX 4.0 ESX ESX400-200911237-SG\n ESX 3.5 ESX affected, patch pending\n ESX 3.0.3 ESX affected, patch pending\n ESX 2.5.5 ESX affected, patch pending\n\n vMA 4.0 RHEL5 Patch 2\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n h. Updated Service Console package libxml2\n\n Service Console package libxml2 updated to version 2.6.26-2.1.2.8. \n\n libxml is a library for parsing and manipulating XML files. A\n Document Type Definition (DTD) defines the legal syntax (and also\n which elements can be used) for certain types of files, such as XML\n files. \n\n A stack overflow flaw was found in the way libxml processes the\n root XML document element definition in a DTD. A remote attacker\n could provide a specially-crafted XML file, which once opened by a\n local, unsuspecting user, would lead to denial of service. \n\n Multiple use-after-free flaws were found in the way libxml parses\n the Notation and Enumeration attribute types. A remote attacker\n could provide a specially-crafted XML file, which once opened by a\n local, unsuspecting user, would lead to denial of service. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2009-2414 and CVE-2009-2416 to these\n issues. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not applicable\n\n hosted * any any not applicable\n\n ESXi any ESXi not applicable\n\n ESX 4.0 ESX ESX400-200911234-SG\n ESX 3.5 ESX affected, patch pending\n ESX 3.0.3 ESX affected, patch pending\n ESX 2.5.5 ESX affected, patch pending\n\n vMA 4.0 RHEL5 Patch 2\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n i. Updated Service Console package curl\n\n Service Console package curl updated to version 7.15.5-2.1.el5_3.5\n\n A cURL is affected by the previously published \"null prefix attack\",\n caused by incorrect handling of NULL characters in X.509\n certificates. If an attacker is able to get a carefully-crafted\n certificate signed by a trusted Certificate Authority, the attacker\n could use the certificate during a man-in-the-middle attack and\n potentially confuse cURL into accepting it by mistake. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2009-2417 to this issue\n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not applicable\n\n hosted * any any not applicable\n\n ESXi any ESXi not applicable\n\n ESX 4.0 ESX ESX400-200911232-SG\n ESX 3.5 ESX not affected\n ESX 3.0.3 ESX not affected\n ESX 2.5.5 ESX not affected\n\n vMA 4.0 RHEL5 Patch 2\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n j. Updated Service Console package gnutls\n\n Service Console package gnutil updated to version 1.4.1-3.el5_3.5\n\n A flaw was discovered in the way GnuTLS handles NULL characters in\n certain fields of X.509 certificates. If an attacker is able to get\n a carefully-crafted certificate signed by a Certificate Authority\n trusted by an application using GnuTLS, the attacker could use the\n certificate during a man-in-the-middle attack and potentially\n confuse the application into accepting it by mistake. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2009-2730 to this issue\n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not applicable\n\n hosted * any any not applicable\n\n ESXi any ESXi not applicable\n\n ESX 4.0 ESX ESX400-200911233-SG\n ESX 3.5 ESX not affected\n ESX 3.0.3 ESX not affected\n ESX 2.5.5 ESX not affected\n\n vMA 4.0 RHEL5 Patch 2\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n4. Solution\n\n Please review the patch/release notes for your product and version\n and verify the md5sum of your downloaded file. \n\n\n VMware vCenter Server 4 Update 1\n --------------------------------\n Version 4.0 Update 1\n Build Number 208156\n Release Date 2009/11/19\n Type Product Binaries\n http://downloads.vmware.com/download/download.do?downloadGroup=VC40U1\n\n VMware vCenter Server 4 and modules\n File size: 1.8 GB\n File type: .iso\n MD5SUM: 057d55b32eb27fe5f3e01bc8d3df3bc5\n SHA1SUM: c90134418c2e4d3d6637d8bee44261300ad95ec1\n\n VMware vCenter Server 4 and modules\n File size: 1.5 GB\n File type: .zip\n MD5SUM: f843d9c19795eb3bc5a77f5c545468a8\n SHA1SUM: 9a7abd8e70bd983151e2ee40e1b3931525c4480c\n\n VMware vSphere Client and Host Update Utility\n File size: 113.8 MB\n File type: .exe\n MD5SUM: 6cc6b2c958e7e9529c284e48dfae22a9\n SHA1SUM: f4c19c63a75d93cffc57b170066358160788c959\n\n VMware vCenter Converter BootCD\n File size: 98.8 MB\n File type: .zip\n MD5SUM: 3df94eb0e93de76b0389132ada2a3799\n SHA1SUM: 5d7c04e4f9f8ae25adc8de5963fefd8a4c92464c\n\n VMware vCenter Converter CLI (Linux)\n File size: 36.9 MB\n File type: .tar.gz\n MD5SUM: 3766097563936ba5e03e87e898f6bd48\n SHA1SUM: 36d485bdb5eb279296ce8c8523df04bfb12a2cb4\n\n\n ESXi 4.0 Update 1\n -----------------\n ESXi400-200911201-UG\n\nhttps://hostupdate.vmware.com/software/VUM/OFFLINE/release-155-20091116-013169/ESXi-4.0.0-update01.zip\n md5sum:c6fdd6722d9e5cacb280bdcc2cca0627\n sha1sum:de9d4875f86b6493f9da991a8cff37784215db2e\n http://kb.vmware.com/kb/1014886\n\n NOTE: The three ESXi patches for Firmware, VMware Tools, and the\n VI Client \"C\" are contained in a single download file. \n\n\n ESX 4.0 Update 1\n ----------------\n\nhttps://hostupdate.vmware.com/software/VUM/OFFLINE/release-158-20091118-187517/ESX-4.0.0-update01.zip\n md5sum: 68934321105c34dcda4cbeeab36a2b8f\n sha1sum: 0d8ae58cf9143d5c7113af9692dea11ed2dd864b\n http://kb.vmware.com/kb/1014842\n\n To install an individual bulletin use esxupdate with the -b option. \n esxupdate --bundle=ESX-4.0.0-update01.zip -b ESX400-200911223-UG\n -b ESX400-200911238-SG -b ESX400-200911201-UG -b ESX400-200911235-SG\n -b ESX400-200911237-SG -b ESX400-200911234-SG -b ESX400-200911232-SG\n -b ESX400-200911233-SG update\n\n\n5. References\n\n CVE numbers\n --- JRE ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1093\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1094\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1095\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1096\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1097\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1098\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1099\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1100\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1101\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1102\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1103\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1104\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1105\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1106\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1107\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2670\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2671\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2672\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2673\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2675\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2676\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2716\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2718\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2719\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2720\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2721\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2722\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2723\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2724\n --- Tomcat ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0002\n --- ntp ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1252\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159\n --- kernel ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3528\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5700\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0028\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0269\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0322\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0675\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0676\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0778\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4307\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0834\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1337\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0787\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1336\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1439\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1633\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1072\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1630\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1192\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5966\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1385\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1388\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1389\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1895\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2406\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2407\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2698\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0745\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0746\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0747\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0748\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2847\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2848\n --- python ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2052\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4965\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1721\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1887\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3142\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3143\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3144\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4864\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5031\n --- bind ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696\n --- libxml and libxml2 ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2414\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2416\n --- curl --\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2417\n --- gnutil ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2052\n\n\n- ------------------------------------------------------------------------\n6. Change log\n\n2009-11-20 VMSA-2009-0016\nInitial security advisory after release of vCenter 4.0 Update 1 and\nESX 4.0 Update 1 on 2009-11-19 and release of vMA Patch 2 on 2009-11-23. \n\n- -----------------------------------------------------------------------\n7. Contact\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n * security-announce at lists.vmware.com\n * bugtraq at securityfocus.com\n * full-disclosure at lists.grok.org.uk\n\nE-mail: security at vmware.com\nPGP key at: http://kb.vmware.com/kb/1055\n\nVMware Security Center\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/lifecycle/\n\nCopyright 2009 VMware Inc. All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.0.11 (GNU/Linux)\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/\n\niEYEARECAAYFAksHAooACgkQS2KysvBH1xmQMACfTEcnuPanvucXPmgJCTT054o+\ndtoAniXz+9xLskrkPr3oUzAcDeV729WG\n=wSRz\n-----END PGP SIGNATURE-----\n. \n\n\nAffected Products\n=================\nThe WiKID Strong Authentication Server - Enterprise Edition\nThe WiKID Strong Authentication Server - Community Edition\n\nReferences\n==========\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286\n\nMitigation\n==========\n\nCommercial users may download the most recent RPMs from the website:\nhttp://www.wikidsystems.com/downloads/\n\nUsers of the open source community version may download packages from\nSourceforge:\nhttps://sourceforge.net/project/showfiles.php?group_id=144774\n\n\n\n- --\nNick Owen\nWiKID Systems, Inc. \n404-962-8983 (desk)\nhttp://www.wikidsystems.com\nTwo-factor authentication, without the hassle factor. References\n\n Tomcat release notes\n tomcat.apache.org/security-5.html\n\n CVE numbers\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370\n\n- - ------------------------------------------------------------------------\n6. \n \n A cross-site scripting vulnerability was found in the\n HttpServletResponse.sendError() method which could allow a remote\n attacker to inject arbitrary web script or HTML via forged HTTP headers\n (CVE-2008-1232). \n \n A cross-site scripting vulnerability was found in the host manager\n application that could allow a remote attacker to inject arbitrary\n web script or HTML via the hostname parameter (CVE-2008-1947). \n \n A traversal vulnerability was found when the \u0027allowLinking\u0027 and\n \u0027URIencoding\u0027 settings were actived which could allow a remote attacker\n to use a UTF-8-encoded request to extend their privileges and obtain\n local files accessible to the Tomcat process (CVE-2008-2938). \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2008.0:\n 56ca5eb3e331c6675634a5e3f3c5afd7 2008.0/i586/tomcat5-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n a1c688654decf045f80fb6d8978c73fa 2008.0/i586/tomcat5-admin-webapps-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n 2b7a97313ece05bbd5596045853cfca0 2008.0/i586/tomcat5-common-lib-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n e8384332efad0e2317a646241bece6ee 2008.0/i586/tomcat5-jasper-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n a30cc8061f55f2613c517574263cdd21 2008.0/i586/tomcat5-jasper-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n 4f4a12c8479f27c7f9ed877f5821afa3 2008.0/i586/tomcat5-jsp-2.0-api-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n ced904c459478c1123ed5da41dddbd7f 2008.0/i586/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n 183e045a9b44747c7a4adaec5c860441 2008.0/i586/tomcat5-server-lib-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n 78af5a5788ac359a99a24f03a39c7b94 2008.0/i586/tomcat5-servlet-2.4-api-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n 8e8569bfab5abef912299b9b751e49e9 2008.0/i586/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n 6899c327906423cdd02b930221c2496e 2008.0/i586/tomcat5-webapps-5.5.23-9.2.10.2mdv2008.0.i586.rpm \n 39fd3985d73f2f20efe4ed97c2a5e7c7 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.2mdv2008.0.src.rpm\n\n Mandriva Linux 2008.0/X86_64:\n c4d1c4471c29d8cd34adb9f2002ef294 2008.0/x86_64/tomcat5-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n 2caf09173a64a378636496196d99756f 2008.0/x86_64/tomcat5-admin-webapps-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n d6a9a290638267a1117a55041986d31a 2008.0/x86_64/tomcat5-common-lib-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n 2eead87d72af58ddc9e934b55e49a1aa 2008.0/x86_64/tomcat5-jasper-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n 0fab26f89e83c882c5948a430bf82c8b 2008.0/x86_64/tomcat5-jasper-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n 833334424b555a77e2a9951b71ed8fa3 2008.0/x86_64/tomcat5-jsp-2.0-api-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n 115561d6233c3890cf3b85a7599ed03b 2008.0/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n eccf76ede6fb9256a2b52c861a9b0bb3 2008.0/x86_64/tomcat5-server-lib-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n cd9df1a8a1a5cb3216221bdefdfe8476 2008.0/x86_64/tomcat5-servlet-2.4-api-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n f7440a4111ec2fd30fa32e4bd74a0a20 2008.0/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n 1464eb297888c4df98d8b7eabe7f0197 2008.0/x86_64/tomcat5-webapps-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm \n 39fd3985d73f2f20efe4ed97c2a5e7c7 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.2mdv2008.0.src.rpm\n\n Mandriva Linux 2008.1:\n 594abdc70bc430657eb831520926c73f 2008.1/i586/tomcat5-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n bdec2b83b4fdb4d10a01a65fbdac512d 2008.1/i586/tomcat5-admin-webapps-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 3dbc007722996d1c36f31642f80b5c2a 2008.1/i586/tomcat5-common-lib-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 04b23d162d13f84d1d8707646ea9148c 2008.1/i586/tomcat5-jasper-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 602bf7d4ff261e8af20d50b9e76634bb 2008.1/i586/tomcat5-jasper-eclipse-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 0066e7519a2d3478f0a3e70bd95a7e5b 2008.1/i586/tomcat5-jasper-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 1ba4743762cfa4594a27f0393de47823 2008.1/i586/tomcat5-jsp-2.0-api-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 262f2a39b800562cef36d724ce3efa35 2008.1/i586/tomcat5-jsp-2.0-api-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n b9f2af35a734d0e3a2d9bfe292aaced1 2008.1/i586/tomcat5-server-lib-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 8307ef374c5b995feac394b6f27474d5 2008.1/i586/tomcat5-servlet-2.4-api-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 3f4692170c35f992defcb4111a8133cd 2008.1/i586/tomcat5-servlet-2.4-api-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 02b9d28af879b825754eff6199bf1788 2008.1/i586/tomcat5-webapps-5.5.25-1.2.1.1mdv2008.1.i586.rpm \n 2621d41df35e895a1ed0ed471f93f211 2008.1/SRPMS/tomcat5-5.5.25-1.2.1.1mdv2008.1.src.rpm\n\n Mandriva Linux 2008.1/X86_64:\n 6b1e03e5206eb262970198dccba7d0a3 2008.1/x86_64/tomcat5-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n 930cf38058a0f8902e2741c6512e0aa0 2008.1/x86_64/tomcat5-admin-webapps-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n c527521cb93bab31df3f91422faf02a6 2008.1/x86_64/tomcat5-common-lib-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n f8bef98047ef956c8e4c0f877155e1f1 2008.1/x86_64/tomcat5-jasper-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n 97a8a59178259d26838ce20c176c459a 2008.1/x86_64/tomcat5-jasper-eclipse-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n 3bb885debc8576bd305c9fa4c9d25bfb 2008.1/x86_64/tomcat5-jasper-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n 66dcf08e163fdaaf81992a7d25d84a20 2008.1/x86_64/tomcat5-jsp-2.0-api-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n dd92aab81bf4c75ab30b9b82153b24c0 2008.1/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n 517ed776282d089dd84f81d47104f660 2008.1/x86_64/tomcat5-server-lib-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n 83d4bb973b7fec461e812d74541a5949 2008.1/x86_64/tomcat5-servlet-2.4-api-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n cbdd58e1c9e1e8f0089af055abbd85e0 2008.1/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n cbee0f1f720269f77a66e30709ecd7ae 2008.1/x86_64/tomcat5-webapps-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm \n 2621d41df35e895a1ed0ed471f93f211 2008.1/SRPMS/tomcat5-5.5.25-1.2.1.1mdv2008.1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFIwYsKmqjQ0CJFipgRApJjAKCVZ1XtEGoADQcp8l/m1ECSRstnjACg4qE8\nj+sCdAEJN0CXvurmFcjUvNU=\n=+kFf\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. HP has updated the Apache Tomcat and Oracle database software to\naddress vulnerabilities affecting confidentiality, availability, and\nintegrity. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\n----------------------------------------------------------------------\n\nBist Du interessiert an einem neuen Job in IT-Sicherheit?\n\n\nSecunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-\nSicherheit:\nhttp://secunia.com/secunia_vacancies/\n\n----------------------------------------------------------------------\n\nTITLE:\nphpPgAds XML-RPC PHP Code Execution Vulnerability\n\nSECUNIA ADVISORY ID:\nSA15884\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/15884/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nphpPgAds 2.x\nhttp://secunia.com/product/4577/\n\nDESCRIPTION:\nA vulnerability has been reported in phpPgAds, which can be exploited\nby malicious people to compromise a vulnerable system. \nhttp://sourceforge.net/project/showfiles.php?group_id=36679\n\nOTHER REFERENCES:\nSA15852:\nhttp://secunia.com/advisories/15852/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2008-2370" }, { "db": "CERT/CC", "id": "VU#442845" }, { "db": "JVNDB", "id": "JVNDB-2008-001606" }, { "db": "BID", "id": "30494" }, { "db": "VULMON", "id": "CVE-2008-2370" }, { "db": "PACKETSTORM", "id": "68743" }, { "db": "PACKETSTORM", "id": "74633" }, { "db": "PACKETSTORM", "id": "82837" }, { "db": "PACKETSTORM", "id": "70055" }, { "db": "PACKETSTORM", "id": "125556" }, { "db": "PACKETSTORM", "id": "75161" }, { "db": "PACKETSTORM", "id": "69700" }, { "db": "PACKETSTORM", "id": "125436" }, { "db": "PACKETSTORM", "id": "38390" } ], "trust": 3.51 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=32137", "trust": 0.1, "type": "exploit" } ], "sources": [ { "db": "VULMON", "id": "CVE-2008-2370" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2008-2370", "trust": 3.6 }, { "db": "BID", "id": "30494", "trust": 2.8 }, { "db": "SECUNIA", "id": "31381", "trust": 2.5 }, { "db": "SECUNIA", "id": "31379", "trust": 2.5 }, { "db": "SECTRACK", "id": "1020623", "trust": 2.5 }, { "db": "SECUNIA", "id": "33797", "trust": 1.7 }, { "db": "SECUNIA", "id": "31639", "trust": 1.7 }, { "db": "SECUNIA", "id": "36249", "trust": 1.7 }, { "db": "SECUNIA", "id": "37460", "trust": 1.7 }, { "db": "SECUNIA", "id": "31982", "trust": 1.7 }, { "db": "SECUNIA", "id": "32120", "trust": 1.7 }, { "db": "SECUNIA", "id": "35393", "trust": 1.7 }, { "db": "SECUNIA", "id": "32266", "trust": 1.7 }, { "db": "SECUNIA", "id": "32222", "trust": 1.7 }, { "db": "SECUNIA", "id": "33999", "trust": 1.7 }, { "db": "SECUNIA", "id": "31865", "trust": 1.7 }, { "db": "SECUNIA", "id": "57126", "trust": 1.7 }, { "db": "SECUNIA", "id": "31891", "trust": 1.7 }, { "db": "SECUNIA", "id": "34013", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2009-1535", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2009-0503", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2008-2823", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2008-2780", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2009-3316", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2009-0320", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2009-2215", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2008-2305", "trust": 1.7 }, { "db": "BID", "id": "31681", "trust": 1.7 }, { "db": "SREASON", "id": "4099", "trust": 1.7 }, { "db": "SECUNIA", "id": "15884", "trust": 0.9 }, { "db": "SECUNIA", "id": "15810", "trust": 0.8 }, { "db": "SECUNIA", "id": "15922", "trust": 0.8 }, { "db": "SECUNIA", "id": "15852", "trust": 0.8 }, { "db": "SECUNIA", "id": "15855", "trust": 0.8 }, { "db": "SECUNIA", "id": "15861", "trust": 0.8 }, { "db": "SECUNIA", "id": "15862", "trust": 0.8 }, { "db": "SECUNIA", "id": "15872", "trust": 0.8 }, { "db": "SECUNIA", "id": "15883", "trust": 0.8 }, { "db": "SECUNIA", "id": "15895", "trust": 0.8 }, { "db": "BID", "id": "14088", "trust": 0.8 }, { "db": "SECTRACK", "id": "1014327", "trust": 0.8 }, { "db": "CERT/CC", "id": "VU#442845", "trust": 0.8 }, { "db": "XF", "id": "44156", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2008-001606", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-200808-030", "trust": 0.6 }, { "db": "EXPLOIT-DB", "id": "32137", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2008-2370", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "68743", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "74633", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "82837", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "70055", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "125556", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "75161", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "69700", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "125436", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "38390", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#442845" }, { "db": "VULMON", "id": "CVE-2008-2370" }, { "db": "BID", "id": "30494" }, { "db": "JVNDB", "id": "JVNDB-2008-001606" }, { "db": "PACKETSTORM", "id": "68743" }, { "db": "PACKETSTORM", "id": "74633" }, { "db": "PACKETSTORM", "id": "82837" }, { "db": "PACKETSTORM", "id": "70055" }, { "db": "PACKETSTORM", "id": "125556" }, { "db": "PACKETSTORM", "id": "75161" }, { "db": "PACKETSTORM", "id": "69700" }, { "db": "PACKETSTORM", "id": "125436" }, { "db": "PACKETSTORM", "id": "38390" }, { "db": "CNNVD", "id": "CNNVD-200808-030" }, { "db": "NVD", "id": "CVE-2008-2370" } ] }, "id": "VAR-200808-0011", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.16519225 }, "last_update_date": "2024-09-19T21:52:12.290000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Fixed in Apache Tomcat 5.5.SVN", "trust": 0.8, "url": "http://tomcat.apache.org/security-5.html" }, { "title": "Fixed in Apache Tomcat 6.0.18", "trust": 0.8, "url": "http://tomcat.apache.org/security-6.html" }, { "title": "Fixed in Apache Tomcat 4.1.SVN", "trust": 0.8, "url": "http://tomcat.apache.org/security-4.html" }, { "title": "APPLE-SA-2008-10-09 Security Update 2008-007", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" }, { "title": "HT3216", "trust": 0.8, "url": "http://support.apple.com/en-us/HT3216" }, { "title": "HT3216", "trust": 0.8, "url": "http://support.apple.com/ja-jp/HT3216" }, { "title": "tomcat5-5.5.23-0jpp.7.1.1AXS3", "trust": 0.8, "url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=156" }, { "title": "ASA-2008-401", "trust": 0.8, "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm" }, { "title": "HPSBUX02401 SSRT090005", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01650939" }, { "title": "HPSBST02955 SSRT101157", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c04047415" }, { "title": "1381", "trust": 0.8, "url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=1381" }, { "title": "NV09-012", "trust": 0.8, "url": "http://www.nec.co.jp/security-info/secinfo/nv09-012.html" }, { "title": "RHSA-2008:0648", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2008-0648.html" }, { "title": "RHSA-2008:0862", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2008-0862.html" }, { "title": "Multiple vulnerabilities in Oracle Java Web Console", "trust": 0.8, "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_oracle_java1" }, { "title": "251986", "trust": 0.8, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-251986-1" }, { "title": "VMSA-2009-0002", "trust": 0.8, "url": "http://www.vmware.com/security/advisories/VMSA-2009-0002.html" }, { "title": "VMSA-2009-0016", "trust": 0.8, "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" }, { "title": "interstage_as_200902", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_200902.html" }, { "title": "Red Hat: Important: jbossweb security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20080877 - Security Advisory" }, { "title": "Red Hat: Important: tomcat security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20080864 - Security Advisory" }, { "title": "Red Hat: Important: tomcat security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20080862 - Security Advisory" }, { "title": "Red Hat: Low: tomcat security update for Red Hat Network Satellite Server", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20081007 - Security Advisory" }, { "title": "VMware Security Advisories: VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=73a787a1c84c97013ffa2f87f6d2e4ba" }, { "title": "VMware Security Advisories: VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=4675848a694e2124743f676a2c827ef7" } ], "sources": [ { "db": "VULMON", "id": "CVE-2008-2370" }, { "db": "JVNDB", "id": "JVNDB-2008-001606" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-22", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2008-001606" }, { "db": "NVD", "id": "CVE-2008-2370" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.2, "url": "http://www.securityfocus.com/bid/30494" }, { "trust": 2.5, "url": "http://www.securitytracker.com/id?1020623" }, { "trust": 2.5, "url": "http://secunia.com/advisories/31379" }, { "trust": 2.5, "url": "http://secunia.com/advisories/31381" }, { "trust": 2.4, "url": "http://www.vmware.com/security/advisories/vmsa-2009-0002.html" }, { "trust": 2.3, "url": "http://www.securityfocus.com/bid/31681" }, { "trust": 2.3, "url": "http://www.vmware.com/security/advisories/vmsa-2009-0016.html" }, { "trust": 2.0, "url": "http://tomcat.apache.org/security-4.html" }, { "trust": 2.0, "url": "http://tomcat.apache.org/security-5.html" }, { "trust": 2.0, "url": "http://tomcat.apache.org/security-6.html" }, { "trust": 2.0, "url": "http://support.avaya.com/elmodocs2/security/asa-2008-401.htm" }, { "trust": 2.0, "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/31639" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2008-0648.html" }, { "trust": 1.7, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2008:188" }, { "trust": 1.7, "url": "https://www.redhat.com/archives/fedora-package-announce/2008-september/msg00889.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html" }, { "trust": 1.7, "url": "https://www.redhat.com/archives/fedora-package-announce/2008-september/msg00859.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/31891" }, { "trust": 1.7, "url": "https://www.redhat.com/archives/fedora-package-announce/2008-september/msg00712.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/31865" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2008-0862.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2008-0864.html" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce/2008/oct/msg00001.html" }, { "trust": 1.7, "url": "http://support.apple.com/kb/ht3216" }, { "trust": 1.7, "url": "http://secunia.com/advisories/32222" }, { "trust": 1.7, "url": "http://securityreason.com/securityalert/4099" }, { "trust": 1.7, "url": "http://secunia.com/advisories/31982" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2" }, { "trust": 1.7, "url": "http://secunia.com/advisories/33797" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/32120" }, { "trust": 1.7, "url": "http://secunia.com/advisories/32266" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2009/0503" }, { "trust": 1.7, "url": "http://secunia.com/advisories/33999" }, { "trust": 1.7, "url": "http://secunia.com/advisories/34013" }, { "trust": 1.7, "url": "http://secunia.com/advisories/35393" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2009/1535" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2009/2215" }, { "trust": 1.7, "url": "http://secunia.com/advisories/36249" }, { "trust": 1.7, "url": "http://secunia.com/advisories/37460" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2009/3316" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2008/2780" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2009/0320" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2008/2823" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2008/2305" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2" }, { "trust": 1.7, "url": "http://secunia.com/advisories/57126" }, { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44156" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5876" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10577" }, { "trust": 1.7, "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" }, { "trust": 1.7, "url": "http://www.securityfocus.com/archive/1/495022/100/0/threaded" }, { "trust": 1.6, "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.6, "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.6, "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.6, "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.6, "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.6, "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.6, "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2370" }, { "trust": 0.9, "url": "http://secunia.com/advisories/15884/" }, { "trust": 0.9, "url": "http://secunia.com/advisories/15852/" }, { "trust": 0.8, "url": "http://www.hardened-php.net/advisory-022005.php" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15861/" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15862/" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15895/" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15883/" }, { "trust": 0.8, "url": "http://news.postnuke.com/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=2699" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15855/" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15810/" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15872/" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15922/" }, { "trust": 0.8, "url": "http://securitytracker.com/alerts/2005/jun/1014327.html" }, { "trust": 0.8, "url": "http://www.gulftech.org/?node=research\u0026article_id=00088-07022005" }, { "trust": 0.8, "url": "http://www.gulftech.org/?node=research\u0026article_id=00087-07012005" }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/14088" }, { "trust": 0.8, "url": "http://www.frsirt.com/english/advisories/2008/2305" }, { "trust": 0.8, "url": "http://xforce.iss.net/xforce/xfdb/44156" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-2370" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2370" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1947" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1232" }, { "trust": 0.4, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1232" }, { "trust": 0.4, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1947" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5342" }, { "trust": 0.3, "url": "http://lists.vmware.com/pipermail/security-announce/2009/000068.html" }, { "trust": 0.3, "url": "http://tomcat.apache.org/" }, { "trust": 0.3, "url": "http://www.redhat.com/docs/en-us/jboss_enterprise_application_platform/4.2.0.cp04/html-single/readme/index.html" }, { "trust": 0.3, "url": "https://sourceforge.net/project/shownotes.php?release_id=626903\u0026group_id=144774" }, { "trust": 0.3, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-251986-1" }, { "trust": 0.3, "url": "http://download.novell.com/download?buildid=n5vszfht1vs" }, { "trust": 0.3, "url": "/archive/1/495022" }, { "trust": 0.3, "url": "/archive/1/507985" }, { "trust": 0.3, "url": "http://mail-archives.apache.org/mod_mbox/ode-user/200908.mbox/%3cfbdc6a970908072141w20a7a9d9ka1f896ad8073dffb@mail.gmail.com%3e" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2008-0648.html" }, { "trust": 0.3, "url": "http://www.novell.com/support/viewcontent.do?externalid=7006398" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2938" }, { "trust": 0.3, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5342" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6286" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5333" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5461" }, { "trust": 0.2, "url": "http://enigmail.mozdev.org" }, { "trust": 0.2, "url": "http://kb.vmware.com/kb/1055" }, { "trust": 0.2, "url": "http://www.vmware.com/security" }, { "trust": 0.2, "url": "http://www.vmware.com/support/policies/eos.html" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5461" }, { "trust": 0.2, "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce" }, { "trust": 0.2, "url": "http://www.vmware.com/resources/techresources/726" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6286" }, { "trust": 0.2, "url": "http://www.vmware.com/support/policies/security_response.html" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5333" }, { "trust": 0.2, "url": "http://secunia.com/" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2938" }, { "trust": 0.2, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2204" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0002" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3548" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2526" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2902" }, { "trust": 0.2, "url": "http://www.hp.com" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0534" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-5035" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3718" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3190" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2693" }, { "trust": 0.2, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2227" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-5063" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1184" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-5064" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4172" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2481" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-5062" }, { "trust": 0.2, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.2, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0013" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1157" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2729" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2901" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/22.html" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2008:0877" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.exploit-db.com/exploits/32137/" }, { "trust": 0.1, "url": "http://tomcat.apache.org/security.html" }, { "trust": 0.1, "url": "http://svn.apache.org/viewvc?rev=680949\u0026view=rev" }, { "trust": 0.1, "url": "http://host/page.jsp?blah=/../web-inf/web.xml" }, { "trust": 0.1, "url": "http://svn.apache.org/viewvc?rev=680950\u0026view=rev" }, { "trust": 0.1, "url": "http://software.hp.com" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2364" }, { "trust": 0.1, "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6420" }, { "trust": 0.1, "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc" }, { "trust": 0.1, "url": "https://www.hp.com/go/swa" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2939" }, { "trust": 0.1, "url": "http://h30046.www3.hp.com/subsignin.php" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-3658" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1630" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1102" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1099" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1098" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0745" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5515" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2671" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0675" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2671" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0033" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1096" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2052" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2315" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2416" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1093" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1095" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2718" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1101" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1094" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1099" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2724" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5031" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0159" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3143" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1439" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2716" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4864" }, { "trust": 0.1, "url": "http://downloads.vmware.com/download/download.do?downloadgroup=vc40u1" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1895" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3142" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3144" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1093" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2407" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2692" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2673" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1887" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2723" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0778" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2676" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1096" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1721" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2675" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1103" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1097" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0746" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1103" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1385" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2670" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1633" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0747" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1106" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1102" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2414" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4965" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0748" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0834" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1014842" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2847" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4307" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1097" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1105" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3528" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2406" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2720" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2625" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2417" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/lifecycle/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2670" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1106" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1337" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2722" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1094" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0781" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2698" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0783" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1107" }, { "trust": 0.1, "url": "https://hostupdate.vmware.com/software/vum/offline/release-155-20091116-013169/esxi-4.0.0-update01.zip" }, { "trust": 0.1, "url": "https://hostupdate.vmware.com/software/vum/offline/release-158-20091118-187517/esx-4.0.0-update01.zip" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1101" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1104" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1252" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1100" }, { "trust": 0.1, "url": "http://enigmail.mozdev.org/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0676" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0028" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0696" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1072" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1336" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1014886" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1104" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2721" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0269" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1098" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1388" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1107" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1192" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1100" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0002" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5700" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1389" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5966" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0580" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0322" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2672" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1095" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2719" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2625" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0787" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1105" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2848" }, { "trust": 0.1, "url": "http://www.wikidsystems.com" }, { "trust": 0.1, "url": "https://sourceforge.net/project/showfiles.php?group_id=144774" }, { "trust": 0.1, "url": "http://www.wikidsystems.com/downloads/" }, { "trust": 0.1, "url": "http://www.vmware.com/download/download.do?downloadgroup=vc250u4" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/eos_vi.html" }, { "trust": 0.1, "url": "http://www.vmware.com/support/vi3/doc/vi3_vc25u4_rel_notes.html" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/advisories" }, { "trust": 0.1, "url": "http://secunia.com/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/product/4577/" }, { "trust": 0.1, "url": "http://secunia.com/secunia_vacancies/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://sourceforge.net/project/showfiles.php?group_id=36679" }, { "trust": 0.1, "url": "http://secunia.com/about_secunia_advisories/" } ], "sources": [ { "db": "CERT/CC", "id": "VU#442845" }, { "db": "VULMON", "id": "CVE-2008-2370" }, { "db": "BID", "id": "30494" }, { "db": "JVNDB", "id": "JVNDB-2008-001606" }, { "db": "PACKETSTORM", "id": "68743" }, { "db": "PACKETSTORM", "id": "74633" }, { "db": "PACKETSTORM", "id": "82837" }, { "db": "PACKETSTORM", "id": "70055" }, { "db": "PACKETSTORM", "id": "125556" }, { "db": "PACKETSTORM", "id": "75161" }, { "db": "PACKETSTORM", "id": "69700" }, { "db": "PACKETSTORM", "id": "125436" }, { "db": "PACKETSTORM", "id": "38390" }, { "db": "CNNVD", "id": "CNNVD-200808-030" }, { "db": "NVD", "id": "CVE-2008-2370" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#442845" }, { "db": "VULMON", "id": "CVE-2008-2370" }, { "db": "BID", "id": "30494" }, { "db": "JVNDB", "id": "JVNDB-2008-001606" }, { "db": "PACKETSTORM", "id": "68743" }, { "db": "PACKETSTORM", "id": "74633" }, { "db": "PACKETSTORM", "id": "82837" }, { "db": "PACKETSTORM", "id": "70055" }, { "db": "PACKETSTORM", "id": "125556" }, { "db": "PACKETSTORM", "id": "75161" }, { "db": "PACKETSTORM", "id": "69700" }, { "db": "PACKETSTORM", "id": "125436" }, { "db": "PACKETSTORM", "id": "38390" }, { "db": "CNNVD", "id": "CNNVD-200808-030" }, { "db": "NVD", "id": "CVE-2008-2370" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2005-07-06T00:00:00", "db": "CERT/CC", "id": "VU#442845" }, { "date": "2008-08-04T00:00:00", "db": "VULMON", "id": "CVE-2008-2370" }, { "date": "2008-08-01T00:00:00", "db": "BID", "id": "30494" }, { "date": "2008-09-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2008-001606" }, { "date": "2008-08-01T20:26:42", "db": "PACKETSTORM", "id": "68743" }, { "date": "2009-02-04T18:45:10", "db": "PACKETSTORM", "id": "74633" }, { "date": "2009-11-20T22:21:26", "db": "PACKETSTORM", "id": "82837" }, { "date": "2008-09-17T15:13:40", "db": "PACKETSTORM", "id": "70055" }, { "date": "2014-03-06T02:39:08", "db": "PACKETSTORM", "id": "125556" }, { "date": "2009-02-25T00:58:34", "db": "PACKETSTORM", "id": "75161" }, { "date": "2008-09-06T00:23:13", "db": "PACKETSTORM", "id": "69700" }, { "date": "2014-02-26T22:39:24", "db": "PACKETSTORM", "id": "125436" }, { "date": "2005-07-01T23:31:00", "db": "PACKETSTORM", "id": "38390" }, { "date": "2007-05-16T00:00:00", "db": "CNNVD", "id": "CNNVD-200808-030" }, { "date": "2008-08-04T01:41:00", "db": "NVD", "id": "CVE-2008-2370" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2007-03-09T00:00:00", "db": "CERT/CC", "id": "VU#442845" }, { "date": "2019-03-25T00:00:00", "db": "VULMON", "id": "CVE-2008-2370" }, { "date": "2015-05-07T17:17:00", "db": "BID", "id": "30494" }, { "date": "2015-03-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2008-001606" }, { "date": "2023-02-14T00:00:00", "db": "CNNVD", "id": "CNNVD-200808-030" }, { "date": "2023-02-13T02:19:08.810000", "db": "NVD", "id": "CVE-2008-2370" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200808-030" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Multiple PHP XML-RPC implementations vulnerable to code injection", "sources": [ { "db": "CERT/CC", "id": "VU#442845" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "path traversal", "sources": [ { "db": "CNNVD", "id": "CNNVD-200808-030" } ], "trust": 0.6 } }
var-201110-0393
Vulnerability from variot
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to Deployment. The vulnerability can be exploited over multiple protocols. This issue affects the 'Deployment' sub-component. This vulnerability affects the following supported versions: JDK and JRE 7, 6 Update 27, JavaFX 2.0. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201111-02
http://security.gentoo.org/
Severity: Normal Title: Oracle JRE/JDK: Multiple vulnerabilities Date: November 05, 2011 Bugs: #340421, #354213, #370559, #387851 ID: 201111-02
Synopsis
Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/sun-jre-bin < 1.6.0.29 >= 1.6.0.29 * 2 app-emulation/emul-linux-x86-java < 1.6.0.29 >= 1.6.0.29 * 3 dev-java/sun-jdk < 1.6.0.29 >= 1.6.0.29 * ------------------------------------------------------------------- NOTE: Packages marked with asterisks require manual intervention! ------------------------------------------------------------------- 3 affected packages -------------------------------------------------------------------
Description
Multiple vulnerabilities have been reported in the Oracle Java implementation.
Impact
A remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code.
Workaround
There is no known workaround at this time.
Resolution
All Oracle JDK 1.6 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.6.0.29"
All Oracle JRE 1.6 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.6.0.29"
All users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to the latest version:
# emerge --sync # emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.6.0.29"
NOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically. This limitation is not present on a non-fetch restricted implementation such as dev-java/icedtea-bin.
References
[ 1 ] CVE-2010-3541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541 [ 2 ] CVE-2010-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548 [ 3 ] CVE-2010-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549 [ 4 ] CVE-2010-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550 [ 5 ] CVE-2010-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551 [ 6 ] CVE-2010-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552 [ 7 ] CVE-2010-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553 [ 8 ] CVE-2010-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554 [ 9 ] CVE-2010-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555 [ 10 ] CVE-2010-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556 [ 11 ] CVE-2010-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557 [ 12 ] CVE-2010-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558 [ 13 ] CVE-2010-3559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559 [ 14 ] CVE-2010-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560 [ 15 ] CVE-2010-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561 [ 16 ] CVE-2010-3562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562 [ 17 ] CVE-2010-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563 [ 18 ] CVE-2010-3565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565 [ 19 ] CVE-2010-3566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566 [ 20 ] CVE-2010-3567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567 [ 21 ] CVE-2010-3568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568 [ 22 ] CVE-2010-3569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569 [ 23 ] CVE-2010-3570 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570 [ 24 ] CVE-2010-3571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571 [ 25 ] CVE-2010-3572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572 [ 26 ] CVE-2010-3573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573 [ 27 ] CVE-2010-3574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574 [ 28 ] CVE-2010-4422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422 [ 29 ] CVE-2010-4447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447 [ 30 ] CVE-2010-4448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448 [ 31 ] CVE-2010-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450 [ 32 ] CVE-2010-4451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451 [ 33 ] CVE-2010-4452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452 [ 34 ] CVE-2010-4454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454 [ 35 ] CVE-2010-4462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462 [ 36 ] CVE-2010-4463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463 [ 37 ] CVE-2010-4465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465 [ 38 ] CVE-2010-4466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466 [ 39 ] CVE-2010-4467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467 [ 40 ] CVE-2010-4468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468 [ 41 ] CVE-2010-4469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469 [ 42 ] CVE-2010-4470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470 [ 43 ] CVE-2010-4471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471 [ 44 ] CVE-2010-4472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472 [ 45 ] CVE-2010-4473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473 [ 46 ] CVE-2010-4474 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474 [ 47 ] CVE-2010-4475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475 [ 48 ] CVE-2010-4476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476 [ 49 ] CVE-2011-0802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802 [ 50 ] CVE-2011-0814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814 [ 51 ] CVE-2011-0815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815 [ 52 ] CVE-2011-0862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862 [ 53 ] CVE-2011-0863 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863 [ 54 ] CVE-2011-0864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864 [ 55 ] CVE-2011-0865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865 [ 56 ] CVE-2011-0867 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867 [ 57 ] CVE-2011-0868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868 [ 58 ] CVE-2011-0869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869 [ 59 ] CVE-2011-0871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871 [ 60 ] CVE-2011-0872 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872 [ 61 ] CVE-2011-0873 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873 [ 62 ] CVE-2011-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389 [ 63 ] CVE-2011-3516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516 [ 64 ] CVE-2011-3521 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521 [ 65 ] CVE-2011-3544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544 [ 66 ] CVE-2011-3545 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545 [ 67 ] CVE-2011-3546 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546 [ 68 ] CVE-2011-3547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547 [ 69 ] CVE-2011-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548 [ 70 ] CVE-2011-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549 [ 71 ] CVE-2011-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550 [ 72 ] CVE-2011-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551 [ 73 ] CVE-2011-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552 [ 74 ] CVE-2011-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553 [ 75 ] CVE-2011-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554 [ 76 ] CVE-2011-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555 [ 77 ] CVE-2011-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556 [ 78 ] CVE-2011-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557 [ 79 ] CVE-2011-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558 [ 80 ] CVE-2011-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560 [ 81 ] CVE-2011-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201111-02.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: java-1.6.0-sun security update Advisory ID: RHSA-2011:1384-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1384.html Issue date: 2011-10-19 CVE Names: CVE-2011-3389 CVE-2011-3516 CVE-2011-3521 CVE-2011-3544 CVE-2011-3545 CVE-2011-3546 CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 CVE-2011-3550 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3555 CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 CVE-2011-3560 CVE-2011-3561 =====================================================================
- Summary:
Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
-
Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section. All running instances of Sun Java must be restarted for the update to take effect.
-
Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
- Bugs fixed (http://bugzilla.redhat.com/):
737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) 745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936) 745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600) 745391 - CVE-2011-3551 OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640) 745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417) 745399 - CVE-2011-3544 OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823) 745442 - CVE-2011-3521 OpenJDK: IIOP deserialization code execution (Deserialization, 7055902) 745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857) 745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466) 745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012) 745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773) 745476 - CVE-2011-3553 OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794) 745492 - CVE-2011-3558 OpenJDK: Hotspot unspecified issue (Hotspot, 7070134) 747191 - CVE-2011-3545 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Sound) 747198 - CVE-2011-3549 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Swing) 747200 - CVE-2011-3550 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (AWT) 747203 - CVE-2011-3516 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment) 747205 - CVE-2011-3546 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment) 747206 - CVE-2011-3555 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (JRE) 747208 - CVE-2011-3561 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)
- Package List:
Red Hat Enterprise Linux AS version 4 Extras:
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm
Red Hat Desktop version 4 Extras:
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm
Red Hat Enterprise Linux ES version 4 Extras:
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm
Red Hat Enterprise Linux WS version 4 Extras:
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.x86_64.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node Supplementary (v. 6):
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-3389.html https://www.redhat.com/security/data/cve/CVE-2011-3516.html https://www.redhat.com/security/data/cve/CVE-2011-3521.html https://www.redhat.com/security/data/cve/CVE-2011-3544.html https://www.redhat.com/security/data/cve/CVE-2011-3545.html https://www.redhat.com/security/data/cve/CVE-2011-3546.html https://www.redhat.com/security/data/cve/CVE-2011-3547.html https://www.redhat.com/security/data/cve/CVE-2011-3548.html https://www.redhat.com/security/data/cve/CVE-2011-3549.html https://www.redhat.com/security/data/cve/CVE-2011-3550.html https://www.redhat.com/security/data/cve/CVE-2011-3551.html https://www.redhat.com/security/data/cve/CVE-2011-3552.html https://www.redhat.com/security/data/cve/CVE-2011-3553.html https://www.redhat.com/security/data/cve/CVE-2011-3554.html https://www.redhat.com/security/data/cve/CVE-2011-3555.html https://www.redhat.com/security/data/cve/CVE-2011-3556.html https://www.redhat.com/security/data/cve/CVE-2011-3557.html https://www.redhat.com/security/data/cve/CVE-2011-3558.html https://www.redhat.com/security/data/cve/CVE-2011-3560.html https://www.redhat.com/security/data/cve/CVE-2011-3561.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFOnw+BXlSAg2UNWIIRArM2AJwNT0vxdrXLgkZjOCwP8LkDemBYzQCbBrE3 0MJzQCB587rTzSRSo+gGytc= =809z -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6
Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 are now available and address the following:
Java Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, Mac OS X v10.7.2, Mac OS X Server v10.7.2 Impact: Multiple vulnerabilities in Java 1.6.0_26 Description: Multiple vulnerabilities exist in Java 1.6.0_26, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_29. Further information is available via the Java website at http://java.sun.com/javase/6/webnotes/ReleaseNotes.html CVE-ID CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3545 CVE-2011-3546 CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 CVE-2011-3560 CVE-2011-3561
Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
For Mac OS X v10.6 systems The download file is named: JavaForMacOSX10.6.dmg Its SHA-1 digest is: be0ac75b8bac967f1d39a94ebf9482a61fb7d70b
For Mac OS X v10.7 systems The download file is named: JavaForMacOSX10.7.dmg Its SHA-1 digest is: 7768e6aeb5adaa638c74d4c04150517ed99fed20
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iQEcBAEBAgAGBQJOuZNKAAoJEGnF2JsdZQeece8H/1I98YQ1LF4iDD442zB+WjZP 2Vxd3euXYwySD6qDCYNLJ0hUKu90c/4nr5d5rRH3xYdBzAHuZG39m069lpN1UZIW t5ube+j9zjiejnXlPbAgq+vIAg22nu0EdxhOOZZeQOoEYqyoKhXNCt3fR+tzo3o4 mN/LWMO1NwrM0sGDPuUGs2TWdPZbC4QJJz4Z4S+FsTlujYh9MRd3dyxLBIg7BKCL wgnFdpFW8bPmVdiTj91pC0Gb3XtolQxexXGHsdI15KeFMbQ06nKV/AyvxMF8O5jS D089GEHE52NAQCZ0YJ6TJsisrGqTZZ77js55cPU259FogxEKKBuwfdFbn4qVeD8= =4KBF -----END PGP SIGNATURE----- .
Release Date: 2012-01-23 Last Updated: 2012-01-23
Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.12 or earlier
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-3516 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2011-3521 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3544 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3545 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3546 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8 CVE-2011-3547 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3548 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3549 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3550 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2011-3551 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2011-3552 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2011-3553 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2011-3554 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3556 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-3557 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2011-3558 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3560 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2011-3561 (AV:A/AC:H/Au:N/C:P/I:N/A:N) 1.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following Java version upgrades to resolve these vulnerabilities. This bulletin will be revised as other upgrades for additional supported Java versions become available. The upgrades are available from the following location
http://www.hp.com/go/java
HP-UX B.11.11, B.11.23, B.11.31 JDK and JRE v6.0.13 or subsequent
MANUAL ACTIONS: Yes - Update For Java v6.0.12 and earlier, update to Java v6.0.13 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 =========== Jre60.JRE60-COM Jre60.JRE60-IPF32 Jre60.JRE60-IPF32-HS Jre60.JRE60-IPF64 Jre60.JRE60-IPF64-HS Jre60.JRE60-PA20 Jre60.JRE60-PA20-HS Jre60.JRE60-PA20W Jre60.JRE60-PA20W-HS Jdk60.JDK60-COM Jdk60.JDK60-IPF32 Jdk60.JDK60-IPF64 Jdk60.JDK60-PA20 Jdk60.JDK60-PA20W action: install revision 1.6.0.13.00 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) 23 January 2012 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201110-0393", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "javafx", "scope": "eq", "trust": 2.4, "vendor": "oracle", "version": "2.0" }, { "model": "jdk", "scope": "eq", "trust": 1.6, "vendor": "oracle", "version": "1.7.0" }, { "model": "jre", "scope": "eq", "trust": 1.6, "vendor": "oracle", "version": "1.6.0" }, { "model": "jre", "scope": "eq", "trust": 1.6, "vendor": "oracle", "version": "1.7.0" }, { "model": "esx", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "3.5" }, { "model": "esx", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "4.0" }, { "model": "esx", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "4.1" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.6.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jre", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "1.6.0" }, { "model": "jdk", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "1.6.0" }, { "model": "jre 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 28", "scope": "ne", "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 27", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 27", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 12", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.7" }, { "model": "jre 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 01", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 28", "scope": "ne", "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 26", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 26", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 24", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 11", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.7" }, { "model": "jdk 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 24", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "vcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "4.0 (windows)" }, { "model": "vcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "4.1 (windows)" }, { "model": "vcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "5.0 (windows)" }, { "model": "virtualcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "2.5 (windows)" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6.8" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.7.2" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6.8" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.7.2" }, { "model": "jdk", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "6 update 27" }, { "model": "jdk", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "7" }, { "model": "jre", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "6 update 27" }, { "model": "jre", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "7" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 extras" }, { "model": "enterprise linux hpc node supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux server supplementary eus", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6.1.z" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "jdk 01-b06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 2", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 01", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 20", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "java se sr8 fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8" }, { "model": "linux enterprise sdk sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "trio tview software", "scope": "eq", "trust": 0.3, "vendor": "schneider electric", "version": "3.27.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.1" }, { "model": "nonstop server h06.16.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.19.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "enterprise linux as extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "jdk 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6" }, { "model": "nonstop server j06.08.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.15.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.06" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "trio tview software", "scope": "ne", "trust": 0.3, "vendor": "schneider electric", "version": "3.29.0" }, { "model": "nonstop server j06.06.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "15.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1" }, { "model": "nonstop server j06.14", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.8" }, { "model": "nonstop server j06.09.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.26", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.06" }, { "model": "nonstop server j06.04.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system platform sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.2" }, { "model": "nonstop server j06.13", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "linux enterprise server sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "nonstop server j06.09.04", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.2" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0.0.52" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "nonstop server h06.18.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.15.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.22.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.014" }, { "model": "nonstop server j06.12.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ir", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server j06.05.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.011" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.02" }, { "model": "nonstop server j06.08.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.09.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.01" }, { "model": "nonstop server j06.16", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "java se sr6", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "nonstop server j6.0.14.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "freeflow print server 73.c0.41", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.011" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.2" }, { "model": "enterprise linux desktop supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0" }, { "model": "nonstop server j06.07.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.09.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "nonstop server j06.10.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "nonstop server j06.06.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.012" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "nonstop server h06.24.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.0" }, { "model": "nonstop server h06.25", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "messaging storage server sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.012" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.04" }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.0.2" }, { "model": "nonstop server h06.15.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "freeflow print server 73.b3.61", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "linux enterprise software development kit sp1 for sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.04" }, { "model": "virtualcenter update 6b", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "2.5" }, { "model": "security appscan standard", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "enterprise linux ws extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "java se sr9", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "nonstop server j06.07.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "enterprise linux es extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "message networking sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux enterprise server for vmware sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.010" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.013" }, { "model": "nonstop server j06.08.04", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "nonstop server j06.08.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura system manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "messaging storage server sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.015" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.010" }, { "model": "nonstop server h06.15.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.24", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.013" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.018" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.019" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "java se sr10", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "nonstop server h06.16.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.18.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.20.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.6" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.015" }, { "model": "nonstop server j06.13.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "nonstop server h06.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.014" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.019" }, { "model": "nonstop server h06.19.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "java se sr7", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "openpages grc platform", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.2.1" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "nonstop server h06.22.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.020" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "nonstop server h06.19.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "linux enterprise server sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.03" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.7" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.05" }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.1" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.020" }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "interactive response", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.1" }, { "model": "nonstop server j06.11.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr9-fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0" }, { "model": "nonstop server j06.15", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.03" }, { "model": "messaging application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "update manager update", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "5.01" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server h06.21.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "virtualcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "nonstop server h06.20.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "messaging storage server sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "nonstop server j06.05.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.07.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cms server aux", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "15.0" }, { "model": "nonstop server h06.21.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server h06.19.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux enterprise java sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.2" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.7" }, { "model": "nonstop server j06.11.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "nonstop server h06.26.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "javafx", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "2.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "linux enterprise server sp1 for sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.021" }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "desktop extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "nonstop server j06.04.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "nonstop server j06.04.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "nonstop server j06.06.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.016" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "nonstop server h06.21.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.021" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.07" }, { "model": "nonstop server j06.06.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.17.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.016" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.018" }, { "model": "update manager", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura system platform sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "jdk 1.6.0 01-b06", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.07" }, { "model": "nonstop server h06.20.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "nonstop server j06.10.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server h06.17.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.017" }, { "model": "enterprise linux hpc node supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "nonstop server h06.16.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.4" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.2" }, { "model": "nonstop server j06.05.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "linux enterprise java sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.017" }, { "model": "java se sr1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "nonstop server h06.20.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "nonstop server j06.09.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0.1" }, { "model": "nonstop server h06.17.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.08.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura conferencing standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server j06.10.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "nonstop server h06.25.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.18.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.27", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.05" }, { "model": "nonstop server h06.17.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.14.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.2" } ], "sources": [ { "db": "BID", "id": "50239" }, { "db": "JVNDB", "id": "JVNDB-2011-002580" }, { "db": "CNNVD", "id": "CNNVD-201110-477" }, { "db": "NVD", "id": "CVE-2011-3546" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:vmware:esx", "vulnerable": true }, { "cpe22Uri": "cpe:/a:vmware:vcenter", "vulnerable": true }, { "cpe22Uri": "cpe:/a:vmware:virtualcenter", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:javafx", "vulnerable": true }, { "cpe22Uri": "cpe:/a:sun:jdk", "vulnerable": true }, { "cpe22Uri": "cpe:/a:sun:jre", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:enterprise_linux", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:enterprise_linux_hpc_node_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_server_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_server_supplementary_eus", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_workstation_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_desktop_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_supplementary", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-002580" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Oracle", "sources": [ { "db": "BID", "id": "50239" }, { "db": "CNNVD", "id": "CNNVD-201110-477" } ], "trust": 0.9 }, "cve": "CVE-2011-3546", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2011-3546", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2011-3546", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2011-3546", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201110-477", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2011-3546", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3546" }, { "db": "JVNDB", "id": "JVNDB-2011-002580" }, { "db": "CNNVD", "id": "CNNVD-201110-477" }, { "db": "NVD", "id": "CVE-2011-3546" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to Deployment. \nThe vulnerability can be exploited over multiple protocols. This issue affects the \u0027Deployment\u0027 sub-component. \nThis vulnerability affects the following supported versions:\nJDK and JRE 7, 6 Update 27, JavaFX 2.0. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201111-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Oracle JRE/JDK: Multiple vulnerabilities\n Date: November 05, 2011\n Bugs: #340421, #354213, #370559, #387851\n ID: 201111-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in the Oracle JRE/JDK,\nallowing attackers to cause unspecified impact. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-java/sun-jre-bin \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n 2 app-emulation/emul-linux-x86-java\n \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n 3 dev-java/sun-jdk \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n -------------------------------------------------------------------\n NOTE: Packages marked with asterisks require manual intervention!\n -------------------------------------------------------------------\n 3 affected packages\n -------------------------------------------------------------------\n\nDescription\n===========\n\nMultiple vulnerabilities have been reported in the Oracle Java\nimplementation. \n\nImpact\n======\n\nA remote attacker could exploit these vulnerabilities to cause\nunspecified impact, possibly including remote execution of arbitrary\ncode. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Oracle JDK 1.6 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-java/sun-jdk-1.6.0.29\"\n\nAll Oracle JRE 1.6 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-java/sun-jre-bin-1.6.0.29\"\n\nAll users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to\nthe latest version:\n\n # emerge --sync\n # emerge -a -1 -v \"\u003e=app-emulation/emul-linux-x86-java-1.6.0.29\"\n\nNOTE: As Oracle has revoked the DLJ license for its Java\nimplementation, the packages can no longer be updated automatically. \nThis limitation is not present on a non-fetch restricted implementation\nsuch as dev-java/icedtea-bin. \n\nReferences\n==========\n\n[ 1 ] CVE-2010-3541\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541\n[ 2 ] CVE-2010-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548\n[ 3 ] CVE-2010-3549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549\n[ 4 ] CVE-2010-3550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550\n[ 5 ] CVE-2010-3551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551\n[ 6 ] CVE-2010-3552\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552\n[ 7 ] CVE-2010-3553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553\n[ 8 ] CVE-2010-3554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554\n[ 9 ] CVE-2010-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555\n[ 10 ] CVE-2010-3556\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556\n[ 11 ] CVE-2010-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557\n[ 12 ] CVE-2010-3558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558\n[ 13 ] CVE-2010-3559\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559\n[ 14 ] CVE-2010-3560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560\n[ 15 ] CVE-2010-3561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561\n[ 16 ] CVE-2010-3562\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562\n[ 17 ] CVE-2010-3563\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563\n[ 18 ] CVE-2010-3565\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565\n[ 19 ] CVE-2010-3566\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566\n[ 20 ] CVE-2010-3567\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567\n[ 21 ] CVE-2010-3568\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568\n[ 22 ] CVE-2010-3569\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569\n[ 23 ] CVE-2010-3570\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570\n[ 24 ] CVE-2010-3571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571\n[ 25 ] CVE-2010-3572\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572\n[ 26 ] CVE-2010-3573\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573\n[ 27 ] CVE-2010-3574\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574\n[ 28 ] CVE-2010-4422\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422\n[ 29 ] CVE-2010-4447\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447\n[ 30 ] CVE-2010-4448\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448\n[ 31 ] CVE-2010-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450\n[ 32 ] CVE-2010-4451\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451\n[ 33 ] CVE-2010-4452\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452\n[ 34 ] CVE-2010-4454\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454\n[ 35 ] CVE-2010-4462\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462\n[ 36 ] CVE-2010-4463\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463\n[ 37 ] CVE-2010-4465\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465\n[ 38 ] CVE-2010-4466\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466\n[ 39 ] CVE-2010-4467\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467\n[ 40 ] CVE-2010-4468\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468\n[ 41 ] CVE-2010-4469\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469\n[ 42 ] CVE-2010-4470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470\n[ 43 ] CVE-2010-4471\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471\n[ 44 ] CVE-2010-4472\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472\n[ 45 ] CVE-2010-4473\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473\n[ 46 ] CVE-2010-4474\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474\n[ 47 ] CVE-2010-4475\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475\n[ 48 ] CVE-2010-4476\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476\n[ 49 ] CVE-2011-0802\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802\n[ 50 ] CVE-2011-0814\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814\n[ 51 ] CVE-2011-0815\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815\n[ 52 ] CVE-2011-0862\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862\n[ 53 ] CVE-2011-0863\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863\n[ 54 ] CVE-2011-0864\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864\n[ 55 ] CVE-2011-0865\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865\n[ 56 ] CVE-2011-0867\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867\n[ 57 ] CVE-2011-0868\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868\n[ 58 ] CVE-2011-0869\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869\n[ 59 ] CVE-2011-0871\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871\n[ 60 ] CVE-2011-0872\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872\n[ 61 ] CVE-2011-0873\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873\n[ 62 ] CVE-2011-3389\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389\n[ 63 ] CVE-2011-3516\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516\n[ 64 ] CVE-2011-3521\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521\n[ 65 ] CVE-2011-3544\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544\n[ 66 ] CVE-2011-3545\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545\n[ 67 ] CVE-2011-3546\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546\n[ 68 ] CVE-2011-3547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547\n[ 69 ] CVE-2011-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548\n[ 70 ] CVE-2011-3549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549\n[ 71 ] CVE-2011-3550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550\n[ 72 ] CVE-2011-3551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551\n[ 73 ] CVE-2011-3552\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552\n[ 74 ] CVE-2011-3553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553\n[ 75 ] CVE-2011-3554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554\n[ 76 ] CVE-2011-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555\n[ 77 ] CVE-2011-3556\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556\n[ 78 ] CVE-2011-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557\n[ 79 ] CVE-2011-3558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558\n[ 80 ] CVE-2011-3560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560\n[ 81 ] CVE-2011-3561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201111-02.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. In a typical operating environment, these are of low security risk as\nthe runtime is not used on untrusted applets. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: java-1.6.0-sun security update\nAdvisory ID: RHSA-2011:1384-01\nProduct: Red Hat Enterprise Linux Extras\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2011-1384.html\nIssue date: 2011-10-19\nCVE Names: CVE-2011-3389 CVE-2011-3516 CVE-2011-3521 \n CVE-2011-3544 CVE-2011-3545 CVE-2011-3546 \n CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 \n CVE-2011-3550 CVE-2011-3551 CVE-2011-3552 \n CVE-2011-3553 CVE-2011-3554 CVE-2011-3555 \n CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 \n CVE-2011-3560 CVE-2011-3561 \n=====================================================================\n\n1. Summary:\n\nUpdated java-1.6.0-sun packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise\nLinux 5 and 6 Supplementary. \n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Desktop version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux AS version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux ES version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux WS version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. Further\ninformation about these flaws can be found on the Oracle Java SE Critical\nPatch page, listed in the References section. \nAll running instances of Sun Java must be restarted for the update to take\neffect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)\n745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936)\n745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600)\n745391 - CVE-2011-3551 OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640)\n745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417)\n745399 - CVE-2011-3544 OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823)\n745442 - CVE-2011-3521 OpenJDK: IIOP deserialization code execution (Deserialization, 7055902)\n745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857)\n745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466)\n745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012)\n745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773)\n745476 - CVE-2011-3553 OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794)\n745492 - CVE-2011-3558 OpenJDK: Hotspot unspecified issue (Hotspot, 7070134)\n747191 - CVE-2011-3545 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Sound)\n747198 - CVE-2011-3549 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Swing)\n747200 - CVE-2011-3550 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (AWT)\n747203 - CVE-2011-3516 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)\n747205 - CVE-2011-3546 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)\n747206 - CVE-2011-3555 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (JRE)\n747208 - CVE-2011-3561 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)\n\n6. Package List:\n\nRed Hat Enterprise Linux AS version 4 Extras:\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm\n\nRed Hat Desktop version 4 Extras:\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm\n\nRed Hat Enterprise Linux ES version 4 Extras:\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm\n\nRed Hat Enterprise Linux WS version 4 Extras:\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5):\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 5):\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6):\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3389.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3516.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3521.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3544.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3545.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3546.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3547.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3548.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3549.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3550.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3551.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3552.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3553.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3554.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3555.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3556.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3557.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3558.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3560.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3561.html\nhttps://access.redhat.com/security/updates/classification/#critical\nhttp://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2011 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFOnw+BXlSAg2UNWIIRArM2AJwNT0vxdrXLgkZjOCwP8LkDemBYzQCbBrE3\n0MJzQCB587rTzSRSo+gGytc=\n=809z\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac\nOS X 10.6 Update 6\n\nJava for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6\nare now available and address the following:\n\nJava\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nMac OS X v10.7.2, Mac OS X Server v10.7.2\nImpact: Multiple vulnerabilities in Java 1.6.0_26\nDescription: Multiple vulnerabilities exist in Java 1.6.0_26, the\nmost serious of which may allow an untrusted Java applet to execute\narbitrary code outside the Java sandbox. Visiting a web page\ncontaining a maliciously crafted untrusted Java applet may lead to\narbitrary code execution with the privileges of the current user. \nThese issues are addressed by updating to Java version 1.6.0_29. \nFurther information is available via the Java website at\nhttp://java.sun.com/javase/6/webnotes/ReleaseNotes.html\nCVE-ID\nCVE-2011-3389\nCVE-2011-3521\nCVE-2011-3544\nCVE-2011-3545\nCVE-2011-3546\nCVE-2011-3547\nCVE-2011-3548\nCVE-2011-3549\nCVE-2011-3551\nCVE-2011-3552\nCVE-2011-3553\nCVE-2011-3554\nCVE-2011-3556\nCVE-2011-3557\nCVE-2011-3558\nCVE-2011-3560\nCVE-2011-3561\n\nJava for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6\nmay be obtained from the Software Update pane in System Preferences,\nor Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nFor Mac OS X v10.6 systems\nThe download file is named: JavaForMacOSX10.6.dmg\nIts SHA-1 digest is: be0ac75b8bac967f1d39a94ebf9482a61fb7d70b\n\nFor Mac OS X v10.7 systems\nThe download file is named: JavaForMacOSX10.7.dmg\nIts SHA-1 digest is: 7768e6aeb5adaa638c74d4c04150517ed99fed20\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.16 (Darwin)\n\niQEcBAEBAgAGBQJOuZNKAAoJEGnF2JsdZQeece8H/1I98YQ1LF4iDD442zB+WjZP\n2Vxd3euXYwySD6qDCYNLJ0hUKu90c/4nr5d5rRH3xYdBzAHuZG39m069lpN1UZIW\nt5ube+j9zjiejnXlPbAgq+vIAg22nu0EdxhOOZZeQOoEYqyoKhXNCt3fR+tzo3o4\nmN/LWMO1NwrM0sGDPuUGs2TWdPZbC4QJJz4Z4S+FsTlujYh9MRd3dyxLBIg7BKCL\nwgnFdpFW8bPmVdiTj91pC0Gb3XtolQxexXGHsdI15KeFMbQ06nKV/AyvxMF8O5jS\nD089GEHE52NAQCZ0YJ6TJsisrGqTZZ77js55cPU259FogxEKKBuwfdFbn4qVeD8=\n=4KBF\n-----END PGP SIGNATURE-----\n. \n\nRelease Date: 2012-01-23\nLast Updated: 2012-01-23\n\n ------------------------------------------------------------------------------\n\nPotential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.12 or earlier\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2011-3516 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6\nCVE-2011-3521 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3544 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3545 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3546 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8\nCVE-2011-3547 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2011-3548 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3549 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3550 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6\nCVE-2011-3551 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\nCVE-2011-3552 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6\nCVE-2011-3553 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\nCVE-2011-3554 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3556 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2011-3557 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2011-3558 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2011-3560 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2011-3561 (AV:A/AC:H/Au:N/C:P/I:N/A:N) 1.8\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following Java version upgrades to resolve these vulnerabilities. This bulletin will be revised as other upgrades for additional supported Java versions become available. \nThe upgrades are available from the following location\n\nhttp://www.hp.com/go/java\n\nHP-UX B.11.11, B.11.23, B.11.31\n JDK and JRE v6.0.13 or subsequent\n\nMANUAL ACTIONS: Yes - Update\nFor Java v6.0.12 and earlier, update to Java v6.0.13 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\nHP-UX B.11.23\nHP-UX B.11.31\n===========\nJre60.JRE60-COM\nJre60.JRE60-IPF32\nJre60.JRE60-IPF32-HS\nJre60.JRE60-IPF64\nJre60.JRE60-IPF64-HS\nJre60.JRE60-PA20\nJre60.JRE60-PA20-HS\nJre60.JRE60-PA20W\nJre60.JRE60-PA20W-HS\nJdk60.JDK60-COM\nJdk60.JDK60-IPF32\nJdk60.JDK60-IPF64\nJdk60.JDK60-PA20\nJdk60.JDK60-PA20W\naction: install revision 1.6.0.13.00 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) 23 January 2012 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in the title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners", "sources": [ { "db": "NVD", "id": "CVE-2011-3546" }, { "db": "JVNDB", "id": "JVNDB-2011-002580" }, { "db": "BID", "id": "50239" }, { "db": "VULMON", "id": "CVE-2011-3546" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "108800" }, { "db": "PACKETSTORM", "id": "123734" }, { "db": "PACKETSTORM", "id": "105998" }, { "db": "PACKETSTORM", "id": "106792" }, { "db": "PACKETSTORM", "id": "109072" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-3546", "trust": 3.4 }, { "db": "BID", "id": "50239", "trust": 2.0 }, { "db": "OSVDB", "id": "76509", "trust": 1.7 }, { "db": "SECUNIA", "id": "48308", "trust": 1.7 }, { "db": "SECTRACK", "id": "1026215", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2011-002580", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201110-477", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-17-213-02", "trust": 0.3 }, { "db": "VULMON", "id": "CVE-2011-3546", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106640", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "108800", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "123734", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "105998", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106792", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "109072", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3546" }, { "db": "BID", "id": "50239" }, { "db": "JVNDB", "id": "JVNDB-2011-002580" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "108800" }, { "db": "PACKETSTORM", "id": "123734" }, { "db": "PACKETSTORM", "id": "105998" }, { "db": "PACKETSTORM", "id": "106792" }, { "db": "PACKETSTORM", "id": "109072" }, { "db": "CNNVD", "id": "CNNVD-201110-477" }, { "db": "NVD", "id": "CVE-2011-3546" } ] }, "id": "VAR-201110-0393", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 1.0 }, "last_update_date": "2024-09-19T21:35:09.956000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "HT5045", "trust": 0.8, "url": "http://support.apple.com/kb/HT5045" }, { "title": "Oracle Java SE Critical Patch Update Advisory - October 2011", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" }, { "title": "RHSA-2011:1384", "trust": 0.8, "url": "http://rhn.redhat.com/errata/RHSA-2011-1384.html" }, { "title": "RHSA-2013:1455", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2013-1455.html" }, { "title": "October 2011 Critical Patch Updates Released", "trust": 0.8, "url": "http://blogs.oracle.com/security/entry/october_2011_critical_patch_updates" }, { "title": "VMSA-2012-0003", "trust": 0.8, "url": "http://www.vmware.com/jp/support/support-resources/advisories/VMSA-2012-0003.html" }, { "title": "Oracle \u2018Java Runtime Environment\u2019 Fixes for component security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=192726" }, { "title": "Red Hat: Critical: java-1.6.0-ibm security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120034 - Security Advisory" }, { "title": "Red Hat: Low: Red Hat Network Satellite server IBM Java Runtime security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20131455 - Security Advisory" } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3546" }, { "db": "JVNDB", "id": "JVNDB-2011-002580" }, { "db": "CNNVD", "id": "CNNVD-201110-477" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2011-3546" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "http://www.ibm.com/developerworks/java/jdk/alerts/" }, { "trust": 2.1, "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" }, { "trust": 1.8, "url": "http://www.securityfocus.com/bid/50239" }, { "trust": 1.8, "url": "http://rhn.redhat.com/errata/rhsa-2013-1455.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2011-1384.html" }, { "trust": 1.7, "url": "http://osvdb.org/76509" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id?1026215" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2" }, { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70847" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14291" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2" }, { "trust": 1.7, "url": "http://secunia.com/advisories/48308" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3546" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3546" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3549" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3521" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3546" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3545" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3553" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3560" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3554" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3552" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3544" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3389" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3561" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3556" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3557" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3548" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3551" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3547" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3550" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3516" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-213-02" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100150852" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100154049" }, { "trust": 0.3, "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?docid=emr_na-c03909126-1\u0026ac.admitted=1378134276525.876444892.492883150" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643845" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21641966" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21609004" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21609022" }, { "trust": 0.3, "url": "http://lists.vmware.com/pipermail/security-announce/2012/000162.html" }, { "trust": 0.3, "url": "http://www.vmware.com/security/advisories/vmsa-2012-0005.html" }, { "trust": 0.3, "url": "http://www.xerox.com/download/security/security-bulletin/1284333-14afb-4baadb5bccb00/cert_xrx12-002_v1.1.pdf" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3560.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3547.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3548.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3557.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3554.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3553.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3556.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3549.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3551.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3546.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3516.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3545.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3389.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3561.html" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.3, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3550.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3544.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3521.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3552.html" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.3, "url": "http://bugzilla.redhat.com/):" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3558" }, { "trust": 0.2, "url": "https://access.redhat.com/kb/docs/doc-11259" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2012:0034" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4474" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3565" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0814" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3563" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3570" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0864" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3553" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4451" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3516" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3557" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3550" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0865" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4471" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3550" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3557" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3562" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3567" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3556" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3550" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4447" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4476" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3549" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3554" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3563" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0862" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4466" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3568" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4467" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3567" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4465" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4472" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3556" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0863" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3568" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3548" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3558" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3566" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3549" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3562" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3556" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3573" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3552" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4462" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4469" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4448" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3521" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3546" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3569" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3559" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0871" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0815" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3561" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3554" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4475" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3569" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3559" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3573" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3549" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3565" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0872" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3552" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3554" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3552" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4470" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4422" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3553" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0867" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4468" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3551" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4463" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3544" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3570" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3545" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3547" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0869" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3566" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4452" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0802" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3551" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4422" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3553" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4473" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3558" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201111-02.xml" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0873" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0868" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4454" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3389" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3551" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3557" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2012-0034.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2468.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0873.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1540.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1476.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2463.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2446.html" }, { "trust": 0.1, "url": "https://access.redhat.com/site/articles/11258" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1500.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0428.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1480.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2419.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3563.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0401.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2444.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0425.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2454.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5089.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1722.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5079.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0497.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0500.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0419.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2422.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1721.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5081.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0409.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5071.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0863.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0423.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1532.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3216.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5069.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0499.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0862" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0867.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5084.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0443.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0507.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2451.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0809.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1487.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0351.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0814.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-4820.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0503.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0427.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0433.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1493.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1569.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5073.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-4823.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2435.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2456.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-3743.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#low" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2407.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0871.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2470.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5068.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1541.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0868.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-4822.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0873" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3159.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1557.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5075.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2471.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2429.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2443.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1713.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3213.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0441.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2457.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2412.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5072.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1718.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0432.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0446.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1481.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1537.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1717.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1531.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2432.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2447.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0802.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2452.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0865.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0450.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1491.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2464.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0862.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1571.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2383.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2418.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1473.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0547.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1563.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2465.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2472.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2466.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2424.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2453.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0867" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2473.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2433.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2437.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1716.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0506.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5083.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0501.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1533.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3342.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0869" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0426.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2450.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3143.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0440.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1725.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0865" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0502.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2417.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0445.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2394.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2455.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0498.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1682.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2442.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2459.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2430.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0442.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0551.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0424.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0869.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2448.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0863" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1719.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1486.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-5035.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2384.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0169.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0505.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2469.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0438.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0871" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0868" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1478.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0435.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0434.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0802" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0814" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2420.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2440.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3555" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2011-1384.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3558.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3555.html" }, { "trust": 0.1, "url": "http://support.apple.com/kb/ht1222" }, { "trust": 0.1, "url": "http://www.apple.com/support/downloads/" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "http://java.sun.com/javase/6/webnotes/releasenotes.html" }, { "trust": 0.1, "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.1, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.1, "url": "http://www.hp.com/go/java" }, { "trust": 0.1, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430" }, { "trust": 0.1, "url": "https://www.hp.com/go/swa" } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3546" }, { "db": "BID", "id": "50239" }, { "db": "JVNDB", "id": "JVNDB-2011-002580" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "108800" }, { "db": "PACKETSTORM", "id": "123734" }, { "db": "PACKETSTORM", "id": "105998" }, { "db": "PACKETSTORM", "id": "106792" }, { "db": "PACKETSTORM", "id": "109072" }, { "db": "CNNVD", "id": "CNNVD-201110-477" }, { "db": "NVD", "id": "CVE-2011-3546" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2011-3546" }, { "db": "BID", "id": "50239" }, { "db": "JVNDB", "id": "JVNDB-2011-002580" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "108800" }, { "db": "PACKETSTORM", "id": "123734" }, { "db": "PACKETSTORM", "id": "105998" }, { "db": "PACKETSTORM", "id": "106792" }, { "db": "PACKETSTORM", "id": "109072" }, { "db": "CNNVD", "id": "CNNVD-201110-477" }, { "db": "NVD", "id": "CVE-2011-3546" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-10-19T00:00:00", "db": "VULMON", "id": "CVE-2011-3546" }, { "date": "2011-10-18T00:00:00", "db": "BID", "id": "50239" }, { "date": "2011-10-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-002580" }, { "date": "2011-11-06T01:01:42", "db": "PACKETSTORM", "id": "106640" }, { "date": "2012-01-18T23:25:42", "db": "PACKETSTORM", "id": "108800" }, { "date": "2013-10-23T22:57:57", "db": "PACKETSTORM", "id": "123734" }, { "date": "2011-10-19T22:54:10", "db": "PACKETSTORM", "id": "105998" }, { "date": "2011-11-09T18:31:22", "db": "PACKETSTORM", "id": "106792" }, { "date": "2012-01-25T16:35:02", "db": "PACKETSTORM", "id": "109072" }, { "date": "1900-01-01T00:00:00", "db": "CNNVD", "id": "CNNVD-201110-477" }, { "date": "2011-10-19T21:55:01.190000", "db": "NVD", "id": "CVE-2011-3546" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-13T00:00:00", "db": "VULMON", "id": "CVE-2011-3546" }, { "date": "2017-08-02T18:09:00", "db": "BID", "id": "50239" }, { "date": "2015-08-11T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-002580" }, { "date": "2022-05-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201110-477" }, { "date": "2022-05-13T14:52:58.547000", "db": "NVD", "id": "CVE-2011-3546" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "109072" }, { "db": "CNNVD", "id": "CNNVD-201110-477" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Oracle Java SE of Java Runtime Environment (JRE) Component vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-002580" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-201110-477" } ], "trust": 0.6 } }
var-201110-0381
Vulnerability from variot
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT. The vulnerability can be exploited over multiple protocols. This issue affects the 'AWT' sub-component. This vulnerability affects the following supported versions: JDK and JRE 7, 6 Update 27. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201111-02
http://security.gentoo.org/
Severity: Normal Title: Oracle JRE/JDK: Multiple vulnerabilities Date: November 05, 2011 Bugs: #340421, #354213, #370559, #387851 ID: 201111-02
Synopsis
Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/sun-jre-bin < 1.6.0.29 >= 1.6.0.29 * 2 app-emulation/emul-linux-x86-java < 1.6.0.29 >= 1.6.0.29 * 3 dev-java/sun-jdk < 1.6.0.29 >= 1.6.0.29 * ------------------------------------------------------------------- NOTE: Packages marked with asterisks require manual intervention! ------------------------------------------------------------------- 3 affected packages -------------------------------------------------------------------
Description
Multiple vulnerabilities have been reported in the Oracle Java implementation.
Impact
A remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code.
Workaround
There is no known workaround at this time.
Resolution
All Oracle JDK 1.6 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.6.0.29"
All Oracle JRE 1.6 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.6.0.29"
All users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to the latest version:
# emerge --sync # emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.6.0.29"
NOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically. This limitation is not present on a non-fetch restricted implementation such as dev-java/icedtea-bin.
References
[ 1 ] CVE-2010-3541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541 [ 2 ] CVE-2010-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548 [ 3 ] CVE-2010-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549 [ 4 ] CVE-2010-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550 [ 5 ] CVE-2010-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551 [ 6 ] CVE-2010-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552 [ 7 ] CVE-2010-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553 [ 8 ] CVE-2010-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554 [ 9 ] CVE-2010-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555 [ 10 ] CVE-2010-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556 [ 11 ] CVE-2010-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557 [ 12 ] CVE-2010-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558 [ 13 ] CVE-2010-3559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559 [ 14 ] CVE-2010-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560 [ 15 ] CVE-2010-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561 [ 16 ] CVE-2010-3562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562 [ 17 ] CVE-2010-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563 [ 18 ] CVE-2010-3565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565 [ 19 ] CVE-2010-3566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566 [ 20 ] CVE-2010-3567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567 [ 21 ] CVE-2010-3568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568 [ 22 ] CVE-2010-3569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569 [ 23 ] CVE-2010-3570 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570 [ 24 ] CVE-2010-3571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571 [ 25 ] CVE-2010-3572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572 [ 26 ] CVE-2010-3573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573 [ 27 ] CVE-2010-3574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574 [ 28 ] CVE-2010-4422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422 [ 29 ] CVE-2010-4447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447 [ 30 ] CVE-2010-4448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448 [ 31 ] CVE-2010-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450 [ 32 ] CVE-2010-4451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451 [ 33 ] CVE-2010-4452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452 [ 34 ] CVE-2010-4454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454 [ 35 ] CVE-2010-4462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462 [ 36 ] CVE-2010-4463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463 [ 37 ] CVE-2010-4465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465 [ 38 ] CVE-2010-4466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466 [ 39 ] CVE-2010-4467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467 [ 40 ] CVE-2010-4468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468 [ 41 ] CVE-2010-4469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469 [ 42 ] CVE-2010-4470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470 [ 43 ] CVE-2010-4471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471 [ 44 ] CVE-2010-4472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472 [ 45 ] CVE-2010-4473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473 [ 46 ] CVE-2010-4474 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474 [ 47 ] CVE-2010-4475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475 [ 48 ] CVE-2010-4476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476 [ 49 ] CVE-2011-0802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802 [ 50 ] CVE-2011-0814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814 [ 51 ] CVE-2011-0815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815 [ 52 ] CVE-2011-0862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862 [ 53 ] CVE-2011-0863 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863 [ 54 ] CVE-2011-0864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864 [ 55 ] CVE-2011-0865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865 [ 56 ] CVE-2011-0867 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867 [ 57 ] CVE-2011-0868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868 [ 58 ] CVE-2011-0869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869 [ 59 ] CVE-2011-0871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871 [ 60 ] CVE-2011-0872 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872 [ 61 ] CVE-2011-0873 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873 [ 62 ] CVE-2011-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389 [ 63 ] CVE-2011-3516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516 [ 64 ] CVE-2011-3521 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521 [ 65 ] CVE-2011-3544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544 [ 66 ] CVE-2011-3545 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545 [ 67 ] CVE-2011-3546 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546 [ 68 ] CVE-2011-3547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547 [ 69 ] CVE-2011-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548 [ 70 ] CVE-2011-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549 [ 71 ] CVE-2011-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550 [ 72 ] CVE-2011-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551 [ 73 ] CVE-2011-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552 [ 74 ] CVE-2011-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553 [ 75 ] CVE-2011-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554 [ 76 ] CVE-2011-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555 [ 77 ] CVE-2011-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556 [ 78 ] CVE-2011-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557 [ 79 ] CVE-2011-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558 [ 80 ] CVE-2011-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560 [ 81 ] CVE-2011-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201111-02.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Hitachi Cosminexus Products Java Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA46694
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46694/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46694
RELEASE DATE: 2011-11-08
DISCUSS ADVISORY: http://secunia.com/advisories/46694/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46694/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46694
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Hitachi has acknowledged multiple vulnerabilities in Hitachi Cosminexus products, which can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
The vulnerabilities are caused due to vulnerabilities in the bundled version of Cosminexus Developer's Kit for Java.
For more information: SA46512
Please see the vendor's advisory for a list of affected products.
SOLUTION: Update to a fixed version. Please see the vendor's advisory for details.
ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-024/index.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: java-1.6.0-sun security update Advisory ID: RHSA-2011:1384-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1384.html Issue date: 2011-10-19 CVE Names: CVE-2011-3389 CVE-2011-3516 CVE-2011-3521 CVE-2011-3544 CVE-2011-3545 CVE-2011-3546 CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 CVE-2011-3550 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3555 CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 CVE-2011-3560 CVE-2011-3561 =====================================================================
- Summary:
Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
-
Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section. All running instances of Sun Java must be restarted for the update to take effect.
-
Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
- Bugs fixed (http://bugzilla.redhat.com/):
737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) 745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936) 745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600) 745391 - CVE-2011-3551 OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640) 745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417) 745399 - CVE-2011-3544 OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823) 745442 - CVE-2011-3521 OpenJDK: IIOP deserialization code execution (Deserialization, 7055902) 745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857) 745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466) 745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012) 745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773) 745476 - CVE-2011-3553 OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794) 745492 - CVE-2011-3558 OpenJDK: Hotspot unspecified issue (Hotspot, 7070134) 747191 - CVE-2011-3545 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Sound) 747198 - CVE-2011-3549 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Swing) 747200 - CVE-2011-3550 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (AWT) 747203 - CVE-2011-3516 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment) 747205 - CVE-2011-3546 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment) 747206 - CVE-2011-3555 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (JRE) 747208 - CVE-2011-3561 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)
- Package List:
Red Hat Enterprise Linux AS version 4 Extras:
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm
Red Hat Desktop version 4 Extras:
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm
Red Hat Enterprise Linux ES version 4 Extras:
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm
Red Hat Enterprise Linux WS version 4 Extras:
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.x86_64.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node Supplementary (v. 6):
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-3389.html https://www.redhat.com/security/data/cve/CVE-2011-3516.html https://www.redhat.com/security/data/cve/CVE-2011-3521.html https://www.redhat.com/security/data/cve/CVE-2011-3544.html https://www.redhat.com/security/data/cve/CVE-2011-3545.html https://www.redhat.com/security/data/cve/CVE-2011-3546.html https://www.redhat.com/security/data/cve/CVE-2011-3547.html https://www.redhat.com/security/data/cve/CVE-2011-3548.html https://www.redhat.com/security/data/cve/CVE-2011-3549.html https://www.redhat.com/security/data/cve/CVE-2011-3550.html https://www.redhat.com/security/data/cve/CVE-2011-3551.html https://www.redhat.com/security/data/cve/CVE-2011-3552.html https://www.redhat.com/security/data/cve/CVE-2011-3553.html https://www.redhat.com/security/data/cve/CVE-2011-3554.html https://www.redhat.com/security/data/cve/CVE-2011-3555.html https://www.redhat.com/security/data/cve/CVE-2011-3556.html https://www.redhat.com/security/data/cve/CVE-2011-3557.html https://www.redhat.com/security/data/cve/CVE-2011-3558.html https://www.redhat.com/security/data/cve/CVE-2011-3560.html https://www.redhat.com/security/data/cve/CVE-2011-3561.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFOnw+BXlSAg2UNWIIRArM2AJwNT0vxdrXLgkZjOCwP8LkDemBYzQCbBrE3 0MJzQCB587rTzSRSo+gGytc= =809z -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
Release Date: 2012-01-23 Last Updated: 2012-01-23
Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.12 or earlier
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-3516 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2011-3521 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3544 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3545 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3546 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8 CVE-2011-3547 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3548 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3549 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3550 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2011-3551 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2011-3552 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2011-3553 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2011-3554 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3556 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-3557 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2011-3558 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3560 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2011-3561 (AV:A/AC:H/Au:N/C:P/I:N/A:N) 1.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following Java version upgrades to resolve these vulnerabilities. This bulletin will be revised as other upgrades for additional supported Java versions become available. The upgrades are available from the following location
http://www.hp.com/go/java
HP-UX B.11.11, B.11.23, B.11.31 JDK and JRE v6.0.13 or subsequent
MANUAL ACTIONS: Yes - Update For Java v6.0.12 and earlier, update to Java v6.0.13 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 =========== Jre60.JRE60-COM Jre60.JRE60-IPF32 Jre60.JRE60-IPF32-HS Jre60.JRE60-IPF64 Jre60.JRE60-IPF64-HS Jre60.JRE60-PA20 Jre60.JRE60-PA20-HS Jre60.JRE60-PA20W Jre60.JRE60-PA20W-HS Jdk60.JDK60-COM Jdk60.JDK60-IPF32 Jdk60.JDK60-IPF64 Jdk60.JDK60-PA20 Jdk60.JDK60-PA20W action: install revision 1.6.0.13.00 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) 23 January 2012 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201110-0381", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jre", "scope": "eq", "trust": 1.6, "vendor": "sun", "version": "1.6.0" }, { "model": "esx", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "3.5" }, { "model": "esx", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "4.0" }, { "model": "esx", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "4.1" }, { "model": "jre", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.7.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.7.0" }, { "model": "jdk", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jre 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 28", "scope": "ne", "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 27", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 27", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 12", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.7" }, { "model": "jre 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 01", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 28", "scope": "ne", "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 26", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 26", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 24", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 11", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.7" }, { "model": "jdk 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 24", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "vcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "4.0 (windows)" }, { "model": "vcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "4.1 (windows)" }, { "model": "vcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "5.0 (windows)" }, { "model": "virtualcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "2.5 (windows)" }, { "model": "jdk", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "6 update 27" }, { "model": "jdk", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "7" }, { "model": "jre", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "6 update 27" }, { "model": "jre", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "7" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 extras" }, { "model": "enterprise linux hpc node supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux server supplementary eus", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6.1.z" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "enterprise version 6" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard version 6" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "cosminexus client", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "cosminexus developer\u0027s kit for java", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base" }, { "model": "cosminexus server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard edition version 4" }, { "model": "cosminexus server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "web edition version 4" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard edition version 4" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "web edition version 4" }, { "model": "hirdb for java /xml", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "developer\u0027s kit for java", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "processing kit for xml", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "enterprise" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "express" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "smart edition" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard-r" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "for plug-in" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "01" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional for plug-in" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard" }, { "model": "ucosminexus operator", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus portal framework", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "entry set" }, { "model": "ucosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "architect" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "platform" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "platform - messaging" }, { "model": "jdk 01-b06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 2", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 01", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 20", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "cosminexus server web edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "java se sr8 fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8" }, { "model": "linux enterprise sdk sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "trio tview software", "scope": "eq", "trust": 0.3, "vendor": "schneider electric", "version": "3.27.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.1" }, { "model": "processing kit for xml", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.16.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.19.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "enterprise linux as extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "jdk 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6" }, { "model": "cosminexus studio web edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "nonstop server j06.08.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.15.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.06" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "trio tview software", "scope": "ne", "trust": 0.3, "vendor": "schneider electric", "version": "3.29.0" }, { "model": "nonstop server j06.06.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "15.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1" }, { "model": "nonstop server j06.14", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5" }, { "model": "ucosminexus application server express", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-70" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.8" }, { "model": "nonstop server j06.09.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.26", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.06" }, { "model": "nonstop server j06.04.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system platform sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server j06.13", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "linux enterprise server sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "nonstop server j06.09.04", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.2" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0.0.52" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "cosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "nonstop server h06.18.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.15.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.22.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.014" }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server j06.12.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ir", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server j06.05.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.011" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.02" }, { "model": "nonstop server j06.08.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus server standard edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server j06.09.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.01" }, { "model": "nonstop server j06.16", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "ucosminexus client for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "java se sr6", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "nonstop server j6.0.14.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "freeflow print server 73.c0.41", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.011" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.2" }, { "model": "enterprise linux desktop supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "010" }, { "model": "enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "ucosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "ucosminexus service platform messaging", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0" }, { "model": "nonstop server j06.07.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.09.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "nonstop server j06.10.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "nonstop server j06.06.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.012" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "nonstop server h06.24.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.0" }, { "model": "nonstop server h06.25", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "messaging storage server sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.012" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.04" }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.0.2" }, { "model": "ucosminexus application server light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.15.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "freeflow print server 73.b3.61", "scope": null, "trust": 0.3, "vendor": "xerox", "version": null }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "linux enterprise software development kit sp1 for sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.04" }, { "model": "virtualcenter update 6b", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "2.5" }, { "model": "security appscan standard", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "enterprise linux ws extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "java se sr9", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.07.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "enterprise linux es extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "message networking sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux enterprise server for vmware sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.010" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.013" }, { "model": "nonstop server j06.08.04", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "nonstop server j06.08.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura system manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "messaging storage server sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.015" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.010" }, { "model": "nonstop server h06.15.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.24", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.013" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.018" }, { "model": "cosminexus primary server base", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.019" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "java se sr10", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "nonstop server h06.16.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus developer professional for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.18.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.20.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.015" }, { "model": "nonstop server j06.13.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "nonstop server h06.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.014" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.019" }, { "model": "nonstop server h06.19.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "java se sr7", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "openpages grc platform", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.2.1" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "nonstop server h06.22.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.020" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "cosminexus studio standard edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "nonstop server h06.19.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "linux enterprise server sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.03" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.05" }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.1" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.020" }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "interactive response", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.1" }, { "model": "nonstop server j06.11.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr9-fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0" }, { "model": "nonstop server j06.15", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.03" }, { "model": "messaging application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "update manager update", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "5.01" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.21.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "virtualcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "nonstop server h06.20.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-80" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "cosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0" }, { "model": "messaging storage server sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "nonstop server j06.05.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.07.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cms server aux", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "15.0" }, { "model": "nonstop server h06.21.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server h06.19.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux enterprise java sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "hirdb for java", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.2" }, { "model": "ucosminexus application server smart edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "nonstop server j06.11.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "nonstop server h06.26.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "linux enterprise server sp1 for sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.021" }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "desktop extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "nonstop server j06.04.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "nonstop server j06.04.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.06.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus primary server base", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.016" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "nonstop server h06.21.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.021" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.07" }, { "model": "nonstop server j06.06.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.17.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.016" }, { "model": "network node manager i", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.1" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.018" }, { "model": "update manager", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura system platform sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "jdk 1.6.0 01-b06", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "cosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.07" }, { "model": "nonstop server h06.20.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "nonstop server j06.10.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "websphere multichannel bank transformation toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server h06.17.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.017" }, { "model": "enterprise linux hpc node supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "ucosminexus application server standard-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "nonstop server h06.16.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.4" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "rational appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.2" }, { "model": "nonstop server j06.05.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux enterprise java sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "openpages grc platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.017" }, { "model": "java se sr1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "nonstop server h06.20.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus developer no version", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5" }, { "model": "nonstop server j06.09.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0.1" }, { "model": "nonstop server h06.17.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.08.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura conferencing standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server j06.10.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "nonstop server h06.25.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.18.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus application server no version", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.27", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "antivirus update", "scope": "eq", "trust": 0.3, "vendor": "panda", "version": "1.6.05" }, { "model": "nonstop server h06.17.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.14.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null } ], "sources": [ { "db": "BID", "id": "50226" }, { "db": "JVNDB", "id": "JVNDB-2011-002584" }, { "db": "CNNVD", "id": "CNNVD-201110-483" }, { "db": "NVD", "id": "CVE-2011-3550" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:vmware:esx", "vulnerable": true }, { "cpe22Uri": "cpe:/a:vmware:vcenter", "vulnerable": true }, { "cpe22Uri": "cpe:/a:vmware:virtualcenter", "vulnerable": true }, { "cpe22Uri": "cpe:/a:sun:jdk", "vulnerable": true }, { "cpe22Uri": "cpe:/a:sun:jre", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:enterprise_linux", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:enterprise_linux_hpc_node_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_server_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_server_supplementary_eus", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_workstation_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_desktop_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_client", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developers_kit_for_java", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_primary_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:hirdb_for_java_xml", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:hitachi_developers_kit_for_java", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:processing_kit_for_xml", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_client", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_operator", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_portal_framework", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_primary_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_service", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-002584" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Oracle", "sources": [ { "db": "BID", "id": "50226" }, { "db": "CNNVD", "id": "CNNVD-201110-483" } ], "trust": 0.9 }, "cve": "CVE-2011-3550", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 4.9, "id": "CVE-2011-3550", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2011-3550", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2011-3550", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-201110-483", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-002584" }, { "db": "CNNVD", "id": "CNNVD-201110-483" }, { "db": "NVD", "id": "CVE-2011-3550" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT. \nThe vulnerability can be exploited over multiple protocols. This issue affects the \u0027AWT\u0027 sub-component. \nThis vulnerability affects the following supported versions:\nJDK and JRE 7, 6 Update 27. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201111-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Oracle JRE/JDK: Multiple vulnerabilities\n Date: November 05, 2011\n Bugs: #340421, #354213, #370559, #387851\n ID: 201111-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in the Oracle JRE/JDK,\nallowing attackers to cause unspecified impact. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-java/sun-jre-bin \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n 2 app-emulation/emul-linux-x86-java\n \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n 3 dev-java/sun-jdk \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n -------------------------------------------------------------------\n NOTE: Packages marked with asterisks require manual intervention!\n -------------------------------------------------------------------\n 3 affected packages\n -------------------------------------------------------------------\n\nDescription\n===========\n\nMultiple vulnerabilities have been reported in the Oracle Java\nimplementation. \n\nImpact\n======\n\nA remote attacker could exploit these vulnerabilities to cause\nunspecified impact, possibly including remote execution of arbitrary\ncode. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Oracle JDK 1.6 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-java/sun-jdk-1.6.0.29\"\n\nAll Oracle JRE 1.6 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-java/sun-jre-bin-1.6.0.29\"\n\nAll users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to\nthe latest version:\n\n # emerge --sync\n # emerge -a -1 -v \"\u003e=app-emulation/emul-linux-x86-java-1.6.0.29\"\n\nNOTE: As Oracle has revoked the DLJ license for its Java\nimplementation, the packages can no longer be updated automatically. \nThis limitation is not present on a non-fetch restricted implementation\nsuch as dev-java/icedtea-bin. \n\nReferences\n==========\n\n[ 1 ] CVE-2010-3541\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541\n[ 2 ] CVE-2010-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548\n[ 3 ] CVE-2010-3549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549\n[ 4 ] CVE-2010-3550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550\n[ 5 ] CVE-2010-3551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551\n[ 6 ] CVE-2010-3552\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552\n[ 7 ] CVE-2010-3553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553\n[ 8 ] CVE-2010-3554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554\n[ 9 ] CVE-2010-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555\n[ 10 ] CVE-2010-3556\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556\n[ 11 ] CVE-2010-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557\n[ 12 ] CVE-2010-3558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558\n[ 13 ] CVE-2010-3559\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559\n[ 14 ] CVE-2010-3560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560\n[ 15 ] CVE-2010-3561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561\n[ 16 ] CVE-2010-3562\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562\n[ 17 ] CVE-2010-3563\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563\n[ 18 ] CVE-2010-3565\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565\n[ 19 ] CVE-2010-3566\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566\n[ 20 ] CVE-2010-3567\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567\n[ 21 ] CVE-2010-3568\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568\n[ 22 ] CVE-2010-3569\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569\n[ 23 ] CVE-2010-3570\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570\n[ 24 ] CVE-2010-3571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571\n[ 25 ] CVE-2010-3572\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572\n[ 26 ] CVE-2010-3573\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573\n[ 27 ] CVE-2010-3574\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574\n[ 28 ] CVE-2010-4422\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422\n[ 29 ] CVE-2010-4447\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447\n[ 30 ] CVE-2010-4448\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448\n[ 31 ] CVE-2010-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450\n[ 32 ] CVE-2010-4451\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451\n[ 33 ] CVE-2010-4452\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452\n[ 34 ] CVE-2010-4454\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454\n[ 35 ] CVE-2010-4462\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462\n[ 36 ] CVE-2010-4463\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463\n[ 37 ] CVE-2010-4465\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465\n[ 38 ] CVE-2010-4466\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466\n[ 39 ] CVE-2010-4467\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467\n[ 40 ] CVE-2010-4468\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468\n[ 41 ] CVE-2010-4469\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469\n[ 42 ] CVE-2010-4470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470\n[ 43 ] CVE-2010-4471\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471\n[ 44 ] CVE-2010-4472\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472\n[ 45 ] CVE-2010-4473\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473\n[ 46 ] CVE-2010-4474\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474\n[ 47 ] CVE-2010-4475\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475\n[ 48 ] CVE-2010-4476\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476\n[ 49 ] CVE-2011-0802\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802\n[ 50 ] CVE-2011-0814\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814\n[ 51 ] CVE-2011-0815\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815\n[ 52 ] CVE-2011-0862\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862\n[ 53 ] CVE-2011-0863\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863\n[ 54 ] CVE-2011-0864\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864\n[ 55 ] CVE-2011-0865\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865\n[ 56 ] CVE-2011-0867\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867\n[ 57 ] CVE-2011-0868\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868\n[ 58 ] CVE-2011-0869\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869\n[ 59 ] CVE-2011-0871\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871\n[ 60 ] CVE-2011-0872\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872\n[ 61 ] CVE-2011-0873\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873\n[ 62 ] CVE-2011-3389\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389\n[ 63 ] CVE-2011-3516\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516\n[ 64 ] CVE-2011-3521\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521\n[ 65 ] CVE-2011-3544\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544\n[ 66 ] CVE-2011-3545\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545\n[ 67 ] CVE-2011-3546\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546\n[ 68 ] CVE-2011-3547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547\n[ 69 ] CVE-2011-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548\n[ 70 ] CVE-2011-3549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549\n[ 71 ] CVE-2011-3550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550\n[ 72 ] CVE-2011-3551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551\n[ 73 ] CVE-2011-3552\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552\n[ 74 ] CVE-2011-3553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553\n[ 75 ] CVE-2011-3554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554\n[ 76 ] CVE-2011-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555\n[ 77 ] CVE-2011-3556\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556\n[ 78 ] CVE-2011-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557\n[ 79 ] CVE-2011-3558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558\n[ 80 ] CVE-2011-3560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560\n[ 81 ] CVE-2011-3561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201111-02.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nHitachi Cosminexus Products Java Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA46694\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46694/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46694\n\nRELEASE DATE:\n2011-11-08\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46694/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46694/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46694\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nHitachi has acknowledged multiple vulnerabilities in Hitachi\nCosminexus products, which can be exploited by malicious users to\ndisclose certain information and by malicious people to disclose\npotentially sensitive information, hijack a user\u0027s session, conduct\nDNS cache poisoning attacks, manipulate certain data, cause a DoS\n(Denial of Service), and compromise a vulnerable system. \n\nThe vulnerabilities are caused due to vulnerabilities in the bundled\nversion of Cosminexus Developer\u0027s Kit for Java. \n\nFor more information:\nSA46512\n\nPlease see the vendor\u0027s advisory for a list of affected products. \n\nSOLUTION:\nUpdate to a fixed version. Please see the vendor\u0027s advisory for\ndetails. \n\nORIGINAL ADVISORY:\nhttp://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-024/index.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. In a typical operating environment, these are of low security risk as\nthe runtime is not used on untrusted applets. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: java-1.6.0-sun security update\nAdvisory ID: RHSA-2011:1384-01\nProduct: Red Hat Enterprise Linux Extras\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2011-1384.html\nIssue date: 2011-10-19\nCVE Names: CVE-2011-3389 CVE-2011-3516 CVE-2011-3521 \n CVE-2011-3544 CVE-2011-3545 CVE-2011-3546 \n CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 \n CVE-2011-3550 CVE-2011-3551 CVE-2011-3552 \n CVE-2011-3553 CVE-2011-3554 CVE-2011-3555 \n CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 \n CVE-2011-3560 CVE-2011-3561 \n=====================================================================\n\n1. Summary:\n\nUpdated java-1.6.0-sun packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise\nLinux 5 and 6 Supplementary. \n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Desktop version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux AS version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux ES version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux WS version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. Further\ninformation about these flaws can be found on the Oracle Java SE Critical\nPatch page, listed in the References section. \nAll running instances of Sun Java must be restarted for the update to take\neffect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)\n745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936)\n745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600)\n745391 - CVE-2011-3551 OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640)\n745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417)\n745399 - CVE-2011-3544 OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823)\n745442 - CVE-2011-3521 OpenJDK: IIOP deserialization code execution (Deserialization, 7055902)\n745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857)\n745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466)\n745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012)\n745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773)\n745476 - CVE-2011-3553 OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794)\n745492 - CVE-2011-3558 OpenJDK: Hotspot unspecified issue (Hotspot, 7070134)\n747191 - CVE-2011-3545 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Sound)\n747198 - CVE-2011-3549 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Swing)\n747200 - CVE-2011-3550 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (AWT)\n747203 - CVE-2011-3516 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)\n747205 - CVE-2011-3546 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)\n747206 - CVE-2011-3555 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (JRE)\n747208 - CVE-2011-3561 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)\n\n6. Package List:\n\nRed Hat Enterprise Linux AS version 4 Extras:\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm\n\nRed Hat Desktop version 4 Extras:\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm\n\nRed Hat Enterprise Linux ES version 4 Extras:\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm\n\nRed Hat Enterprise Linux WS version 4 Extras:\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5):\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 5):\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6):\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3389.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3516.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3521.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3544.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3545.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3546.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3547.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3548.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3549.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3550.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3551.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3552.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3553.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3554.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3555.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3556.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3557.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3558.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3560.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3561.html\nhttps://access.redhat.com/security/updates/classification/#critical\nhttp://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2011 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFOnw+BXlSAg2UNWIIRArM2AJwNT0vxdrXLgkZjOCwP8LkDemBYzQCbBrE3\n0MJzQCB587rTzSRSo+gGytc=\n=809z\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nRelease Date: 2012-01-23\nLast Updated: 2012-01-23\n\n ------------------------------------------------------------------------------\n\nPotential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.12 or earlier\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2011-3516 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6\nCVE-2011-3521 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3544 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3545 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3546 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8\nCVE-2011-3547 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2011-3548 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3549 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3550 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6\nCVE-2011-3551 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\nCVE-2011-3552 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6\nCVE-2011-3553 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\nCVE-2011-3554 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3556 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2011-3557 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2011-3558 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2011-3560 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2011-3561 (AV:A/AC:H/Au:N/C:P/I:N/A:N) 1.8\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following Java version upgrades to resolve these vulnerabilities. This bulletin will be revised as other upgrades for additional supported Java versions become available. \nThe upgrades are available from the following location\n\nhttp://www.hp.com/go/java\n\nHP-UX B.11.11, B.11.23, B.11.31\n JDK and JRE v6.0.13 or subsequent\n\nMANUAL ACTIONS: Yes - Update\nFor Java v6.0.12 and earlier, update to Java v6.0.13 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\nHP-UX B.11.23\nHP-UX B.11.31\n===========\nJre60.JRE60-COM\nJre60.JRE60-IPF32\nJre60.JRE60-IPF32-HS\nJre60.JRE60-IPF64\nJre60.JRE60-IPF64-HS\nJre60.JRE60-PA20\nJre60.JRE60-PA20-HS\nJre60.JRE60-PA20W\nJre60.JRE60-PA20W-HS\nJdk60.JDK60-COM\nJdk60.JDK60-IPF32\nJdk60.JDK60-IPF64\nJdk60.JDK60-PA20\nJdk60.JDK60-PA20W\naction: install revision 1.6.0.13.00 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) 23 January 2012 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in the title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners", "sources": [ { "db": "NVD", "id": "CVE-2011-3550" }, { "db": "JVNDB", "id": "JVNDB-2011-002584" }, { "db": "BID", "id": "50226" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "108800" }, { "db": "PACKETSTORM", "id": "123734" }, { "db": "PACKETSTORM", "id": "110783" }, { "db": "PACKETSTORM", "id": "105998" }, { "db": "PACKETSTORM", "id": "109072" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-3550", "trust": 3.2 }, { "db": "BID", "id": "50226", "trust": 1.9 }, { "db": "SECUNIA", "id": "48308", "trust": 1.1 }, { "db": "SECTRACK", "id": "1026215", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2011-002584", "trust": 0.8 }, { "db": "NSFOCUS", "id": "18001", "trust": 0.6 }, { "db": "NSFOCUS", "id": "19032", "trust": 0.6 }, { "db": "NSFOCUS", "id": "19819", "trust": 0.6 }, { "db": "NSFOCUS", "id": "19096", "trust": 0.6 }, { "db": "NSFOCUS", "id": "20539", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201110-483", "trust": 0.6 }, { "db": "HITACHI", "id": "HS11-024", "trust": 0.4 }, { "db": "ICS CERT", "id": "ICSA-17-213-02", "trust": 0.3 }, { "db": "SECUNIA", "id": "46694", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "106640", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106747", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "108800", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "123734", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "110783", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "105998", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "109072", "trust": 0.1 } ], "sources": [ { "db": "BID", "id": "50226" }, { "db": "JVNDB", "id": "JVNDB-2011-002584" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "108800" }, { "db": "PACKETSTORM", "id": "123734" }, { "db": "PACKETSTORM", "id": "110783" }, { "db": "PACKETSTORM", "id": "105998" }, { "db": "PACKETSTORM", "id": "109072" }, { "db": "CNNVD", "id": "CNNVD-201110-483" }, { "db": "NVD", "id": "CVE-2011-3550" } ] }, "id": "VAR-201110-0381", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 1.0 }, "last_update_date": "2024-08-14T13:03:24.919000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "HS11-024", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-024/index.html" }, { "title": "Oracle Java SE Critical Patch Update Advisory - October 2011", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" }, { "title": "RHSA-2013:1455", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2013-1455.html" }, { "title": "RHSA-2011:1384", "trust": 0.8, "url": "http://rhn.redhat.com/errata/RHSA-2011-1384.html" }, { "title": "October 2011 Critical Patch Updates Released", "trust": 0.8, "url": "http://blogs.oracle.com/security/entry/october_2011_critical_patch_updates" }, { "title": "VMSA-2012-0003", "trust": 0.8, "url": "http://www.vmware.com/jp/support/support-resources/advisories/VMSA-2012-0003.html" }, { "title": "HS11-024", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-024/index.html" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-002584" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2011-3550" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" }, { "trust": 1.7, "url": "http://www.ibm.com/developerworks/java/jdk/alerts/" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/50226" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2013-1455.html" }, { "trust": 1.0, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2" }, { "trust": 1.0, "url": "http://secunia.com/advisories/48308" }, { "trust": 1.0, "url": "http://www.redhat.com/support/errata/rhsa-2011-1384.html" }, { "trust": 1.0, "url": "http://www.securitytracker.com/id?1026215" }, { "trust": 1.0, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70843" }, { "trust": 1.0, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14162" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3550" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3550" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/18001" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/19096" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/19032" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/19819" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/20539" }, { "trust": 0.4, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs11-024/index.html" }, { "trust": 0.4, "url": "http://www.xerox.com/download/security/security-bulletin/1284333-14afb-4baadb5bccb00/cert_xrx12-002_v1.1.pdf" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3550" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3549" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3521" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3546" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3545" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3553" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3560" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3516" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3554" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3552" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3544" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3389" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3561" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3556" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3557" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3548" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3551" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3547" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-213-02" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100150852" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100154049" }, { "trust": 0.3, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03358587" }, { "trust": 0.3, "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?docid=emr_na-c03909126-1\u0026ac.admitted=1378134276525.876444892.492883150" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643845" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21641966" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21609004" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21609022" }, { "trust": 0.3, "url": "http://lists.vmware.com/pipermail/security-announce/2012/000162.html" }, { "trust": 0.3, "url": "http://www.vmware.com/security/advisories/vmsa-2012-0005.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3560.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3547.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3548.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3557.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3554.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3553.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3556.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3549.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3551.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3546.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3516.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3545.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3389.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3561.html" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.3, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3550.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3544.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3521.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-3552.html" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.3, "url": "http://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.2, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.2, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.2, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.2, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.2, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.2, "url": "https://access.redhat.com/kb/docs/doc-11259" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4474" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3565" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0814" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3563" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3570" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0864" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3553" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4451" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3516" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3557" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3550" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0865" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4471" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3550" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3557" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3562" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3567" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3556" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3550" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4447" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4476" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3549" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3554" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3563" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0862" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4466" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3568" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4467" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3567" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4465" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4472" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3556" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0863" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3568" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3548" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3558" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3566" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3549" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3562" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3556" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3573" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3552" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4462" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4469" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4448" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3521" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3546" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3569" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3559" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0871" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0815" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3561" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3554" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4475" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3569" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3559" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3573" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3549" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3565" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0872" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3552" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3554" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3552" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4470" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4422" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3553" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0867" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4468" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3551" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4463" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3544" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3570" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3545" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3547" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0869" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3566" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4452" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0802" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3551" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4422" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3553" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4473" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3558" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201111-02.xml" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0873" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0868" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4454" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3389" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3551" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3557" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46694/#comments" }, { "trust": 0.1, "url": "http://secunia.com/products/corporate/vim/ovum_2011_request/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46694" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46694/" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2012-0034.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2468.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0873.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1540.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1476.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2463.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2446.html" }, { "trust": 0.1, "url": "https://access.redhat.com/site/articles/11258" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1500.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0428.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1480.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2419.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3563.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0401.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2444.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0425.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2454.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5089.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1722.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5079.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0497.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0500.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0419.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2422.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1721.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5081.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0409.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5071.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0863.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0423.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1532.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3216.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5069.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0499.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0862" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0867.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5084.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0443.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0507.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2451.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0809.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1487.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0351.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0814.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-4820.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0503.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0427.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0433.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1493.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1569.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5073.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-4823.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2435.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2456.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-3743.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#low" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2407.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0871.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2470.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5068.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1541.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0868.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-4822.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0873" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3159.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1557.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5075.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2471.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2429.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2443.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1713.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3213.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0441.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2457.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2412.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5072.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1718.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0432.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0446.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1481.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1537.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1717.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1531.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2432.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2447.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0802.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2452.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0865.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0450.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1491.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2464.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0862.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1571.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2383.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2418.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1473.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0547.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1563.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2465.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2472.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2466.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2424.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2453.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0867" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2473.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2433.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2437.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1716.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0506.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-5083.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0501.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1533.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3342.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0869" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0426.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2450.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-3143.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0440.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1725.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0865" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0502.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2417.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0445.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2394.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2455.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0498.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1682.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2442.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2459.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2430.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0442.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0551.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0424.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0869.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2448.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0863" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1719.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1486.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-5035.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2384.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0169.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0505.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2469.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0438.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0871" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0868" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1478.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0435.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-0434.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0802" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0814" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2420.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-2440.html" }, { "trust": 0.1, "url": "http://secunia.com/psi_30_beta_launch" }, { "trust": 0.1, "url": "http://secunia.com/advisories/48308/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/48308/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48308" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3555" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2011-1384.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3558.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3555.html" }, { "trust": 0.1, "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.1, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.1, "url": "http://www.hp.com/go/java" }, { "trust": 0.1, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430" }, { "trust": 0.1, "url": "https://www.hp.com/go/swa" } ], "sources": [ { "db": "BID", "id": "50226" }, { "db": "JVNDB", "id": "JVNDB-2011-002584" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "108800" }, { "db": "PACKETSTORM", "id": "123734" }, { "db": "PACKETSTORM", "id": "110783" }, { "db": "PACKETSTORM", "id": "105998" }, { "db": "PACKETSTORM", "id": "109072" }, { "db": "CNNVD", "id": "CNNVD-201110-483" }, { "db": "NVD", "id": "CVE-2011-3550" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "50226" }, { "db": "JVNDB", "id": "JVNDB-2011-002584" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "106747" }, { "db": "PACKETSTORM", "id": "108800" }, { "db": "PACKETSTORM", "id": "123734" }, { "db": "PACKETSTORM", "id": "110783" }, { "db": "PACKETSTORM", "id": "105998" }, { "db": "PACKETSTORM", "id": "109072" }, { "db": "CNNVD", "id": "CNNVD-201110-483" }, { "db": "NVD", "id": "CVE-2011-3550" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-10-18T00:00:00", "db": "BID", "id": "50226" }, { "date": "2011-10-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-002584" }, { "date": "2011-11-06T01:01:42", "db": "PACKETSTORM", "id": "106640" }, { "date": "2011-11-08T04:55:18", "db": "PACKETSTORM", "id": "106747" }, { "date": "2012-01-18T23:25:42", "db": "PACKETSTORM", "id": "108800" }, { "date": "2013-10-23T22:57:57", "db": "PACKETSTORM", "id": "123734" }, { "date": "2012-03-14T05:16:39", "db": "PACKETSTORM", "id": "110783" }, { "date": "2011-10-19T22:54:10", "db": "PACKETSTORM", "id": "105998" }, { "date": "2012-01-25T16:35:02", "db": "PACKETSTORM", "id": "109072" }, { "date": "1900-01-01T00:00:00", "db": "CNNVD", "id": "CNNVD-201110-483" }, { "date": "2011-10-19T21:55:01.377000", "db": "NVD", "id": "CVE-2011-3550" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-08-02T18:09:00", "db": "BID", "id": "50226" }, { "date": "2015-08-11T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-002584" }, { "date": "2011-10-21T00:00:00", "db": "CNNVD", "id": "CNNVD-201110-483" }, { "date": "2018-01-06T02:29:20.143000", "db": "NVD", "id": "CVE-2011-3550" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "109072" }, { "db": "CNNVD", "id": "CNNVD-201110-483" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Oracle Java SE of Java Runtime Environment (JRE) Component vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-002584" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-201110-483" } ], "trust": 0.6 } }