Описание
Sun Java 1.6.0_03 and earlier versions, and possibly later versions, does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | 6b14-0ubuntu3 |
| feisty | DNE | |
| gutsy | DNE | |
| hardy | not-affected | 6b09-0ubuntu2 |
| intrepid | not-affected | 6b12-0ubuntu6 |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life, was needed |
| devel | not-affected | 1.5.0-17-0ubuntu1 |
| feisty | ignored | end of life, was needed |
| gutsy | not-affected | 1.5.0-13-0ubuntu1 |
| hardy | not-affected | 1.5.0-15-0ubuntu1 |
| intrepid | not-affected | 1.5.0-16-3 |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | 6-11-0ubuntu1 |
| feisty | ignored | end of life, was needed |
| gutsy | not-affected | 6-03-0ubuntu2 |
| hardy | not-affected | 6-06-0ubuntu1 |
| intrepid | not-affected | 6-10-0ubuntu2 |
| upstream | needs-triage |
Показывать по
Ссылки на источники
EPSS
7.5 High
CVSS2
Связанные уязвимости
Sun Java 1.6.0_03 and earlier versions, and possibly later versions, does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Sun Java 1.6.0_03 and earlier versions, and possibly later versions, d ...
Sun Java 1.6.0_03 and earlier versions, and possibly later versions, does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
EPSS
7.5 High
CVSS2