(HP Issues Fix for HP NonStop Servers) Oracle Java Runtime Environment (JRE) Multiple Flaws Let Remote Users Execute Arbitrary Code and Deny Service - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: OS (Other) > HP NonStop Server

Vendors: HP (Compaq)

(HP Issues Fix for HP NonStop Servers) Oracle Java Runtime Environment (JRE) Multiple Flaws Let Remote Users Execute Arbitrary Code and Deny Service

SecurityTracker Alert ID: 1026986

SecurityTracker URL: http://securitytracker.com/id/1026986

CVE Reference: CVE-2011-3547, CVE-2011-3551, CVE-2011-3553, CVE-2011-3556, CVE-2011-3557 (Links to External Site)

Date: Apr 27 2012

Impact: Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Description: Multiple vulnerabilities were reported in Java Runtime Environment (JRE). A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions. HP NonStop Servers are affected by some vulnerabilities.

A remote user can create a specially crafted Java applet or Java Web Start application that, when loaded by the target user, will access or modify data on the target user's system or execute arbitrary code on the target user's system. The code will run with the privileges of the target user.

A remote user can also cause denial of service conditions.

The following researchers reported these and other Oracle vulnerabilities:

Adam Barth; axtaxt via Tipping Point's Zero Day Initiative; Eric Rescorla; Juliano Rizzo; Michael Schierl via Tipping Point; Neal Poole; Roee Hay of IBM Rational Application Security Research Group; Sami Koivu via Tipping Point's Zero Day Initiative; Thai Duong; and Yair Amit of IBM Rational Application Security Research Group.

Impact: A remote user can create a Java applet or Java Web Start application that, when loaded by the target user, will access or modify data or execute arbitrary code on the target user's system.

A remote user can cause denial of service conditions on the target system.

Solution: HP has issued a fix for CVE-2011-3547, CVE-2011-3551, CVE-2011-3553, CVE-2011-3556, and CVE-2011-3557 for HP NonStop Servers.

The HP advisory is available at:

http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03289980

Cause: Not specified

Underlying OS:

Message History: This archive entry is a follow-up to the message listed below.

Oracle Java Runtime Environment (JRE) Multiple Flaws Let Remote Users Execute Arbitrary Code and Deny Service

Source Message Contents

Date: Fri, 27 Apr 2012 19:40:33 +0000
Subject: HPSBNS02767 SSRT100829 rev.1 - HP NonStop Servers running Java 6.0, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Access


http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03289980

CVE-2011-3547, CVE-2011-3551, CVE-2011-3553, CVE-2011-3556, CVE-2011-3557

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC