Oracle Java SE Multiple Vulnerabilities (October 2010 CPU) (Unix)

Critical Nessus Plugin ID 64843

Synopsis

The remote Unix host contains a programming platform that is affected by multiple vulnerabilities.

Description

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 6 Update 22 / 5.0 Update 26 / 1.4.2_28. Such versions are potentially affected by security issue in the following components :

- CORBA
- Deployment
- Deployment Toolkit
- Java 2D
- Java Web Start
- JNDI
- JRE
- JSSE
- Kerberos
- Networking
- New Java Plug-in
- Sound
- Swing

Solution

Update to JDK / JRE 6 Update 22, JDK 5.0 Update 26, SDK 1.4.2_28 or later and remove, if necessary, any affected versions.

Note that an Extended Support contract with Oracle is needed to obtain JDK 5.0 Update 26 or later.

CVE: CVE-2009-3555, CVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552, CVE-2010-3553, CVE-2010-3554, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3559, CVE-2010-3560, CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565, CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3570, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573, CVE-2010-3574

BID: 43856, 43965, 43971, 43979, 43985, 43988, 43992, 43994, 43999, 44009, 44011, 44012, 44013, 44014, 44016, 44017, 44020, 44021, 44023, 44024, 44026, 44027, 44028, 44030, 44032, 44035, 44038, 44040

Secunia: 41791

CWE: 310

Oracle Java SE Multiple Vulnerabilities (October 2010 CPU) (Unix)

Synopsis

Description

Solution

See Also

Plugin Details

Risk Information

CVSS v2.0

Vulnerability Information

Exploitable With

Reference Information