var-201205-0058
Vulnerability from variot
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE 7 update 4 and earlier and 6 update 32 and earlier, and the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Web Container or Deployment. Oracle GlassFish Server is prone to multiple cross-site scripting and HTML-injection vulnerabilities that affect the administrative web interface. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. This vulnerability affects the following supported versions: GlassFish Enterprise Server 3.1.1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: java-1.6.0-sun security update Advisory ID: RHSA-2012:0734-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0734.html Issue date: 2012-06-13 CVE Names: CVE-2012-0551 CVE-2012-1711 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 CVE-2012-1721 CVE-2012-1722 CVE-2012-1723 CVE-2012-1724 CVE-2012-1725 =====================================================================
- Summary:
Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
- Description:
The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit.
This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section. (CVE-2012-0551, CVE-2012-1711, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1721, CVE-2012-1722, CVE-2012-1723, CVE-2012-1724, CVE-2012-1725)
All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide JDK and JRE 6 Update 33 and resolve these issues. All running instances of Sun Java must be restarted for the update to take effect.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258
- Bugs fixed (http://bugzilla.redhat.com/):
829354 - CVE-2012-1711 OpenJDK: improper protection of CORBA data models (CORBA, 7079902)
829358 - CVE-2012-1717 OpenJDK: insecure temporary file permissions (JRE, 7143606)
829360 - CVE-2012-1716 OpenJDK: SynthLookAndFeel application context bypass (Swing, 7143614)
829361 - CVE-2012-1713 OpenJDK: fontmanager layout lookup code memory corruption (2D, 7143617)
829371 - CVE-2012-1719 OpenJDK: mutable repository identifiers in generated stub code (CORBA, 7143851)
829372 - CVE-2012-1718 OpenJDK: CRL and certificate extensions handling improvements (Security, 7143872)
829373 - CVE-2012-1723 OpenJDK: insufficient field accessibility checks (HotSpot, 7152811)
829374 - CVE-2012-1724 OpenJDK: XML parsing infinite loop (JAXP, 7157609)
829376 - CVE-2012-1725 OpenJDK: insufficient invokespecial
- Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386: java-1.6.0-sun-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-demo-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-src-1.6.0.33-1jpp.1.el5_8.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-1.6.0.33-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-demo-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-demo-1.6.0.33-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-src-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-src-1.6.0.33-1jpp.1.el5_8.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386: java-1.6.0-sun-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-demo-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-src-1.6.0.33-1jpp.1.el5_8.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-1.6.0.33-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-demo-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-demo-1.6.0.33-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-src-1.6.0.33-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-src-1.6.0.33-1jpp.1.el5_8.x86_64.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: java-1.6.0-sun-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-demo-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-src-1.6.0.33-1jpp.1.el6_2.i686.rpm
x86_64: java-1.6.0-sun-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-demo-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-src-1.6.0.33-1jpp.1.el6_2.x86_64.rpm
Red Hat Enterprise Linux HPC Node Supplementary (v. 6):
x86_64: java-1.6.0-sun-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-demo-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-src-1.6.0.33-1jpp.1.el6_2.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: java-1.6.0-sun-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-demo-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-src-1.6.0.33-1jpp.1.el6_2.i686.rpm
x86_64: java-1.6.0-sun-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-demo-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-src-1.6.0.33-1jpp.1.el6_2.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: java-1.6.0-sun-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-demo-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-src-1.6.0.33-1jpp.1.el6_2.i686.rpm
x86_64: java-1.6.0-sun-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-demo-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-devel-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-src-1.6.0.33-1jpp.1.el6_2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2012-0551.html https://www.redhat.com/security/data/cve/CVE-2012-1711.html https://www.redhat.com/security/data/cve/CVE-2012-1713.html https://www.redhat.com/security/data/cve/CVE-2012-1716.html https://www.redhat.com/security/data/cve/CVE-2012-1717.html https://www.redhat.com/security/data/cve/CVE-2012-1718.html https://www.redhat.com/security/data/cve/CVE-2012-1719.html https://www.redhat.com/security/data/cve/CVE-2012-1721.html https://www.redhat.com/security/data/cve/CVE-2012-1722.html https://www.redhat.com/security/data/cve/CVE-2012-1723.html https://www.redhat.com/security/data/cve/CVE-2012-1724.html https://www.redhat.com/security/data/cve/CVE-2012-1725.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFP2PdfXlSAg2UNWIIRAmPoAKC0e7v7/kro/BSlg3WvTcUuUsY5GwCgnIxh yIn7jJFAEdlZRgCuCNL1mk0= =TbeE -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Oracle GlassFish Enterprise Server Cross-Site Scripting and Request Forgery
SECUNIA ADVISORY ID: SA48798
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48798/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48798
RELEASE DATE: 2012-04-18
DISCUSS ADVISORY: http://secunia.com/advisories/48798/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/48798/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48798
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Security-Assessment.com has reported some vulnerabilities in Oracle GlassFish Enterprise Server, which can be exploited by malicious people to conduct cross-site scripting and request forgery attacks.
1) The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. uploading an arbitrary WAR archive by tricking a logged-in administrator into visiting a specially crafted web page.
2) Input passed via multiple parameters to various scripts is not properly sanitised before being returned to the user.
The vulnerabilities are reported in version 3.1.1 (build 12).
SOLUTION: Apply patch (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY: Roberto Suggi Liverani, Security-Assessment.com.
ORIGINAL ADVISORY: Oracle: https://blogs.oracle.com/security/entry/april_2012_critical_patch_update http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html#AppendixSUNS
Security-Assessment.com: http://www.security-assessment.com/files/documents/advisory/Oracle_GlassFish_Server_REST_CSRF.pdf http://www.security-assessment.com/files/documents/advisory/Oracle_GlassFish_Server_Multiple_XSS.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03441075
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03441075 Version: 1
HPSBUX02805 SSRT100919 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2012-08-13 Last Updated: 2012-08-13
Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
References: CVE-2012-0508, CVE-2012-0551, CVE-2012-1711, CVE-2012-1713, CVE-2012-1716, CVE-2012-1718, CVE-2012-1719, CVE-2012-1720, CVE-2012-1721, CVE-2012-1722, CVE-2012-1723, CVE-2012-1724, CVE-2012-1725, CVE-2012-1726
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running HP JDK and JRE 7.0.02 and 6.0.15
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2012-0508 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-0551 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8 CVE-2012-1711 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-1713 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-1716 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-1718 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-1719 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2012-1720 (AV:L/AC:H/Au:N/C:P/I:P/A:P) 3.7 CVE-2012-1721 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-1722 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-1723 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-1724 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-1725 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-1726 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following Java version upgrade to resolve these vulnerabilities. The upgrade is available from the following location
http://www.hp.com/go/java
HP-UX B.11.23, B.11.31 / JDK and JRE v7.0.02 or subsequent
HP-UX B.11.23, B.11.31 / JDK and JRE v6.0.15 or subsequent
HP-UX B.11.11, B.11.23 / JDK and JRE v6.0.15 or subsequent
MANUAL ACTIONS: Yes - Update For Java v7.0 update to Java v7.0.02 or subsequent For Java v6.0 update to Java v6.0.15 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.23 HP-UX B.11.31 =========== Jdk70.JDK70-COM Jdk70.JDK70-DEMO Jdk70.JDK70-IPF32 Jdk70.JDK70-IPF64 Jre70.JRE70-COM Jre70.JRE70-IPF32 Jre70.JRE70-IPF32-HS Jre70.JRE70-IPF64 Jre70.JRE70-IPF64-HS action: install revision 1.7.0.02.00 or subsequent
HP-UX B.11.23 HP-UX B.11.31 =========== Jdk60.JDK60-COM Jdk60.JDK60-DEMO Jdk60.JDK60-IPF32 Jdk60.JDK60-IPF64 Jre60.JRE60-COM Jre60.JRE60-IPF32 Jre60.JRE60-IPF32-HS Jre60.JRE60-IPF64 Jre60.JRE60-IPF64-HS action: install revision 1.6.0.15.00 or subsequent
HP-UX B.11.11 HP-UX B.11.23 =========== Jdk60.JDK60-COM Jdk60.JDK60-DEMO Jdk60.JDK60-PA20 Jdk60.JDK60-PA20W Jre60.JRE60-COM Jre60.JRE60-COM-DOC Jre60.JRE60-PA20 Jre60.JRE60-PA20-HS Jre60.JRE60-PA20W Jre60.JRE60-PA20W-HS action: install revision 1.6.0.15.00 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) - 13 August 2012 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201205-0058",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "jdk",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.6.0"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.6.0"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.6.0"
},
{
"model": "jre",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "jdk",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "jdk",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "1.6.0"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.1.1"
},
{
"model": "jre",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "1.6.0"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.6.0"
},
{
"model": "jre 17",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 13",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 12",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 07",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.7"
},
{
"model": "jre 1.6.0 31",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 21",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 19",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 18",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 15",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 14",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 11",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 03",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 02",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 01",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 17",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk 14",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk 13",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk 11",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk 07",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk 1.6.0 21",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 20",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 19",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 18",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 15",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 03",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 02",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.7.0 4",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.7.0 2",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.6.0 32",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.6.0 30",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.6.0 28",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.6.0 27",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.6.0 26",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.6.0 25",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.6.0 24",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.6.0 23",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.6.0 22",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7"
},
{
"model": "jdk 1.7.0 4",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.7.0 2",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0 32",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0 30",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0 28",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0 27",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0 26",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0 25",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0 24",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0 23",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0 22",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.6.0 20",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 2",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 01",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "jdk 01-b06",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.6"
},
{
"model": "freeflow print server 73.c0.41",
"scope": null,
"trust": 0.3,
"vendor": "xerox",
"version": null
},
{
"model": "freeflow print server 73.b3.61",
"scope": null,
"trust": 0.3,
"vendor": "xerox",
"version": null
},
{
"model": "esx",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.0"
},
{
"model": "esx",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.5"
},
{
"model": "linux enterprise server for vmware sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise java sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise software development kit sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "jdk 1.6.0 01-b06",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "jdk 01",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.07"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.06"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.05"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.04"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.03"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.021"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.020"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.019"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.018"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.017"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.016"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.015"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.014"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.013"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.012"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.011"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.010"
},
{
"model": "trio tview software",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "3.27.0"
},
{
"model": "network satellite (for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6)5.5"
},
{
"model": "network satellite (for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5)5.5"
},
{
"model": "enterprise linux workstation supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux supplementary server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "enterprise linux server supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux hpc node supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux desktop supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux desktop supplementary client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "glassfish enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.1"
},
{
"model": "tivoli monitoring for energy management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3.2.1"
},
{
"model": "rational synergy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.6"
},
{
"model": "rational method composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.2"
},
{
"model": "java se sr1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"model": "java se sr10",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"model": "java se sr13",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "java se sr12-fp5",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "java se sr11 pf1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "java se sr11",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "java se sr10",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "java sdk sr1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"model": "java sdk 1.4.2.sr13-fp5",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "java sdk sr13-fp9",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.2"
},
{
"model": "java sdk sr13-fp6",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.2"
},
{
"model": "java sdk sr13-fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.2"
},
{
"model": "java sdk sr13-fp10",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.2"
},
{
"model": "java sdk sr13-fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.2"
},
{
"model": "java sdk sr13 fp11",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.2"
},
{
"model": "doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.4"
},
{
"model": "doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "db2 query management facility",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.19"
},
{
"model": "db2 query management facility",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.5"
},
{
"model": "nonstop server j6.0.14.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.16",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.15.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.15",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.14.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.14",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.13.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.13",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.12.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.11.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.11.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.10.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.10.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.10.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.09.04",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.09.03",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.09.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.09.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.09.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.08.04",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.08.03",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.08.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.08.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.08.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.07.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.07.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.07.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.06.03",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.06.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.06.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.06.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.05.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.05.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.05.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.04.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.04.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.04.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.27",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.26.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.26",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.25.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.25",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.24.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.24",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.22.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.22.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.21.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.21.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.21.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.20.03",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.20.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.20.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.20.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.19.03",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.19.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.19.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.19.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.18.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.18.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.18.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.17.03",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.17.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.17.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.17.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.16.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.16.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.16.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.15.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.15.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.15.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "reflection",
"scope": "eq",
"trust": 0.3,
"vendor": "attachmate",
"version": "x2011"
},
{
"model": "reflection suite for",
"scope": "eq",
"trust": 0.3,
"vendor": "attachmate",
"version": "x2011"
},
{
"model": "reflection for secure it windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "attachmate",
"version": "0"
},
{
"model": "reflection for secure it unix server",
"scope": "eq",
"trust": 0.3,
"vendor": "attachmate",
"version": "0"
},
{
"model": "reflection for secure it unix client",
"scope": "eq",
"trust": 0.3,
"vendor": "attachmate",
"version": "0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"model": "trio tview software",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "3.29.0"
},
{
"model": "rational synergy",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.7"
},
{
"model": "rational method composer",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.2.1"
},
{
"model": "java se sr2",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"model": "java se sr2-fp1",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1"
},
{
"model": "java se sr11",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"model": "java se sr14",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "java sdk sr2",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"model": "java sdk sr13 fp13",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.2"
},
{
"model": "doors web access",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"model": "db2 query management facility",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.20"
},
{
"model": "db2 query management facility",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.6"
}
],
"sources": [
{
"db": "BID",
"id": "53136"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-325"
},
{
"db": "NVD",
"id": "CVE-2012-0551"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201204-325"
}
],
"trust": 0.6
},
"cve": "CVE-2012-0551",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2012-0551",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-0551",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201204-325",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201204-325"
},
{
"db": "NVD",
"id": "CVE-2012-0551"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE 7 update 4 and earlier and 6 update 32 and earlier, and the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Web Container or Deployment. Oracle GlassFish Server is prone to multiple cross-site scripting and HTML-injection vulnerabilities that affect the administrative web interface. \nSuccessful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. \nThis vulnerability affects the following supported versions:\nGlassFish Enterprise Server 3.1.1. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: java-1.6.0-sun security update\nAdvisory ID: RHSA-2012:0734-01\nProduct: Red Hat Enterprise Linux Extras\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2012-0734.html\nIssue date: 2012-06-13\nCVE Names: CVE-2012-0551 CVE-2012-1711 CVE-2012-1713 \n CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 \n CVE-2012-1719 CVE-2012-1721 CVE-2012-1722 \n CVE-2012-1723 CVE-2012-1724 CVE-2012-1725 \n=====================================================================\n\n1. Summary:\n\nUpdated java-1.6.0-sun packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5 and 6 Supplementary. \n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. Description:\n\nThe Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and\nthe Sun Java 6 Software Development Kit. \n\nThis update fixes several vulnerabilities in the Sun Java 6 Runtime\nEnvironment and the Sun Java 6 Software Development Kit. Further\ninformation about these flaws can be found on the Oracle Java SE Critical\nPatch page, listed in the References section. (CVE-2012-0551,\nCVE-2012-1711, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718,\nCVE-2012-1719, CVE-2012-1721, CVE-2012-1722, CVE-2012-1723, CVE-2012-1724,\nCVE-2012-1725)\n\nAll users of java-1.6.0-sun are advised to upgrade to these updated\npackages, which provide JDK and JRE 6 Update 33 and resolve these issues. \nAll running instances of Sun Java must be restarted for the update to take\neffect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n829354 - CVE-2012-1711 OpenJDK: improper protection of CORBA data models (CORBA, 7079902)\n829358 - CVE-2012-1717 OpenJDK: insecure temporary file permissions (JRE, 7143606)\n829360 - CVE-2012-1716 OpenJDK: SynthLookAndFeel application context bypass (Swing, 7143614)\n829361 - CVE-2012-1713 OpenJDK: fontmanager layout lookup code memory corruption (2D, 7143617)\n829371 - CVE-2012-1719 OpenJDK: mutable repository identifiers in generated stub code (CORBA, 7143851)\n829372 - CVE-2012-1718 OpenJDK: CRL and certificate extensions handling improvements (Security, 7143872)\n829373 - CVE-2012-1723 OpenJDK: insufficient field accessibility checks (HotSpot, 7152811)\n829374 - CVE-2012-1724 OpenJDK: XML parsing infinite loop (JAXP, 7157609)\n829376 - CVE-2012-1725 OpenJDK: insufficient invokespecial \u003cinit\u003e verification (HotSpot, 7160757)\n831353 - CVE-2012-1721 Oracle JDK: unspecified vulnerability fixed in 6u33 and 7u5 (Deployment)\n831354 - CVE-2012-1722 Oracle JDK: unspecified vulnerability fixed in 6u33 and 7u5 (Deployment)\n831355 - CVE-2012-0551 Oracle JDK: unspecified vulnerability fixed in 6u33 and 7u5 (Deployment)\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5):\n\ni386:\njava-1.6.0-sun-1.6.0.33-1jpp.1.el5_8.i586.rpm\njava-1.6.0-sun-demo-1.6.0.33-1jpp.1.el5_8.i586.rpm\njava-1.6.0-sun-devel-1.6.0.33-1jpp.1.el5_8.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el5_8.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el5_8.i586.rpm\njava-1.6.0-sun-src-1.6.0.33-1jpp.1.el5_8.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.33-1jpp.1.el5_8.i586.rpm\njava-1.6.0-sun-1.6.0.33-1jpp.1.el5_8.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.33-1jpp.1.el5_8.i586.rpm\njava-1.6.0-sun-demo-1.6.0.33-1jpp.1.el5_8.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.33-1jpp.1.el5_8.i586.rpm\njava-1.6.0-sun-devel-1.6.0.33-1jpp.1.el5_8.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el5_8.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el5_8.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el5_8.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el5_8.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.33-1jpp.1.el5_8.i586.rpm\njava-1.6.0-sun-src-1.6.0.33-1jpp.1.el5_8.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 5):\n\ni386:\njava-1.6.0-sun-1.6.0.33-1jpp.1.el5_8.i586.rpm\njava-1.6.0-sun-demo-1.6.0.33-1jpp.1.el5_8.i586.rpm\njava-1.6.0-sun-devel-1.6.0.33-1jpp.1.el5_8.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el5_8.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el5_8.i586.rpm\njava-1.6.0-sun-src-1.6.0.33-1jpp.1.el5_8.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.33-1jpp.1.el5_8.i586.rpm\njava-1.6.0-sun-1.6.0.33-1jpp.1.el5_8.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.33-1jpp.1.el5_8.i586.rpm\njava-1.6.0-sun-demo-1.6.0.33-1jpp.1.el5_8.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.33-1jpp.1.el5_8.i586.rpm\njava-1.6.0-sun-devel-1.6.0.33-1jpp.1.el5_8.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el5_8.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el5_8.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el5_8.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el5_8.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.33-1jpp.1.el5_8.i586.rpm\njava-1.6.0-sun-src-1.6.0.33-1jpp.1.el5_8.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\njava-1.6.0-sun-1.6.0.33-1jpp.1.el6_2.i686.rpm\njava-1.6.0-sun-demo-1.6.0.33-1jpp.1.el6_2.i686.rpm\njava-1.6.0-sun-devel-1.6.0.33-1jpp.1.el6_2.i686.rpm\njava-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el6_2.i686.rpm\njava-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el6_2.i686.rpm\njava-1.6.0-sun-src-1.6.0.33-1jpp.1.el6_2.i686.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.33-1jpp.1.el6_2.i686.rpm\njava-1.6.0-sun-1.6.0.33-1jpp.1.el6_2.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.33-1jpp.1.el6_2.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.33-1jpp.1.el6_2.i686.rpm\njava-1.6.0-sun-devel-1.6.0.33-1jpp.1.el6_2.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el6_2.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el6_2.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.33-1jpp.1.el6_2.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6):\n\nx86_64:\njava-1.6.0-sun-1.6.0.33-1jpp.1.el6_2.i686.rpm\njava-1.6.0-sun-1.6.0.33-1jpp.1.el6_2.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.33-1jpp.1.el6_2.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.33-1jpp.1.el6_2.i686.rpm\njava-1.6.0-sun-devel-1.6.0.33-1jpp.1.el6_2.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.33-1jpp.1.el6_2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\njava-1.6.0-sun-1.6.0.33-1jpp.1.el6_2.i686.rpm\njava-1.6.0-sun-demo-1.6.0.33-1jpp.1.el6_2.i686.rpm\njava-1.6.0-sun-devel-1.6.0.33-1jpp.1.el6_2.i686.rpm\njava-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el6_2.i686.rpm\njava-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el6_2.i686.rpm\njava-1.6.0-sun-src-1.6.0.33-1jpp.1.el6_2.i686.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.33-1jpp.1.el6_2.i686.rpm\njava-1.6.0-sun-1.6.0.33-1jpp.1.el6_2.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.33-1jpp.1.el6_2.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.33-1jpp.1.el6_2.i686.rpm\njava-1.6.0-sun-devel-1.6.0.33-1jpp.1.el6_2.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el6_2.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el6_2.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.33-1jpp.1.el6_2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\njava-1.6.0-sun-1.6.0.33-1jpp.1.el6_2.i686.rpm\njava-1.6.0-sun-demo-1.6.0.33-1jpp.1.el6_2.i686.rpm\njava-1.6.0-sun-devel-1.6.0.33-1jpp.1.el6_2.i686.rpm\njava-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el6_2.i686.rpm\njava-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el6_2.i686.rpm\njava-1.6.0-sun-src-1.6.0.33-1jpp.1.el6_2.i686.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.33-1jpp.1.el6_2.i686.rpm\njava-1.6.0-sun-1.6.0.33-1jpp.1.el6_2.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.33-1jpp.1.el6_2.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.33-1jpp.1.el6_2.i686.rpm\njava-1.6.0-sun-devel-1.6.0.33-1jpp.1.el6_2.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.33-1jpp.1.el6_2.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.33-1jpp.1.el6_2.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.33-1jpp.1.el6_2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2012-0551.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-1711.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-1713.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-1716.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-1717.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-1718.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-1719.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-1721.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-1722.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-1723.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-1724.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-1725.html\nhttps://access.redhat.com/security/updates/classification/#critical\nhttp://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFP2PdfXlSAg2UNWIIRAmPoAKC0e7v7/kro/BSlg3WvTcUuUsY5GwCgnIxh\nyIn7jJFAEdlZRgCuCNL1mk0=\n=TbeE\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. In a typical operating environment, these are of low security risk as\nthe runtime is not used on untrusted applets. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nOracle GlassFish Enterprise Server Cross-Site Scripting and Request\nForgery\n\nSECUNIA ADVISORY ID:\nSA48798\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/48798/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48798\n\nRELEASE DATE:\n2012-04-18\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/48798/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/48798/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48798\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nSecurity-Assessment.com has reported some vulnerabilities in Oracle\nGlassFish Enterprise Server, which can be exploited by malicious\npeople to conduct cross-site scripting and request forgery attacks. \n\n1) The application allows users to perform certain actions via HTTP\nrequests without performing proper validity checks to verify the\nrequests. This can be exploited to e.g. uploading an arbitrary WAR\narchive by tricking a logged-in administrator into visiting a\nspecially crafted web page. \n\n2) Input passed via multiple parameters to various scripts is not\nproperly sanitised before being returned to the user. \n\nThe vulnerabilities are reported in version 3.1.1 (build 12). \n\nSOLUTION:\nApply patch (please see the vendor\u0027s advisory for details). \n\nPROVIDED AND/OR DISCOVERED BY:\nRoberto Suggi Liverani, Security-Assessment.com. \n\nORIGINAL ADVISORY:\nOracle:\nhttps://blogs.oracle.com/security/entry/april_2012_critical_patch_update\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html#AppendixSUNS\n\nSecurity-Assessment.com:\nhttp://www.security-assessment.com/files/documents/advisory/Oracle_GlassFish_Server_REST_CSRF.pdf\nhttp://www.security-assessment.com/files/documents/advisory/Oracle_GlassFish_Server_Multiple_XSS.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c03441075\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c03441075\nVersion: 1\n\nHPSBUX02805 SSRT100919 rev.1 - HP-UX Running Java, Remote Unauthorized\nAccess, Disclosure of Information, and Other Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2012-08-13\nLast Updated: 2012-08-13\n\n- -----------------------------------------------------------------------------\n\nPotential Security Impact: Remote unauthorized access, disclosure of\ninformation, and other vulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified in Java Runtime\nEnvironment (JRE) and Java Developer Kit (JDK) running on HP-UX. These\nvulnerabilities could allow remote unauthorized access, disclosure of\ninformation, and other vulnerabilities. \n\nReferences: CVE-2012-0508, CVE-2012-0551, CVE-2012-1711, CVE-2012-1713,\nCVE-2012-1716, CVE-2012-1718, CVE-2012-1719, CVE-2012-1720, CVE-2012-1721,\nCVE-2012-1722, CVE-2012-1723, CVE-2012-1724, CVE-2012-1725, CVE-2012-1726\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, and B.11.31 running HP JDK and JRE 7.0.02 and 6.0.15\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2012-0508 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2012-0551 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8\nCVE-2012-1711 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2012-1713 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2012-1716 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2012-1718 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2012-1719 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2012-1720 (AV:L/AC:H/Au:N/C:P/I:P/A:P) 3.7\nCVE-2012-1721 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2012-1722 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2012-1723 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2012-1724 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2012-1725 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2012-1726 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following Java version upgrade to resolve these\nvulnerabilities. \nThe upgrade is available from the following location\n\nhttp://www.hp.com/go/java\n\nHP-UX B.11.23, B.11.31 / JDK and JRE v7.0.02 or subsequent\n\nHP-UX B.11.23, B.11.31 / JDK and JRE v6.0.15 or subsequent\n\nHP-UX B.11.11, B.11.23 / JDK and JRE v6.0.15 or subsequent\n\nMANUAL ACTIONS: Yes - Update\nFor Java v7.0 update to Java v7.0.02 or subsequent\nFor Java v6.0 update to Java v6.0.15 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.23\nHP-UX B.11.31\n===========\nJdk70.JDK70-COM\nJdk70.JDK70-DEMO\nJdk70.JDK70-IPF32\nJdk70.JDK70-IPF64\nJre70.JRE70-COM\nJre70.JRE70-IPF32\nJre70.JRE70-IPF32-HS\nJre70.JRE70-IPF64\nJre70.JRE70-IPF64-HS\naction: install revision 1.7.0.02.00 or subsequent\n\nHP-UX B.11.23\nHP-UX B.11.31\n===========\nJdk60.JDK60-COM\nJdk60.JDK60-DEMO\nJdk60.JDK60-IPF32\nJdk60.JDK60-IPF64\nJre60.JRE60-COM\nJre60.JRE60-IPF32\nJre60.JRE60-IPF32-HS\nJre60.JRE60-IPF64\nJre60.JRE60-IPF64-HS\naction: install revision 1.6.0.15.00 or subsequent\n\nHP-UX B.11.11\nHP-UX B.11.23\n===========\nJdk60.JDK60-COM\nJdk60.JDK60-DEMO\nJdk60.JDK60-PA20\nJdk60.JDK60-PA20W\nJre60.JRE60-COM\nJre60.JRE60-COM-DOC\nJre60.JRE60-PA20\nJre60.JRE60-PA20-HS\nJre60.JRE60-PA20W\nJre60.JRE60-PA20W-HS\naction: install revision 1.6.0.15.00 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 13 August 2012 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated\nperiodically, is contained in HP Security Notice HPSN-2011-001:\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttp://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits;damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0551"
},
{
"db": "BID",
"id": "53136"
},
{
"db": "PACKETSTORM",
"id": "113609"
},
{
"db": "PACKETSTORM",
"id": "116312"
},
{
"db": "PACKETSTORM",
"id": "123734"
},
{
"db": "PACKETSTORM",
"id": "112075"
},
{
"db": "PACKETSTORM",
"id": "116648"
},
{
"db": "PACKETSTORM",
"id": "115550"
},
{
"db": "PACKETSTORM",
"id": "113943"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-0551",
"trust": 2.6
},
{
"db": "BID",
"id": "53136",
"trust": 1.9
},
{
"db": "SECTRACK",
"id": "1026941",
"trust": 1.6
},
{
"db": "CNNVD",
"id": "CNNVD-201204-325",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-213-02",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "112061",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "113609",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116312",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "123734",
"trust": 0.1
},
{
"db": "SECUNIA",
"id": "48798",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "112075",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116648",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "115550",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "113943",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "53136"
},
{
"db": "PACKETSTORM",
"id": "112061"
},
{
"db": "PACKETSTORM",
"id": "113609"
},
{
"db": "PACKETSTORM",
"id": "116312"
},
{
"db": "PACKETSTORM",
"id": "123734"
},
{
"db": "PACKETSTORM",
"id": "112075"
},
{
"db": "PACKETSTORM",
"id": "116648"
},
{
"db": "PACKETSTORM",
"id": "115550"
},
{
"db": "PACKETSTORM",
"id": "113943"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-325"
},
{
"db": "NVD",
"id": "CVE-2012-0551"
}
]
},
"id": "VAR-201205-0058",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-09-19T22:31:47.688000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle Sun Products Suite GlassFish Enterprise Server Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=192727"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201204-325"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0551"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html"
},
{
"trust": 1.9,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
},
{
"trust": 1.7,
"url": "http://rhn.redhat.com/errata/rhsa-2012-0734.html"
},
{
"trust": 1.7,
"url": "http://rhn.redhat.com/errata/rhsa-2013-1455.html"
},
{
"trust": 1.6,
"url": "http://rhn.redhat.com/errata/rhsa-2013-1456.html"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00035.html"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html"
},
{
"trust": 1.6,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a16707"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/53136"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id?1026941"
},
{
"trust": 1.6,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2013:150"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=134496371727681\u0026w=2"
},
{
"trust": 0.8,
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0551"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/security/data/cve/cve-2012-1725.html"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1713"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/security/data/cve/cve-2012-1717.html"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/security/data/cve/cve-2012-1722.html"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0551.html"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/security/data/cve/cve-2012-1721.html"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/security/data/cve/cve-2012-1719.html"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1721"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1725"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1722"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1716"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/security/data/cve/cve-2012-1716.html"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/security/data/cve/cve-2012-1713.html"
},
{
"trust": 0.5,
"url": "http://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1719"
},
{
"trust": 0.4,
"url": "http://www.security-assessment.com/files/documents/advisory/oracle_glassfish_server_multiple_xss.pdf"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1718"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.4,
"url": "https://www.redhat.com/security/data/cve/cve-2012-1718.html"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1717"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/knowledge/articles/11258"
},
{
"trust": 0.3,
"url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03441075\u0026ac.admitted=1344943226168.876444892.199480143"
},
{
"trust": 0.3,
"url": "http://java.sun.com"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21617984"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24033779"
},
{
"trust": 0.3,
"url": "http://support.attachmate.com/techdocs/2560.html"
},
{
"trust": 0.3,
"url": "http://www.xerox.com/download/security/security-bulletin/16aeb-4cd3628b94080/cert_xrx12-009_v1.1.pdf"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-213-02"
},
{
"trust": 0.3,
"url": "http://h20565.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?docid=emr_na-c03909126-1\u0026ac.admitted=1378134276525.876444892.492883150"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21614441"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620862"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21618977"
},
{
"trust": 0.3,
"url": "http://www.vmware.com/security/advisories/vmsa-2012-0013.html"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1711"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1723"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1724"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1726"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2012-1711.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2012-1723.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2012-1724.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0547.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2012-1682.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2012-1726.html"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2012-1238.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2468.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-0873.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3548.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-1540.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-1476.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2463.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2446.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3521"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/site/articles/11258"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-1500.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-0428.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-1480.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3556.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2419.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3563.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3546"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-0401.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2444.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-0425.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2454.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-5089.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3551.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-5079.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0497.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0500.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-0419.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3389.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2422.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3561.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-5081.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-0409.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-5071.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-0863.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-0423.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-1532.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-3216.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-5069.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0499.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0862"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-0867.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-5084.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-0443.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0507.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2451.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3552.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-0809.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-1487.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-0351.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-0814.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3547.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-4820.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3549"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0503.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-0427.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-0433.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-1493.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-1569.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-5073.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3554.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-4823.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2435.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2456.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-3743.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3549.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2407.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3553"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3516.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-0871.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3554"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2470.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-5068.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-1541.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-0868.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3389"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-4822.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0873"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-3159.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-1557.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-5075.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2471.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2429.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3548"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3521.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3551"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2443.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3547"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-3213.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-0441.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2457.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2412.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-5072.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3553.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-0432.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-0446.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-1481.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-1537.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3545"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-1531.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2432.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2447.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-0802.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2452.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-0865.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-0450.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3516"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3545.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-1491.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2464.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-0862.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-1571.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2383.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2418.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3561"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-1473.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3556"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-1563.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2465.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2472.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2466.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2424.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2453.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3544.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0867"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2473.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2433.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2437.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0506.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-5083.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0501.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-1533.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-3342.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0869"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-0426.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2450.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3560.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3550"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3557.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-3143.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-0440.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0865"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0502.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2417.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-0445.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2394.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2455.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0498.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2442.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2459.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2430.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3560"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3546.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-0442.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-0424.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3552"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3544"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-0869.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2448.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0863"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3550.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-1486.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-5035.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3557"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2384.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-0169.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0505.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2469.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-0438.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0871"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0868"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-1478.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-0435.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-0434.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0802"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0814"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2420.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2440.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48798/"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48798"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html#appendixsuns"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://blogs.oracle.com/security/entry/april_2012_critical_patch_update"
},
{
"trust": 0.1,
"url": "http://www.security-assessment.com/files/documents/advisory/oracle_glassfish_server_rest_csrf.pdf"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48798/#comments"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-4681.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4681"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1682"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0547"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3136"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2012-1289.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-3136.html"
},
{
"trust": 0.1,
"url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.1,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.1,
"url": "http://www.hp.com/go/java"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0508"
},
{
"trust": 0.1,
"url": "https://www.hp.com/go/swa"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2012-1019.html"
}
],
"sources": [
{
"db": "BID",
"id": "53136"
},
{
"db": "PACKETSTORM",
"id": "112061"
},
{
"db": "PACKETSTORM",
"id": "113609"
},
{
"db": "PACKETSTORM",
"id": "116312"
},
{
"db": "PACKETSTORM",
"id": "123734"
},
{
"db": "PACKETSTORM",
"id": "112075"
},
{
"db": "PACKETSTORM",
"id": "116648"
},
{
"db": "PACKETSTORM",
"id": "115550"
},
{
"db": "PACKETSTORM",
"id": "113943"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-325"
},
{
"db": "NVD",
"id": "CVE-2012-0551"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "53136"
},
{
"db": "PACKETSTORM",
"id": "112061"
},
{
"db": "PACKETSTORM",
"id": "113609"
},
{
"db": "PACKETSTORM",
"id": "116312"
},
{
"db": "PACKETSTORM",
"id": "123734"
},
{
"db": "PACKETSTORM",
"id": "112075"
},
{
"db": "PACKETSTORM",
"id": "116648"
},
{
"db": "PACKETSTORM",
"id": "115550"
},
{
"db": "PACKETSTORM",
"id": "113943"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-325"
},
{
"db": "NVD",
"id": "CVE-2012-0551"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-04-18T00:00:00",
"db": "BID",
"id": "53136"
},
{
"date": "2012-04-21T00:22:34",
"db": "PACKETSTORM",
"id": "112061"
},
{
"date": "2012-06-13T22:56:24",
"db": "PACKETSTORM",
"id": "113609"
},
{
"date": "2012-09-07T03:06:46",
"db": "PACKETSTORM",
"id": "116312"
},
{
"date": "2013-10-23T22:57:57",
"db": "PACKETSTORM",
"id": "123734"
},
{
"date": "2012-04-21T04:53:58",
"db": "PACKETSTORM",
"id": "112075"
},
{
"date": "2012-09-19T07:23:27",
"db": "PACKETSTORM",
"id": "116648"
},
{
"date": "2012-08-15T01:42:25",
"db": "PACKETSTORM",
"id": "115550"
},
{
"date": "2012-06-20T14:25:38",
"db": "PACKETSTORM",
"id": "113943"
},
{
"date": "2012-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201204-325"
},
{
"date": "2012-05-03T18:55:01.590000",
"db": "NVD",
"id": "CVE-2012-0551"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-02T18:09:00",
"db": "BID",
"id": "53136"
},
{
"date": "2022-05-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201204-325"
},
{
"date": "2022-05-13T14:52:58.270000",
"db": "NVD",
"id": "CVE-2012-0551"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "115550"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-325"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Sun Products Suite GlassFish Enterprise Server Security hole",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201204-325"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201204-325"
}
],
"trust": 0.6
}
}
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.