navigation bar left navigation bar right

navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
Database
Search
Advisories by Product
Advisories by Vendor
Terminology
Report Vulnerability
Insecure Library Loading
Highly critical

Sun Java JDK / JRE / SDK Multiple Vulnerabilities

-

Release Date:  2011-02-09    Last Update:  2011-10-19    Views:  38,050

Secunia Advisory SA43262

Where:

You need to log in to view this

Impact:

You need to log in to view this

Solution Status:

You need to log in to view this

Software:

You need to log in to view this

CVE Reference(s):

You need to log in to view this

Description


Multiple vulnerabilities have been reported in Sun Java, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to disclose potentially sensitive information, manipulate certain data, conduct DNS cache poisoning attacks, cause a DoS (Denial of Service), and compromise a vulnerable system


You need to log in to the Secunia Community to view the full description of this advisory

If you are not a member of the Secunia community, you can sign up here for free.

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Sun Java JDK / JRE / SDK Multiple Vulnerabilities

User Message
[+]

bjm__

RE: Sun Java JDK / JRE / SDK "doubleValue()" Denial of Service Vulnerability
This reply has been minimised due to a negative Relevancy Score.

mogs

RE: Sun Java JDK / JRE / SDK "doubleValue()" Denial of Service Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.
Anthony Wells RE: Sun Java JDK / JRE / SDK "doubleValue()" Denial of Service Vulnerability
Expert Contributor 10th Feb, 2011 12:16
Score: 2454
Posts: 3,345
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hello bjm ,

This is a "vulnerabilities" forum (concerning a specific SA) and all that entails .

Your question re PSI and workaround detection is not relevant to the SA itself and would be better dealt with if you create a new thread in another forum .

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+5
-1
ddmarshall RE: Sun Java JDK / JRE / SDK "doubleValue()" Denial of Service Vulnerability
Dedicated Contributor 10th Feb, 2011 13:03
Score: 1212
Posts: 968
User Since: 8th Nov 2008
System Score: 98%
Location: UK
Last edited on 10th Feb, 2011 13:17
Is the Vendor Workaround offered solely for information....Yes
or does Secunia PSI 2 Auto Update using Vendor Workarounds as well as Vendor Patches. /No
Does Secunia recommended vendor workarounds as a rule / for this event or does Secunia recommend waiting for release of an official vendor patch. Secunia don't recommend anything

I have never used the FPUpdater tool ? & I seldom use Java JRE Oracle recommend waiting for the next scheduled Java update. Using the tool causes complications. This problem has apparently been known about for around 10 years. It's not really a concern for home users.

As I am using PSI v 1.5.0.2....does PSI 2 auto update vendor workarounds. No


A patch is scheduled for 15th Febrary 2011
http://blogs.oracle.com/security/2011/02/security_...

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+8
-8

bjm__

RE: Sun Java JDK / JRE / SDK "doubleValue()" Denial of Service Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.
omniplex RE: Sun Java JDK / JRE / SDK "doubleValue()" Denial of Service Vulnerability
Member 11th Feb, 2011 17:58
Score: -1
Posts: 9
User Since: 21st Jan 2011
System Score: N/A
Location: DE
Waiting for the planned update in four days might be a better plan than the hot fix (oracle claims that the hot fix would confuse a later auto-update). http://www.h-online.com/open/news/item/Oracle-warn...
Was this reply relevant?
+7
-8
tom_1st RE: Sun Java JDK / JRE / SDK "doubleValue()" Denial of Service Vulnerability
Member 16th Feb, 2011 10:52
Score: 12
Posts: 24
User Since: 23rd Jun 2010
System Score: N/A
Location: DE
Last edited on 16th Feb, 2011 10:56
Oracle released a new JDK/JRE 1.6.0_24
http://www.oracle.com/technetwork/java/javase/down...

which fixed the floating point bug and others. A complete list is available here:
http://www.oracle.com/technetwork/topics/security/...

-> Please Update to PSI to reflect that change
Was this reply relevant?
+7
-1

Leendert Kip

Sun Java JDK / JRE / SDK "doubleValue()" Denial of Service Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.

bjm__

RE: Sun Java JDK / JRE / SDK "doubleValue()" Denial of Service Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.

Leendert Kip

Sun Java JDK / JRE / SDK "doubleValue()" Denial of Service Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.

mogs

RE: Sun Java JDK / JRE / SDK "doubleValue()" Denial of Service Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.

jannypan

RE: Sun Java JDK / JRE / SDK "doubleValue()" Denial of Service Vulnerability
[+]
This reply has been deleted

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+