The remote Red Hat host is missing one or more security updates.
Updated java-1.6.0-ibm packages that fix several security issues are
now available for Red Hat Enterprise Linux 4 Extras and Red Hat
Enterprise Linux 5 Supplementary.
This update has been rated as having critical security impact by the
Red Hat Security Response Team.
The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment
and the IBM Java 2 Software Development Kit.
A flaw was found in the Java Management Extensions (JMX) management
agent. When local monitoring is enabled, remote attackers could use
this flaw to perform illegal operations. (CVE-2008-3103)
Several flaws involving the handling of unsigned applets were found. A
remote attacker could misuse an unsigned applet in order to connect to
services on the host running the applet. (CVE-2008-3104)
Several flaws in the Java API for XML Web Services (JAX-WS) client and
the JAX-WS service implementation were found. A remote attacker who
could cause malicious XML to be processed by an application could
access URLs, or cause a denial of service. (CVE-2008-3105,
Several flaws within the Java Runtime Environment (JRE) scripting
support were found. A remote attacker could grant an untrusted applet
extended privileges, such as reading and writing local files,
executing local programs, or querying the sensitive data of other
applets. (CVE-2008-3109, CVE-2008-3110)
A flaw in Java Web Start was found. Using an untrusted Java Web Start
application, a remote attacker could create or delete arbitrary files
with the permissions of the user running the untrusted application.
A flaw in Java Web Start when processing untrusted applications was
found. An attacker could use this flaw to acquire sensitive
information, such as the location of the cache. (CVE-2008-3114)
All users of java-1.6.0-ibm are advised to upgrade to these updated
packages, containing the IBM 1.6.0 SR2 Java release, which resolves
See also :
Update the affected packages.
Risk factor :
Critical / CVSS Base Score : 10.0
Public Exploit Available : true