CERTA-2011-AVI-093

Vulnerability from certfr_avis - Published: 2011-02-16 - Updated: 2011-06-06

De nombreuses vulnérabilités affectant Oracle Java ont été corrigées. Certaines permettent à un utilisateur malveillant d'exécuter du code arbitraire à distance.

Description

Oracle a publié un correctif trimestriel corrigeant 25 vulnérabilités, exploitables à distance pour 23 d'entre elles.

Certaines permettent à un utilisateur malveillant d'exécuter du code arbitraire à distance, les autres, de porter atteinte à l'intégrité et/ou à la confidentialité des données présentes sur le système vulnérable.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
Oracle N/A Java for Business, JDK et JRE 5.0 mise à jour 27 et versions antérieures pour Windows, Solaris et Linux ;
Oracle Java SE Java SE, JDK 5.0 mise à jour 27 et versions antérieures pour Solaris 9 ;
Oracle N/A Java for Business, JDK et JRE 6 mise à jour 23 et versions antérieures pour Windows, Solaris et Linux ;
Oracle N/A Java for Business, SDK et JRE 1.4.2_29 et versions antérieures pour Windows, Solaris et Linux.
Oracle Java SE Java SE, JDK et JRE 6 mise à jour 23 et versions antérieures pour Windows, Solaris et Linux ;
Oracle Java SE Java SE, SDK 1.4.2_29 et versions antérieures pour Solaris 8 ;
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Java for Business, JDK et JRE 5.0 mise \u00e0 jour 27 et versions ant\u00e9rieures pour Windows, Solaris et Linux ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Java SE, JDK 5.0 mise \u00e0 jour 27 et versions ant\u00e9rieures pour Solaris 9 ;",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Java for Business, JDK et JRE 6 mise \u00e0 jour 23 et versions ant\u00e9rieures pour Windows, Solaris et Linux ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Java for Business, SDK et JRE 1.4.2_29 et versions ant\u00e9rieures pour Windows, Solaris et Linux.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Java SE, JDK et JRE 6 mise \u00e0 jour 23 et versions ant\u00e9rieures pour Windows, Solaris et Linux ;",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Java SE, SDK 1.4.2_29 et versions ant\u00e9rieures pour Solaris 8 ;",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nOracle a publi\u00e9 un correctif trimestriel corrigeant 25 vuln\u00e9rabilit\u00e9s,\nexploitables \u00e0 distance pour 23 d\u0027entre elles.\n\nCertaines permettent \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance, les autres, de porter atteinte \u00e0 l\u0027int\u00e9grit\u00e9\net/ou \u00e0 la confidentialit\u00e9 des donn\u00e9es pr\u00e9sentes sur le syst\u00e8me\nvuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-4476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4476"
    },
    {
      "name": "CVE-2010-4465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4465"
    },
    {
      "name": "CVE-2010-4470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4470"
    },
    {
      "name": "CVE-2010-4473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4473"
    },
    {
      "name": "CVE-2010-4447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4447"
    },
    {
      "name": "CVE-2010-4451",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4451"
    },
    {
      "name": "CVE-2010-4452",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4452"
    },
    {
      "name": "CVE-2010-4467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4467"
    },
    {
      "name": "CVE-2010-4450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4450"
    },
    {
      "name": "CVE-2010-4468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4468"
    },
    {
      "name": "CVE-2010-4422",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4422"
    },
    {
      "name": "CVE-2010-4448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4448"
    },
    {
      "name": "CVE-2010-4462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4462"
    },
    {
      "name": "CVE-2010-4471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4471"
    },
    {
      "name": "CVE-2010-4454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4454"
    },
    {
      "name": "CVE-2010-4472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4472"
    },
    {
      "name": "CVE-2010-4463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4463"
    },
    {
      "name": "CVE-2010-4469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4469"
    },
    {
      "name": "CVE-2010-4475",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4475"
    },
    {
      "name": "CVE-2010-4466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4466"
    },
    {
      "name": "CVE-2010-4474",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4474"
    }
  ],
  "initial_release_date": "2011-02-16T00:00:00",
  "last_revision_date": "2011-06-06T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 HP c02775276 du 01 juin 2011 :",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02775276"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple du 08 mars 2011 pour Mac OS X    10.6 :",
      "url": "http://support.apple.com/kb/HT4562"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple du 08 mars 2011 pour Mac OS X    10.5 :",
      "url": "http://support.apple.com/kb/HT4563"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle javacpufeb2011-304611 du 15    f\u00e9vrier 2011 :",
      "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html"
    },
    {
      "title": "Document du CERTA CERTA-2011-AVI-079 du 10 f\u00e9vrier 2011 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2011-AVI-079/index.html"
    }
  ],
  "reference": "CERTA-2011-AVI-093",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-02-16T00:00:00.000000"
    },
    {
      "description": "ajout de la mise \u00e0 jour de Java pour les syst\u00e8mes Mac OS X.",
      "revision_date": "2011-03-09T00:00:00.000000"
    },
    {
      "description": "ajout de la mise \u00e0 jour de Java pour les syst\u00e8mes HP-UX.",
      "revision_date": "2011-06-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De nombreuses vuln\u00e9rabilit\u00e9s affectant Oracle Java ont \u00e9t\u00e9 corrig\u00e9es.\nCertaines permettent \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Java",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle javacpufeb2011-304611 du 15 f\u00e9vrier 2011",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.