漏洞标题
N/A
漏洞描述信息
Oracle Java SE 6 Update 18、5.0 Update 23 和 1.4.2_25 中的未指定漏洞允许远程攻击者通过未知向量影响机密性、完整性和可用性。注意:先前的信息从 2010 年三月的 CPU 获得。Oracle 没有对一位可靠研究人员的说法发表评论,该人士称此与 Java 运行时环境(JRE)中执行特权方法时的不当检查有关,这允许攻击者通过(1) 未受信任的对象扩展受信任类但未修改某些方法,或(2) "与接口类似的信任问题",aka "远程代码执行信任链漏洞"。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) "a similar trust issue with interfaces," aka "Trusted Methods Chaining Remote Code Execution Vulnerability."
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Oracle Java SE和Java for Business Java运行时环境漏洞
漏洞描述信息
Oracle Java SE是美国甲骨文(Oracle)公司的一套标准版Java平台,用于开发和部署桌面、服务器以及嵌入设备和实时环境中的Java应用程序。 Oracle Java SE和Java for Business 6 Update 18,5.0 Update 23和1.4.2_25版本中存在Java运行时环境漏洞。远程攻击者可借助未明向量影响机密性、完整性和可用性。
CVSS信息
N/A
漏洞类别
授权问题