Описание
Multiple buffer overflows in the useEncodingDecl function in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via a JNLP file with (1) a long key name in the xml header or (2) a long charset value, different issues than CVE-2008-1189, aka "The first two issues."
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | DNE | |
| edgy | ignored | end of life, was needed |
| feisty | ignored | end of life, was needed |
| gutsy | ignored | end of life, was needed |
| hardy | released | 1.5.0-15-0ubuntu1 |
| intrepid | released | 1.5.0-15-0ubuntu1 |
| jaunty | released | 1.5.0-15-0ubuntu1 |
| karmic | DNE | |
| upstream | needed |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | released | 6-05-0ubuntu1 |
| edgy | DNE | |
| feisty | ignored | end of life, was needed |
| gutsy | ignored | end of life, was needed |
| hardy | released | 6-05-0ubuntu1 |
| intrepid | released | 6-05-0ubuntu1 |
| jaunty | released | 6-05-0ubuntu1 |
| karmic | released | 6-05-0ubuntu1 |
| upstream | needed |
Показывать по
Ссылки на источники
EPSS
9.3 Critical
CVSS2
Связанные уязвимости
Multiple buffer overflows in the useEncodingDecl function in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via a JNLP file with (1) a long key name in the xml header or (2) a long charset value, different issues than CVE-2008-1189, aka "The first two issues."
Multiple buffer overflows in the useEncodingDecl function in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via a JNLP file with (1) a long key name in the xml header or (2) a long charset value, different issues than CVE-2008-1189, aka "The first two issues."
Multiple buffer overflows in the useEncodingDecl function in Java Web ...
Multiple buffer overflows in the useEncodingDecl function in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via a JNLP file with (1) a long key name in the xml header or (2) a long charset value, different issues than CVE-2008-1189, aka "The first two issues."
EPSS
9.3 Critical
CVSS2