Download
| Alert*
|
oval:org.secpod.oval:def:19738
The host is installed with Oracle Java SE 5.0 before update 22 or 6 before update 17 and is prone to denial of service vulnerability. A flaw is present in the applications, which does not properly handle a BMP file containing a link to a UNC share pathname for an International Color Consortium (ICC) ... oval:org.secpod.oval:def:301167 Multiple Java OpenJDK security vulnerabilities has been identified and fixed: - TLS: MITM attacks via session renegotiation . - Loader-constraint table allows arrays instead of only the b ase-classes . - Policy/PolicyFile leak dynamic ProtectionDomains. - File TOCTOU deserialization vulnerability . ... oval:org.secpod.oval:def:700477 Dan Kaminsky discovered that SSL certificates signed with MD2 could be spoofed given enough time. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. This update handles this issue by completely disabling MD2 for certificate validation in Op ... |
