Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2008-0628 (GCVE-0-2008-0628)
Vulnerability from cvelistv5 – Published: 2008-02-06 20:00 – Updated: 2024-08-07 07:54
VLAI?
EPSS
Summary
The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the "external general entities" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
18 references
Date Public ?
2008-02-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:54:22.701Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29841",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29841"
},
{
"name": "RHSA-2008:0245",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0245.html"
},
{
"name": "27553",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27553"
},
{
"name": "oval:org.mitre.oval:def:9847",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9847"
},
{
"name": "BEA08-201.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA",
"x_transferred"
],
"url": "http://dev2dev.bea.com/pub/advisory/277"
},
{
"name": "20080202 Sun JRE / JDK bug introduces XXE possibilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487434/100/0/threaded"
},
{
"name": "GLSA-200804-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
},
{
"name": "28746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28746"
},
{
"name": "3621",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3621"
},
{
"name": "29858",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29858"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://scary.beasts.org/security/CESA-2007-002.html"
},
{
"name": "ADV-2008-1252",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1252"
},
{
"name": "30780",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30780"
},
{
"name": "ADV-2008-0371",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0371"
},
{
"name": "231246",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-231246-1"
},
{
"name": "GLSA-200804-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
},
{
"name": "GLSA-200806-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
},
{
"name": "1019292",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019292"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the \"external general entities\" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29841",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29841"
},
{
"name": "RHSA-2008:0245",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0245.html"
},
{
"name": "27553",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27553"
},
{
"name": "oval:org.mitre.oval:def:9847",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9847"
},
{
"name": "BEA08-201.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA"
],
"url": "http://dev2dev.bea.com/pub/advisory/277"
},
{
"name": "20080202 Sun JRE / JDK bug introduces XXE possibilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487434/100/0/threaded"
},
{
"name": "GLSA-200804-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
},
{
"name": "28746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28746"
},
{
"name": "3621",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3621"
},
{
"name": "29858",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29858"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://scary.beasts.org/security/CESA-2007-002.html"
},
{
"name": "ADV-2008-1252",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1252"
},
{
"name": "30780",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30780"
},
{
"name": "ADV-2008-0371",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0371"
},
{
"name": "231246",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-231246-1"
},
{
"name": "GLSA-200804-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
},
{
"name": "GLSA-200806-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
},
{
"name": "1019292",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019292"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the \"external general entities\" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29841",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29841"
},
{
"name": "RHSA-2008:0245",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0245.html"
},
{
"name": "27553",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27553"
},
{
"name": "oval:org.mitre.oval:def:9847",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9847"
},
{
"name": "BEA08-201.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/277"
},
{
"name": "20080202 Sun JRE / JDK bug introduces XXE possibilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487434/100/0/threaded"
},
{
"name": "GLSA-200804-28",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
},
{
"name": "28746",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28746"
},
{
"name": "3621",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3621"
},
{
"name": "29858",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29858"
},
{
"name": "http://scary.beasts.org/security/CESA-2007-002.html",
"refsource": "MISC",
"url": "http://scary.beasts.org/security/CESA-2007-002.html"
},
{
"name": "ADV-2008-1252",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1252"
},
{
"name": "30780",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30780"
},
{
"name": "ADV-2008-0371",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0371"
},
{
"name": "231246",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-231246-1"
},
{
"name": "GLSA-200804-20",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
},
{
"name": "GLSA-200806-11",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
},
{
"name": "1019292",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019292"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0628",
"datePublished": "2008-02-06T20:00:00.000Z",
"dateReserved": "2008-02-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:54:22.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2008-0628",
"date": "2026-05-18",
"epss": "0.06778",
"percentile": "0.91399"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sun:jdk:1.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8502A8C5-0219-406B-8DAA-BF35BCD6DC94\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sun:jre:*:update3:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.6.0\", \"matchCriteriaId\": \"EAB2C9C2-F685-450B-9980-553966FC3B63\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the \\\"external general entities\\\" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources.\"}, {\"lang\": \"es\", \"value\": \"El c\\u00f3digo de an\\u00e1lisis sint\\u00e1ctico de XML en Sun Java Runtime Environment JDK y JRE 6 actualizaci\\u00f3n 3 y anteriores. Procesa referencias a entidades externas incluso cuando la propiedad \\\"external general entities (entidades generales externas)\\\" es falsa, lo que permite a atacantes remotos llevar a cabo ataques de entidades externas XML (XXE) y provocar una denegaci\\u00f3n de servicio o acceso restringido a recursos.\"}]",
"id": "CVE-2008-0628",
"lastModified": "2024-11-21T00:42:32.610",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:C\", \"baseScore\": 7.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 7.8, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2008-02-06T21:00:00.000",
"references": "[{\"url\": \"http://dev2dev.bea.com/pub/advisory/277\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://scary.beasts.org/security/CESA-2007-002.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/28746\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29841\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/29858\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/30780\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200804-28.xml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securityreason.com/securityalert/3621\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://sunsolve.sun.com/search/document.do?assetkey=1-66-231246-1\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2008-0245.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/487434/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/27553\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1019292\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0371\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1252\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9847\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://dev2dev.bea.com/pub/advisory/277\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://scary.beasts.org/security/CESA-2007-002.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/28746\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29841\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/29858\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/30780\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200804-28.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securityreason.com/securityalert/3621\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://sunsolve.sun.com/search/document.do?assetkey=1-66-231246-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2008-0245.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/487434/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/27553\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1019292\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0371\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1252\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9847\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2008-0628\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-02-06T21:00:00.000\",\"lastModified\":\"2026-04-23T00:35:47.467\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the \\\"external general entities\\\" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources.\"},{\"lang\":\"es\",\"value\":\"El c\u00f3digo de an\u00e1lisis sint\u00e1ctico de XML en Sun Java Runtime Environment JDK y JRE 6 actualizaci\u00f3n 3 y anteriores. Procesa referencias a entidades externas incluso cuando la propiedad \\\"external general entities (entidades generales externas)\\\" es falsa, lo que permite a atacantes remotos llevar a cabo ataques de entidades externas XML (XXE) y provocar una denegaci\u00f3n de servicio o acceso restringido a recursos.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":7.8,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8502A8C5-0219-406B-8DAA-BF35BCD6DC94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:*:update3:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.6.0\",\"matchCriteriaId\":\"EAB2C9C2-F685-450B-9980-553966FC3B63\"}]}]}],\"references\":[{\"url\":\"http://dev2dev.bea.com/pub/advisory/277\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://scary.beasts.org/security/CESA-2007-002.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/28746\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29841\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/29858\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/30780\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200804-28.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityreason.com/securityalert/3621\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-66-231246-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0245.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/487434/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/27553\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1019292\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0371\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1252\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9847\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://dev2dev.bea.com/pub/advisory/277\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://scary.beasts.org/security/CESA-2007-002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/28746\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29841\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/29858\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/30780\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200804-28.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/3621\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-66-231246-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0245.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/487434/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/27553\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1019292\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0371\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1252\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9847\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
GHSA-878M-JP48-9823
Vulnerability from github – Published: 2022-05-01 23:31 – Updated: 2022-05-01 23:31
VLAI?
Details
The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the "external general entities" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources.
{
"affected": [],
"aliases": [
"CVE-2008-0628"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2008-02-06T21:00:00Z",
"severity": "HIGH"
},
"details": "The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the \"external general entities\" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources.",
"id": "GHSA-878m-jp48-9823",
"modified": "2022-05-01T23:31:53Z",
"published": "2022-05-01T23:31:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0628"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9847"
},
{
"type": "WEB",
"url": "http://dev2dev.bea.com/pub/advisory/277"
},
{
"type": "WEB",
"url": "http://scary.beasts.org/security/CESA-2007-002.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/28746"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/29841"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/29858"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/30780"
},
{
"type": "WEB",
"url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
},
{
"type": "WEB",
"url": "http://securityreason.com/securityalert/3621"
},
{
"type": "WEB",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-231246-1"
},
{
"type": "WEB",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
},
{
"type": "WEB",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0245.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/487434/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/27553"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1019292"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2008/0371"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2008/1252"
}
],
"schema_version": "1.4.0",
"severity": []
}
FKIE_CVE-2008-0628
Vulnerability from fkie_nvd - Published: 2008-02-06 21:00 - Updated: 2026-04-23 00:35
Severity ?
Summary
The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the "external general entities" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:jdk:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8502A8C5-0219-406B-8DAA-BF35BCD6DC94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:jre:*:update3:*:*:*:*:*:*",
"matchCriteriaId": "EAB2C9C2-F685-450B-9980-553966FC3B63",
"versionEndIncluding": "1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the \"external general entities\" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources."
},
{
"lang": "es",
"value": "El c\u00f3digo de an\u00e1lisis sint\u00e1ctico de XML en Sun Java Runtime Environment JDK y JRE 6 actualizaci\u00f3n 3 y anteriores. Procesa referencias a entidades externas incluso cuando la propiedad \"external general entities (entidades generales externas)\" es falsa, lo que permite a atacantes remotos llevar a cabo ataques de entidades externas XML (XXE) y provocar una denegaci\u00f3n de servicio o acceso restringido a recursos."
}
],
"id": "CVE-2008-0628",
"lastModified": "2026-04-23T00:35:47.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 7.8,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-02-06T21:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://dev2dev.bea.com/pub/advisory/277"
},
{
"source": "cve@mitre.org",
"url": "http://scary.beasts.org/security/CESA-2007-002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28746"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29841"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29858"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30780"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3621"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-231246-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0245.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/487434/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27553"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019292"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0371"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1252"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://dev2dev.bea.com/pub/advisory/277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://scary.beasts.org/security/CESA-2007-002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-231246-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0245.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/487434/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27553"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0371"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9847"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CERTA-2008-AVI-216
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités présentes dans BEA JRockit permettent à un utilisateur distant de provoquer un déni de service, d'élever ses privilèges, ou d'exécuter du code arbitraire.
Description
BEA JRockit s'appuie sur la machine virtuelle java de SUN pour fonctionner. A ce titre, les vulnérabilités identifiées dans ce logiciel s'appliquent également à JRockit. Ainsi, il est possible à un utilisateur distant de provoquer un déni de service, d'élever ses privilèges ou d'exécuter du code arbitraire sur le système vulnérable.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
BEA JRockit versions 1.X.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cp\u003eBEA JRockit versions 1.X.\u003c/p\u003e",
"content": "## Description\n\nBEA JRockit s\u0027appuie sur la machine virtuelle java de SUN pour\nfonctionner. A ce titre, les vuln\u00e9rabilit\u00e9s identifi\u00e9es dans ce logiciel\ns\u0027appliquent \u00e9galement \u00e0 JRockit. Ainsi, il est possible \u00e0 un\nutilisateur distant de provoquer un d\u00e9ni de service, d\u0027\u00e9lever ses\nprivil\u00e8ges ou d\u0027ex\u00e9cuter du code arbitraire sur le syst\u00e8me vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2008-1193",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1193"
},
{
"name": "CVE-2008-0657",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0657"
},
{
"name": "CVE-2008-0628",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0628"
},
{
"name": "CVE-2008-1187",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1187"
},
{
"name": "CVE-2008-1192",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1192"
}
],
"links": [],
"reference": "CERTA-2008-AVI-216",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2008-04-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans BEA JRockit permettent \u00e0 un\nutilisateur distant de provoquer un d\u00e9ni de service, d\u0027\u00e9lever ses\nprivil\u00e8ges, ou d\u0027ex\u00e9cuter du code arbitraire.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans BEA JRockit",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 BEA BEA08-201.00",
"url": "http://dev2.dev.bea.com/pub/advisory/277"
}
]
}
CERTA-2008-AVI-216
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités présentes dans BEA JRockit permettent à un utilisateur distant de provoquer un déni de service, d'élever ses privilèges, ou d'exécuter du code arbitraire.
Description
BEA JRockit s'appuie sur la machine virtuelle java de SUN pour fonctionner. A ce titre, les vulnérabilités identifiées dans ce logiciel s'appliquent également à JRockit. Ainsi, il est possible à un utilisateur distant de provoquer un déni de service, d'élever ses privilèges ou d'exécuter du code arbitraire sur le système vulnérable.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
BEA JRockit versions 1.X.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cp\u003eBEA JRockit versions 1.X.\u003c/p\u003e",
"content": "## Description\n\nBEA JRockit s\u0027appuie sur la machine virtuelle java de SUN pour\nfonctionner. A ce titre, les vuln\u00e9rabilit\u00e9s identifi\u00e9es dans ce logiciel\ns\u0027appliquent \u00e9galement \u00e0 JRockit. Ainsi, il est possible \u00e0 un\nutilisateur distant de provoquer un d\u00e9ni de service, d\u0027\u00e9lever ses\nprivil\u00e8ges ou d\u0027ex\u00e9cuter du code arbitraire sur le syst\u00e8me vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2008-1193",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1193"
},
{
"name": "CVE-2008-0657",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0657"
},
{
"name": "CVE-2008-0628",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0628"
},
{
"name": "CVE-2008-1187",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1187"
},
{
"name": "CVE-2008-1192",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1192"
}
],
"links": [],
"reference": "CERTA-2008-AVI-216",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2008-04-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans BEA JRockit permettent \u00e0 un\nutilisateur distant de provoquer un d\u00e9ni de service, d\u0027\u00e9lever ses\nprivil\u00e8ges, ou d\u0027ex\u00e9cuter du code arbitraire.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans BEA JRockit",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 BEA BEA08-201.00",
"url": "http://dev2.dev.bea.com/pub/advisory/277"
}
]
}
RHSA-2008_0245
Vulnerability from csaf_redhat - Published: 2008-04-28 09:22 - Updated: 2024-11-14 10:06Summary
Red Hat Security Advisory: java-1.6.0-bea security update
Severity
Moderate
Notes
Topic: Updated java-1.6.0-bea packages that correct several security issues are
now available for Red Hat Enterprise Linux 5 Supplementary.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details: The BEA WebLogic JRockit 1.6.0_03 JRE and SDK contain BEA WebLogic JRockit
Virtual Machine 1.6.0_03, and are certified for the Java 6 Platform,
Standard Edition, v1.6.0.
The Java XML parsing code processed external entity references even when
the "external general entities" property was set to "FALSE". This allowed
remote attackers to conduct XML External Entity (XXE) attacks, possibly
causing a denial of service, or gaining access to restricted resources.
(CVE-2008-0628)
A flaw was found in the Java XSLT processing classes. An untrusted
application or applet could cause a denial of service, or execute arbitrary
code with the permissions of the user running the JRE. (CVE-2008-1187)
A flaw was found in the JRE image parsing libraries. An untrusted
application or applet could cause a denial of service, or possible execute
arbitrary code with the permissions of the user running the JRE.
(CVE-2008-1193)
A flaw was found in the JRE color management library. An untrusted
application or applet could trigger a denial of service (JVM crash).
(CVE-2008-1194)
The vulnerabilities concerning applets listed above can only be triggered
in java-1.6.0-bea, by calling the "appletviewer" application.
Users of java-1.6.0-bea are advised to upgrade to these updated packages,
which resolve these issues.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the "external general entities" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources.
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms.
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Unspecified vulnerability in Java Runtime Environment Image Parsing Library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to gain privileges via an untrusted application.
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Multiple unspecified vulnerabilities in the color management library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to cause a denial of service (crash) via unknown vectors.
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
References
21 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated java-1.6.0-bea packages that correct several security issues are\nnow available for Red Hat Enterprise Linux 5 Supplementary. \n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "The BEA WebLogic JRockit 1.6.0_03 JRE and SDK contain BEA WebLogic JRockit\nVirtual Machine 1.6.0_03, and are certified for the Java 6 Platform,\nStandard Edition, v1.6.0.\n\nThe Java XML parsing code processed external entity references even when\nthe \"external general entities\" property was set to \"FALSE\". This allowed\nremote attackers to conduct XML External Entity (XXE) attacks, possibly\ncausing a denial of service, or gaining access to restricted resources.\n(CVE-2008-0628)\n\nA flaw was found in the Java XSLT processing classes. An untrusted\napplication or applet could cause a denial of service, or execute arbitrary\ncode with the permissions of the user running the JRE. (CVE-2008-1187)\n\nA flaw was found in the JRE image parsing libraries. An untrusted\napplication or applet could cause a denial of service, or possible execute\narbitrary code with the permissions of the user running the JRE.\n(CVE-2008-1193)\n\nA flaw was found in the JRE color management library. An untrusted\napplication or applet could trigger a denial of service (JVM crash).\n(CVE-2008-1194)\n\nThe vulnerabilities concerning applets listed above can only be triggered\nin java-1.6.0-bea, by calling the \"appletviewer\" application.\n\nUsers of java-1.6.0-bea are advised to upgrade to these updated packages,\nwhich resolve these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2008:0245",
"url": "https://access.redhat.com/errata/RHSA-2008:0245"
},
{
"category": "external",
"summary": "http://www.redhat.com/security/updates/classification/#moderate",
"url": "http://www.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "431416",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=431416"
},
{
"category": "external",
"summary": "436030",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=436030"
},
{
"category": "external",
"summary": "436296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=436296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0245.json"
}
],
"title": "Red Hat Security Advisory: java-1.6.0-bea security update",
"tracking": {
"current_release_date": "2024-11-14T10:06:09+00:00",
"generator": {
"date": "2024-11-14T10:06:09+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.0"
}
},
"id": "RHSA-2008:0245",
"initial_release_date": "2008-04-28T09:22:00+00:00",
"revision_history": [
{
"date": "2008-04-28T09:22:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2008-04-28T05:22:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T10:06:09+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
"product": {
"name": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
"product_id": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-bea-demo@1.6.0.03-1jpp.2.el5?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
"product": {
"name": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
"product_id": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-bea-devel@1.6.0.03-1jpp.2.el5?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
"product": {
"name": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
"product_id": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-bea-src@1.6.0.03-1jpp.2.el5?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
"product": {
"name": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
"product_id": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-bea-missioncontrol@1.6.0.03-1jpp.2.el5?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
"product": {
"name": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
"product_id": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-bea-jdbc@1.6.0.03-1jpp.2.el5?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
"product": {
"name": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
"product_id": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-bea@1.6.0.03-1jpp.2.el5?arch=i686\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
"product": {
"name": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
"product_id": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-bea-demo@1.6.0.03-1jpp.2.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
"product": {
"name": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
"product_id": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-bea-devel@1.6.0.03-1jpp.2.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
"product": {
"name": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
"product_id": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-bea-src@1.6.0.03-1jpp.2.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
"product": {
"name": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
"product_id": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-bea-missioncontrol@1.6.0.03-1jpp.2.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
"product": {
"name": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
"product_id": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-bea-jdbc@1.6.0.03-1jpp.2.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
"product": {
"name": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
"product_id": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-bea@1.6.0.03-1jpp.2.el5?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686"
},
"product_reference": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64"
},
"product_reference": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686"
},
"product_reference": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64"
},
"product_reference": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686"
},
"product_reference": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64"
},
"product_reference": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686"
},
"product_reference": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64"
},
"product_reference": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686"
},
"product_reference": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64"
},
"product_reference": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686"
},
"product_reference": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64"
},
"product_reference": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686"
},
"product_reference": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64"
},
"product_reference": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686"
},
"product_reference": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64"
},
"product_reference": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686"
},
"product_reference": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64"
},
"product_reference": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686"
},
"product_reference": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64"
},
"product_reference": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686"
},
"product_reference": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64"
},
"product_reference": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686"
},
"product_reference": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64"
},
"product_reference": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
"relates_to_product_reference": "5Server-Supplementary"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-0628",
"discovery_date": "2008-01-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "431416"
}
],
"notes": [
{
"category": "description",
"text": "The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the \"external general entities\" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "java-1.6.0 default external entity processing",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-0628"
},
{
"category": "external",
"summary": "RHBZ#431416",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=431416"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-0628",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0628"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0628",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0628"
}
],
"release_date": "2008-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-04-28T09:22:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0245"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "java-1.6.0 default external entity processing"
},
{
"cve": "CVE-2008-1187",
"discovery_date": "2008-03-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "436030"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Untrusted applet and application XSLT processing privilege escalation",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1187"
},
{
"category": "external",
"summary": "RHBZ#436030",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=436030"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1187",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1187"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1187",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1187"
}
],
"release_date": "2008-03-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-04-28T09:22:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0245"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Untrusted applet and application XSLT processing privilege escalation"
},
{
"cve": "CVE-2008-1193",
"discovery_date": "2008-03-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "436296"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Java Runtime Environment Image Parsing Library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to gain privileges via an untrusted application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JRE image parsing library allows privilege escalation (CVE-2008-1194)",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1193"
},
{
"category": "external",
"summary": "RHBZ#436296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=436296"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1193",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1193"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1193",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1193"
}
],
"release_date": "2008-03-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-04-28T09:22:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0245"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "JRE image parsing library allows privilege escalation (CVE-2008-1194)"
},
{
"cve": "CVE-2008-1194",
"discovery_date": "2008-03-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "436296"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in the color management library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to cause a denial of service (crash) via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JRE image parsing library allows privilege escalation (CVE-2008-1194)",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1194"
},
{
"category": "external",
"summary": "RHBZ#436296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=436296"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1194",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1194"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1194",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1194"
}
],
"release_date": "2008-03-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-04-28T09:22:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0245"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "JRE image parsing library allows privilege escalation (CVE-2008-1194)"
}
]
}
RHSA-2008:0245
Vulnerability from csaf_redhat - Published: 2008-04-28 09:22 - Updated: 2025-11-21 17:33Summary
Red Hat Security Advisory: java-1.6.0-bea security update
Severity
Moderate
Notes
Topic: Updated java-1.6.0-bea packages that correct several security issues are
now available for Red Hat Enterprise Linux 5 Supplementary.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details: The BEA WebLogic JRockit 1.6.0_03 JRE and SDK contain BEA WebLogic JRockit
Virtual Machine 1.6.0_03, and are certified for the Java 6 Platform,
Standard Edition, v1.6.0.
The Java XML parsing code processed external entity references even when
the "external general entities" property was set to "FALSE". This allowed
remote attackers to conduct XML External Entity (XXE) attacks, possibly
causing a denial of service, or gaining access to restricted resources.
(CVE-2008-0628)
A flaw was found in the Java XSLT processing classes. An untrusted
application or applet could cause a denial of service, or execute arbitrary
code with the permissions of the user running the JRE. (CVE-2008-1187)
A flaw was found in the JRE image parsing libraries. An untrusted
application or applet could cause a denial of service, or possible execute
arbitrary code with the permissions of the user running the JRE.
(CVE-2008-1193)
A flaw was found in the JRE color management library. An untrusted
application or applet could trigger a denial of service (JVM crash).
(CVE-2008-1194)
The vulnerabilities concerning applets listed above can only be triggered
in java-1.6.0-bea, by calling the "appletviewer" application.
Users of java-1.6.0-bea are advised to upgrade to these updated packages,
which resolve these issues.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the "external general entities" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources.
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms.
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Unspecified vulnerability in Java Runtime Environment Image Parsing Library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to gain privileges via an untrusted application.
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
Multiple unspecified vulnerabilities in the color management library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to cause a denial of service (crash) via unknown vectors.
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
References
21 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated java-1.6.0-bea packages that correct several security issues are\nnow available for Red Hat Enterprise Linux 5 Supplementary. \n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "The BEA WebLogic JRockit 1.6.0_03 JRE and SDK contain BEA WebLogic JRockit\nVirtual Machine 1.6.0_03, and are certified for the Java 6 Platform,\nStandard Edition, v1.6.0.\n\nThe Java XML parsing code processed external entity references even when\nthe \"external general entities\" property was set to \"FALSE\". This allowed\nremote attackers to conduct XML External Entity (XXE) attacks, possibly\ncausing a denial of service, or gaining access to restricted resources.\n(CVE-2008-0628)\n\nA flaw was found in the Java XSLT processing classes. An untrusted\napplication or applet could cause a denial of service, or execute arbitrary\ncode with the permissions of the user running the JRE. (CVE-2008-1187)\n\nA flaw was found in the JRE image parsing libraries. An untrusted\napplication or applet could cause a denial of service, or possible execute\narbitrary code with the permissions of the user running the JRE.\n(CVE-2008-1193)\n\nA flaw was found in the JRE color management library. An untrusted\napplication or applet could trigger a denial of service (JVM crash).\n(CVE-2008-1194)\n\nThe vulnerabilities concerning applets listed above can only be triggered\nin java-1.6.0-bea, by calling the \"appletviewer\" application.\n\nUsers of java-1.6.0-bea are advised to upgrade to these updated packages,\nwhich resolve these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2008:0245",
"url": "https://access.redhat.com/errata/RHSA-2008:0245"
},
{
"category": "external",
"summary": "http://www.redhat.com/security/updates/classification/#moderate",
"url": "http://www.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "431416",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=431416"
},
{
"category": "external",
"summary": "436030",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=436030"
},
{
"category": "external",
"summary": "436296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=436296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0245.json"
}
],
"title": "Red Hat Security Advisory: java-1.6.0-bea security update",
"tracking": {
"current_release_date": "2025-11-21T17:33:12+00:00",
"generator": {
"date": "2025-11-21T17:33:12+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2008:0245",
"initial_release_date": "2008-04-28T09:22:00+00:00",
"revision_history": [
{
"date": "2008-04-28T09:22:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2008-04-28T05:22:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:33:12+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
"product": {
"name": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
"product_id": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-bea-demo@1.6.0.03-1jpp.2.el5?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
"product": {
"name": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
"product_id": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-bea-devel@1.6.0.03-1jpp.2.el5?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
"product": {
"name": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
"product_id": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-bea-src@1.6.0.03-1jpp.2.el5?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
"product": {
"name": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
"product_id": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-bea-missioncontrol@1.6.0.03-1jpp.2.el5?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
"product": {
"name": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
"product_id": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-bea-jdbc@1.6.0.03-1jpp.2.el5?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
"product": {
"name": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
"product_id": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-bea@1.6.0.03-1jpp.2.el5?arch=i686\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
"product": {
"name": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
"product_id": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-bea-demo@1.6.0.03-1jpp.2.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
"product": {
"name": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
"product_id": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-bea-devel@1.6.0.03-1jpp.2.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
"product": {
"name": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
"product_id": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-bea-src@1.6.0.03-1jpp.2.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
"product": {
"name": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
"product_id": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-bea-missioncontrol@1.6.0.03-1jpp.2.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
"product": {
"name": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
"product_id": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-bea-jdbc@1.6.0.03-1jpp.2.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
"product": {
"name": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
"product_id": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.6.0-bea@1.6.0.03-1jpp.2.el5?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686"
},
"product_reference": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64"
},
"product_reference": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686"
},
"product_reference": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64"
},
"product_reference": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686"
},
"product_reference": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64"
},
"product_reference": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686"
},
"product_reference": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64"
},
"product_reference": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686"
},
"product_reference": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64"
},
"product_reference": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686"
},
"product_reference": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64"
},
"product_reference": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686"
},
"product_reference": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64"
},
"product_reference": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686"
},
"product_reference": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64"
},
"product_reference": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686"
},
"product_reference": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64"
},
"product_reference": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686"
},
"product_reference": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64"
},
"product_reference": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686"
},
"product_reference": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64"
},
"product_reference": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686"
},
"product_reference": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64"
},
"product_reference": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
"relates_to_product_reference": "5Server-Supplementary"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-0628",
"discovery_date": "2008-01-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "431416"
}
],
"notes": [
{
"category": "description",
"text": "The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the \"external general entities\" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "java-1.6.0 default external entity processing",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-0628"
},
{
"category": "external",
"summary": "RHBZ#431416",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=431416"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-0628",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0628"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0628",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0628"
}
],
"release_date": "2008-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-04-28T09:22:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0245"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "java-1.6.0 default external entity processing"
},
{
"cve": "CVE-2008-1187",
"discovery_date": "2008-03-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "436030"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Untrusted applet and application XSLT processing privilege escalation",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1187"
},
{
"category": "external",
"summary": "RHBZ#436030",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=436030"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1187",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1187"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1187",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1187"
}
],
"release_date": "2008-03-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-04-28T09:22:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0245"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Untrusted applet and application XSLT processing privilege escalation"
},
{
"cve": "CVE-2008-1193",
"discovery_date": "2008-03-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "436296"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Java Runtime Environment Image Parsing Library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to gain privileges via an untrusted application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JRE image parsing library allows privilege escalation (CVE-2008-1194)",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1193"
},
{
"category": "external",
"summary": "RHBZ#436296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=436296"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1193",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1193"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1193",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1193"
}
],
"release_date": "2008-03-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-04-28T09:22:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0245"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "JRE image parsing library allows privilege escalation (CVE-2008-1194)"
},
{
"cve": "CVE-2008-1194",
"discovery_date": "2008-03-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "436296"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in the color management library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to cause a denial of service (crash) via unknown vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JRE image parsing library allows privilege escalation (CVE-2008-1194)",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1194"
},
{
"category": "external",
"summary": "RHBZ#436296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=436296"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1194",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1194"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1194",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1194"
}
],
"release_date": "2008-03-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-04-28T09:22:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
"5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
"5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
"5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0245"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "JRE image parsing library allows privilege escalation (CVE-2008-1194)"
}
]
}
GSD-2008-0628
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the "external general entities" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2008-0628",
"description": "The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the \"external general entities\" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources.",
"id": "GSD-2008-0628",
"references": [
"https://access.redhat.com/errata/RHSA-2008:0245"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2008-0628"
],
"details": "The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the \"external general entities\" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources.",
"id": "GSD-2008-0628",
"modified": "2023-12-13T01:22:59.122909Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the \"external general entities\" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29841",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29841"
},
{
"name": "RHSA-2008:0245",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0245.html"
},
{
"name": "27553",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27553"
},
{
"name": "oval:org.mitre.oval:def:9847",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9847"
},
{
"name": "BEA08-201.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/277"
},
{
"name": "20080202 Sun JRE / JDK bug introduces XXE possibilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487434/100/0/threaded"
},
{
"name": "GLSA-200804-28",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
},
{
"name": "28746",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28746"
},
{
"name": "3621",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3621"
},
{
"name": "29858",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29858"
},
{
"name": "http://scary.beasts.org/security/CESA-2007-002.html",
"refsource": "MISC",
"url": "http://scary.beasts.org/security/CESA-2007-002.html"
},
{
"name": "ADV-2008-1252",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1252"
},
{
"name": "30780",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30780"
},
{
"name": "ADV-2008-0371",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0371"
},
{
"name": "231246",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-231246-1"
},
{
"name": "GLSA-200804-20",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
},
{
"name": "GLSA-200806-11",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
},
{
"name": "1019292",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019292"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:*:update3:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.6.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0628"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the \"external general entities\" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://scary.beasts.org/security/CESA-2007-002.html",
"refsource": "MISC",
"tags": [],
"url": "http://scary.beasts.org/security/CESA-2007-002.html"
},
{
"name": "231246",
"refsource": "SUNALERT",
"tags": [],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-231246-1"
},
{
"name": "1019292",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id?1019292"
},
{
"name": "28746",
"refsource": "SECUNIA",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28746"
},
{
"name": "3621",
"refsource": "SREASON",
"tags": [],
"url": "http://securityreason.com/securityalert/3621"
},
{
"name": "BEA08-201.00",
"refsource": "BEA",
"tags": [],
"url": "http://dev2dev.bea.com/pub/advisory/277"
},
{
"name": "27553",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/27553"
},
{
"name": "29841",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/29841"
},
{
"name": "GLSA-200804-20",
"refsource": "GENTOO",
"tags": [],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
},
{
"name": "GLSA-200804-28",
"refsource": "GENTOO",
"tags": [],
"url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
},
{
"name": "RHSA-2008:0245",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0245.html"
},
{
"name": "29858",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/29858"
},
{
"name": "30780",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/30780"
},
{
"name": "GLSA-200806-11",
"refsource": "GENTOO",
"tags": [],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
},
{
"name": "ADV-2008-1252",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2008/1252"
},
{
"name": "ADV-2008-0371",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2008/0371"
},
{
"name": "oval:org.mitre.oval:def:9847",
"refsource": "OVAL",
"tags": [],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9847"
},
{
"name": "20080202 Sun JRE / JDK bug introduces XXE possibilities",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://www.securityfocus.com/archive/1/487434/100/0/threaded"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 7.8,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": true
}
},
"lastModifiedDate": "2018-10-15T22:02Z",
"publishedDate": "2008-02-06T21:00Z"
}
}
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…