IBM Security Update November 2014

CVE CVSS IBM 5.0 Fix IBM 6 Fix IBM 7 Fix Notes
CVE-2014-3065 6 5.0 SR16-FP8 6 SR16-FP2
6R1 SR8-FP2
7 SR8
7R1 SR2
 
CVE-2014-3566 4.3 5.0 SR16-FP8 6 SR16-FP2
6R1 SR8-FP2
7 SR8
7R1 SR2
POODLE SSLv3 Vulnerability

Further information on the November 2014 IBM Security Update is available here.

Oracle October 14 2014 CPU (1.5.0_75, 1.6.0_85, 1.7.0_71, 1.8.0_25)

CVE CVSS IBM 5.0 Fix IBM 6 Fix IBM 7 Fix Notes
CVE-2014-6513 10
N/A
6 SR16-FP2
6R1 SR8-FP2
7 SR8
7R1 SR2
 
CVE-2014-6562 9.3
N/A
N/A
N/A
 
CVE-2014-6456 9.3
N/A
N/A
7 SR8
7R1 SR2
 
CVE-2014-6503 9.3
N/A
6 SR16-FP2
6R1 SR8-FP2
7 SR8
7R1 SR2
 
CVE-2014-6532 9.3
N/A
6 SR16-FP2
6R1 SR8-FP2
7 SR8
7R1 SR2
 
CVE-2014-4288 7.6
N/A
6 SR16-FP2
6R1 SR8-FP2
7 SR8
7R1 SR2
 
CVE-2014-6493 7.6
N/A
6 SR16-FP2
6R1 SR8-FP2
7 SR8
7R1 SR2
 
CVE-2014-6492 7.6
N/A
6 SR16-FP2
6R1 SR8-FP2
7 SR8
7R1 SR2
 
CVE-2014-6458 6.9
N/A
6 SR16-FP2
6R1 SR8-FP2
7 SR8
7R1 SR2
 
CVE-2014-6466 6.9
N/A
6 SR16-FP2
6R1 SR8-FP2
7 SR8
7R1 SR2
 
CVE-2014-6468 6.9
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2014-6506 6.8 5.0 SR16-FP8 6 SR16-FP2
6R1 SR8-FP2
7 SR8
7R1 SR2
 
CVE-2014-6476 5
N/A
N/A
7 SR8
7R1 SR2
 
CVE-2014-6515 5
N/A
6 SR16-FP2
6R1 SR8-FP2
7 SR8
7R1 SR2
 
CVE-2014-6519 5
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2014-6511 5 5.0 SR16-FP8 6 SR16-FP2
6R1 SR8-FP2
7 SR8
7R1 SR2
 
CVE-2014-6517 5
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2014-6504 5
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2014-6531 4.3 5.0 SR16-FP8 6 SR16-FP2
6R1 SR8-FP2
7 SR8
7R1 SR2
 
CVE-2014-6512 4.3 5.0 SR16-FP8 6 SR16-FP2
6R1 SR8-FP2
7 SR8
7R1 SR2
 
CVE-2014-6457 4 5.0 SR16-FP8 6 SR16-FP2
6R1 SR8-FP2
7 SR8
7R1 SR2
 
CVE-2014-6527 2.6
N/A
N/A
7 SR8
7R1 SR2
 
CVE-2014-6502 2.6 5.0 SR16-FP8 6 SR16-FP2
6R1 SR8-FP2
7 SR8
7R1 SR2
 
CVE-2014-6558 2.6 5.0 SR16-FP8 6 SR16-FP2
6R1 SR8-FP2
7 SR8
7R1 SR2
 

Further information on Oracle's October 14 2014 Critical Patch Update is available here.

IBM Security Update July 2014

CVE CVSS IBM 5.0 Fix IBM 6 Fix IBM 7 Fix Notes
CVE-2014-3068 2.4 5.0 SR16-FP7 6 SR16-FP1
6R1 SR8-FP1
7 SR7-FP1
7R1 SR1-FP1
 

Further information on the July 2014 IBM Security Update is available here.

Oracle July 15 2014 CPU (1.5.0_71, 1.6.0_81, 1.7.0_65, 1.8.0_11)

IBM Security Update May 2014

CVE CVSS IBM 5.0 Fix IBM 6 Fix IBM 7 Fix Notes
CVE-2014-0878 5.8 5.0 SR16-FP6 6 SR15-FP2
6R1 SR8
7 SR7
7R1 SR1
 

Further information on the May 2014 IBM Security Update is available here.

Oracle April 15 2014 CPU (1.5.0_65, 1.6.0_75, 1.7.0_55, 1.8.0_05)

CVE CVSS IBM 5.0 Fix IBM 6 Fix IBM 7 Fix Notes
CVE-2014-0457 10 5.0 SR16-FP6 6 SR16
6.0.1 SR8
7 SR7
7R1 SR1
 
CVE-2014-0456 10
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2014-2421 10 5.0 SR16-FP6 6 SR16
6.0.1 SR8
7 SR7
7R1 SR1
 
CVE-2014-0429 10 5.0 SR16-FP6 6 SR16
6.0.1 SR8
7 SR7
7R1 SR1
 
CVE-2014-0461 9.3
N/A
6 SR16
6.0.1 SR8
7 SR7
7R1 SR1
 
CVE-2014-2397 9.3
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2014-0432 9.3
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2014-0455 9.3
N/A
N/A
7 SR7
7R1 SR1
 
CVE-2014-2428 7.6
N/A
6 SR16
6.0.1 SR8
7 SR7
7R1 SR1
 
CVE-2014-0448 7.6
N/A
N/A
7 SR7
7R1 SR1
 
CVE-2014-0454 7.5
N/A
N/A
7 SR7
7R1 SR1
 
CVE-2014-0446 7.5 5.0 SR16-FP6 6 SR16
6.0.1 SR8
7 SR7
7R1 SR1
 
CVE-2014-0452 7.5
N/A
6 SR16
6.0.1 SR8
7 SR7
7R1 SR1
 
CVE-2014-0451 7.5 5.0 SR16-FP6 6 SR16
6.0.1 SR8
7 SR7
7R1 SR1
 
CVE-2014-2402 7.5
N/A
N/A
7 SR7
7R1 SR1
 
CVE-2014-2423 7.5
N/A
6 SR16
6.0.1 SR8
7 SR7
7R1 SR1
 
CVE-2014-2427 7.5 5.0 SR16-FP6 6 SR16
6.0.1 SR8
7 SR7
7R1 SR1
 
CVE-2014-0458 7.5
N/A
6 SR16
6.0.1 SR8
7 SR7
7R1 SR1
 
CVE-2014-2414 7.5
N/A
6 SR16
6.0.1 SR8
7 SR7
7R1 SR1
 
CVE-2014-2412 7.5 5.0 SR16-FP6 6 SR16
6.0.1 SR8
7 SR7
7R1 SR1
 
CVE-2014-2409 6.4
N/A
6 SR16
6.0.1 SR8
7 SR7
7R1 SR1
 
CVE-2014-0460 5.8 5.0 SR16-FP6 6 SR16
6.0.1 SR8
7 SR7
7R1 SR1
 
CVE-2013-6954 5
N/A
6 SR16
6.0.1 SR8
7 SR7
7R1 SR1
 
CVE-2013-6629 5 5.0 SR16-FP6 6 SR16
6.0.1 SR8
7 SR7
7R1 SR1
 
CVE-2014-2403 5
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2014-2401 5 5.0 SR16-FP6 6 SR16
6.0.1 SR8
7 SR7
7R1 SR1
 
CVE-2014-0449 5
N/A
6 SR16
6.0.1 SR8
7 SR7
7R1 SR1
 
CVE-2014-0464 4.3
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2014-0463 4.3
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2014-2413 4.3
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2014-0459 4.3
N/A
N/A
7 SR7
7R1 SR1
 
CVE-2014-0453 4 5.0 SR16-FP6 6 SR16
6.0.1 SR8
7 SR7
7R1 SR1
 
CVE-2014-2398 3.5 5.0 SR16-FP6 6 SR16
6.0.1 SR8
7 SR7
7R1 SR1
 
CVE-2014-1876 2.6 5.0 SR16-FP6 6 SR16
6.0.1 SR8
7 SR7
7R1 SR1
 
CVE-2014-2420 2.6
N/A
6 SR16
6.0.1 SR8
7 SR7
7R1 SR1
 

Further information on Oracle's April 15 2014 Critical Patch Update is available here.

Oracle January 14 2014 CPU (1.5.0_61, 1.6.0_71, 1.7.0_51)

CVE CVSS IBM 5.0 Fix IBM 6 Fix IBM 7 Fix Notes
CVE-2014-0428 10 5.0 SR16-FP5 6 SR15-FP1
6.0.1 SR7-FP1
7 SR6-FP1
7R1 SR1
 
CVE-2014-0422 10 5.0 SR16-FP5 6 SR15-FP1
6.0.1 SR7-FP1
7 SR6-FP1
7R1 SR1
 
CVE-2013-5907 10 5.0 SR16-FP5 6 SR15-FP1
6.0.1 SR7-FP1
7 SR6-FP1
7R1 SR1
 
CVE-2014-0415 10
N/A
6 SR15-FP1
6.0.1 SR7-FP1
7 SR6-FP1
7R1 SR1
 
CVE-2014-0410 10
N/A
6 SR15-FP1
6.0.1 SR7-FP1
7 SR6-FP1
7R1 SR1
 
CVE-2013-5893 9.3
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2013-5889 9.3
N/A
6 SR15-FP1
6.0.1 SR7-FP1
7 SR6-FP1
7R1 SR1
 
CVE-2014-0417 9.3 5.0 SR16-FP5 6 SR15-FP1
6.0.1 SR7-FP1
7 SR6-FP1
7R1 SR1
 
CVE-2014-0408 9.3
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2014-0387 7.6
N/A
6 SR15-FP1
6.0.1 SR7-FP1
7 SR6-FP1
7R1 SR1
 
CVE-2014-0424 7.5
N/A
6 SR15-FP1
6.0.1 SR7-FP1
7 SR6-FP1
7R1 SR1
 
CVE-2013-5878 7.5
N/A
6 SR15-FP1
6.0.1 SR7-FP1
7 SR6-FP1
7R1 SR1
 
CVE-2014-0373 7.5 5.0 SR16-FP5 6 SR15-FP1
6.0.1 SR7-FP1
7 SR6-FP1
7R1 SR1
 
CVE-2013-5904 6.8
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2014-0375 5.8
N/A
6 SR15-FP1
6.0.1 SR7-FP1
7 SR6-FP1
7R1 SR1
 
CVE-2014-0403 5.8
N/A
6 SR15-FP1
6.0.1 SR7-FP1
7 SR6-FP1
7R1 SR1
 
CVE-2014-0423 5.5 5.0 SR16-FP5 6 SR15-FP1
6.0.1 SR7-FP1
7 SR6-FP1
7R1 SR1
 
CVE-2014-0418 5.1
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2013-5902 5.1
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2014-0376 5 5.0 SR16-FP5 6 SR15-FP1
6.0.1 SR7-FP1
7 SR6-FP1
7R1 SR1
 
CVE-2013-5910 5
N/A
6 SR15-FP1
6.0.1 SR7-FP1
7 SR6-FP1
7R1 SR1
 
CVE-2013-5884 5
N/A
6 SR15-FP1
6.0.1 SR7-FP1
7 SR6-FP1
7R1 SR1
Not applicable to IBM ORB
CVE-2013-5896 5
N/A
6 SR15-FP1
6.0.1 SR7-FP1
7 SR6-FP1
7R1 SR1
Not applicable to IBM ORB
CVE-2014-0376 5 5.0 SR16-FP5 6 SR15-FP1
6.0.1 SR7-FP1
7 SR6-FP1
7R1 SR1
 
CVE-2013-5899 5
N/A
6 SR15-FP1
6.0.1 SR7-FP1
7 SR6-FP1
7R1 SR1
 
CVE-2014-0416 5 5.0 SR16-FP5 6 SR15-FP1
6.0.1 SR7-FP1
7 SR6-FP1
7R1 SR1
 
CVE-2013-5887 5
N/A
6 SR15-FP1
6.0.1 SR7-FP1
7 SR6-FP1
7R1 SR1
 
CVE-2014-0368 5 5.0 SR16-FP5 6 SR15-FP1
6.0.1 SR7-FP1
7 SR6-FP1
7R1 SR1
 
CVE-2013-5888 4.6
N/A
6 SR15-FP1
6.0.1 SR7-FP1
7 SR6-FP1
7R1 SR1
 
CVE-2013-5898 4
N/A
6 SR15-FP1
6.0.1 SR7-FP1
7 SR6-FP1
7R1 SR1
 
CVE-2014-0411 4 5.0 SR16-FP5 6 SR15-FP1
6.0.1 SR7-FP1
7 SR6-FP1
7R1 SR1
 

Further information on Oracle's January 14 2014 Critical Patch Update is available here.

IBM Security Update November 2013

CVE CVSS IBM 5.0 Fix IBM 6 Fix IBM 7 Fix Notes
CVE-2013-5458 9.3
N/A
N/A
7 SR6  
CVE-2013-5456 9.3
N/A
N/A
7 SR6  
CVE-2013-5457 9.3
N/A
6 SR15
6.0.1 SR7
7 SR6  
CVE-2013-4041 6.8 5.0 SR16-FP4 6 SR15
6.0.1 SR7
7 SR6  
CVE-2013-5375 4.3 5.0 SR16-FP4 6 SR15
6.0.1 SR7
7 SR6  
CVE-2013-5372 4.3 5.0 SR16-FP4 6 SR15
6.0.1 SR7
7 SR6  

Further information on the November 2013 IBM Security Update is available here.

Oracle October 15 2013 CPU (1.5.0_55, 1.6.0_65, 1.7.0_45)

CVE CVSS IBM 5.0 Fix IBM 6 Fix IBM 7 Fix Notes
CVE-2013-5843 10 5.0 SR16-FP4 6 SR15
6.0.1 SR7
7 SR6  
CVE-2013-5789 10
N/A
6 SR15
6.0.1 SR7
7 SR6  
CVE-2013-5830 10 5.0 SR16-FP4 6 SR15
6.0.1 SR7
7 SR6  
CVE-2013-5829 10 5.0 SR16-FP4 6 SR15
6.0.1 SR7
7 SR6  
CVE-2013-5787 10
N/A
6 SR15
6.0.1 SR7
7 SR6  
CVE-2013-5788 10
N/A
N/A
7 SR6  
CVE-2013-5824 10
N/A
6 SR15
6.0.1 SR7
7 SR6  
CVE-2013-5842 10 5.0 SR16-FP4 6 SR15
6.0.1 SR7
7 SR6  
CVE-2013-5782 10 5.0 SR16-FP4 6 SR15
6.0.1 SR7
7 SR6  
CVE-2013-5817 10 5.0 SR16-FP4 6 SR15
6.0.1 SR7
7 SR6  
CVE-2013-5809 10 5.0 SR16-FP4 6 SR15
6.0.1 SR7
7 SR6  
CVE-2013-5814 10 5.0 SR16-FP4 6 SR15
6.0.1 SR7
7 SR6  
CVE-2013-5806 9.3
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2013-5805 9.3
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2013-5832 9.3
N/A
6 SR15
6.0.1 SR7
7 SR6  
CVE-2013-5850 9.3
N/A
6 SR15
6.0.1 SR7
7 SR6 Not applicable to IBM ORB
CVE-2013-5838 9.3
N/A
N/A
7 SR6  
CVE-2013-5802 7.5 5.0 SR16-FP4 6 SR15
6.0.1 SR7
7 SR6  
CVE-2013-5812 6.4
N/A
6 SR15
6.0.1 SR7
7 SR6  
CVE-2013-5804 6.4 5.0 SR16-FP4 6 SR15
6.0.1 SR7
7 SR6  
CVE-2013-5783 6.4 5.0 SR16-FP4 6 SR15
6.0.1 SR7
7 SR6  
CVE-2013-3829 6.4 5.0 SR16-FP4 6 SR15
6.0.1 SR7
7 SR6  
CVE-2013-5823 5
N/A
6 SR15
6.0.1 SR7
7 SR6  
CVE-2013-5831 5
N/A
6 SR15
6.0.1 SR7
7 SR6  
CVE-2013-5820 5
N/A
6 SR15
6.0.1 SR7
7 SR6  
CVE-2013-4002 5 5.0 SR16-FP3 6 SR14
6.0.1 SR6
7 SR5 Fixed in IBM Security Update July 2013
CVE-2013-5819 5
N/A
6 SR15
6.0.1 SR7
7 SR6  
CVE-2013-5818 5
N/A
6 SR15
6.0.1 SR7
7 SR6  
CVE-2013-5848 5
N/A
6 SR15
6.0.1 SR7
7 SR6  
CVE-2013-5776 5
N/A
6 SR15
6.0.1 SR7
7 SR6  
CVE-2013-5774 5 5.0 SR16-FP4 6 SR15
6.0.1 SR7
7 SR6  
CVE-2013-5825 5 5.0 SR16-FP4 6 SR15
6.0.1 SR7
7 SR6  
CVE-2013-5840 5 5.0 SR16-FP4 6 SR15
6.0.1 SR7
7 SR6  
CVE-2013-5801 5 5.0 SR16-FP4 6 SR15
6.0.1 SR7
7 SR6  
CVE-2013-5778 5 5.0 SR16-FP4 6 SR15
6.0.1 SR7
7 SR6  
CVE-2013-5851 5
N/A
6 SR15
6.0.1 SR7
7 SR6  
CVE-2013-5800 4.3
N/A
N/A
7 SR6  
CVE-2013-5784 4.3
N/A
6 SR15
6.0.1 SR7
7 SR6  
CVE-2013-5849 4.3 5.0 SR16-FP4 6 SR15
6.0.1 SR7
7 SR6  
CVE-2013-5790 4.3 5.0 SR16-FP4
N/A
7 SR6 Not applicable to IBM 6 JRE/SDK
CVE-2013-5780 4.3 5.0 SR16-FP4 6 SR15
6.0.1 SR7
7 SR6  
CVE-2013-5797 3.5 5.0 SR16-FP4 6 SR15
6.0.1 SR7
7 SR6  
CVE-2013-5803 2.6 5.0 SR16-FP4 6 SR15
6.0.1 SR7
7 SR6  
CVE-2013-5772 2.6
N/A
6 SR15
6.0.1 SR7
7 SR6  

Further information on Oracle's October 15 2013 Critical Patch Update is available here.

IBM Security Update July 2013

Oracle June 18 2013 CPU (1.5.0_51, 1.6.0_51, 1.7.0_25)

CVE CVSS IBM 1.4.2 Fix IBM 5.0 Fix IBM 6 Fix IBM 7 Fix Notes
CVE-2013-2468 10
N/A
N/A
6 SR14
6.0.1 SR6
7 SR5  
CVE-2013-2469 10 1.4.2 SR13-FP18 5.0 SR16-FP3 6 SR14
6.0.1 SR6
7 SR5  
CVE-2013-2465 10 1.4.2 SR13-FP18 5.0 SR16-FP3 6 SR14
6.0.1 SR6
7 SR5  
CVE-2013-2464 10 1.4.2 SR13-FP18 5.0 SR16-FP3 6 SR14
6.0.1 SR6
7 SR5  
CVE-2013-2463 10 1.4.2 SR13-FP18 5.0 SR16-FP3 6 SR14
6.0.1 SR6
7 SR5  
CVE-2013-2473 10 1.4.2 SR13-FP18 5.0 SR16-FP3 6 SR14
6.0.1 SR6
7 SR5  
CVE-2013-2472 10 1.4.2 SR13-FP18 5.0 SR16-FP3 6 SR14
6.0.1 SR6
7 SR5  
CVE-2013-2471 10 1.4.2 SR13-FP18 5.0 SR16-FP3 6 SR14
6.0.1 SR6
7 SR5  
CVE-2013-2470 10 1.4.2 SR13-FP18 5.0 SR16-FP3 6 SR14
6.0.1 SR6
7 SR5  
CVE-2013-2459 10 1.4.2 SR13-FP18 5.0 SR16-FP3 6 SR14
6.0.1 SR6
7 SR5  
CVE-2013-2466 10
N/A
N/A
6 SR14
6.0.1 SR6
7 SR5  
CVE-2013-2462 9.3
N/A
N/A
N/A
7 SR5  
CVE-2013-2460 9.3
N/A
N/A
N/A
7 SR5  
CVE-2013-3743 9.3
N/A
5.0 SR16-FP3 6 SR14
6.0.1 SR6
N/A
 
CVE-2013-2445 7.8
N/A
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2013-2448 7.6 Will not fix 5.0 SR16-FP3 6 SR14
6.0.1 SR6
7 SR5  
CVE-2013-2461 7.5
N/A
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2013-2442 7.5
N/A
N/A
6 SR14
6.0.1 SR6
7 SR5  
CVE-2013-2467 6.9
N/A
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2013-2407 6.4
N/A
N/A
6 SR14
6.0.1 SR6
7 SR5  
CVE-2013-2454 5.8
N/A
5.0 SR16-FP3 6 SR14
6.0.1 SR6
7 SR5  
CVE-2013-2458 5.8
N/A
N/A
N/A
7 SR5  
CVE-2013-3744 5
N/A
N/A
N/A
7 SR5  
CVE-2013-2400 5
N/A
N/A
N/A
7 SR5  
CVE-2013-2456 5 1.4.2 SR13-FP18 5.0 SR16-FP3 6 SR14
6.0.1 SR6
7 SR5  
CVE-2013-2453 5
N/A
N/A
6 SR14
6.0.1 SR6
7 SR5  
CVE-2013-2457 5
N/A
5.0 SR16-FP3 6 SR14
6.0.1 SR6
7 SR5  
CVE-2013-2455 5
N/A
5.0 SR16-FP3 6 SR14
6.0.1 SR6
7 SR5  
CVE-2013-2412 5
N/A
N/A
6 SR14
6.0.1 SR6
7 SR5  
CVE-2013-2443 5 Will not fix 5.0 SR16-FP3 6 SR14
6.0.1 SR6
7 SR5  
CVE-2013-2447 5 1.4.2 SR13-FP18 5.0 SR16-FP3 6 SR14
6.0.1 SR6
7 SR5  
CVE-2013-2437 5
N/A
N/A
6 SR14
6.0.1 SR6
7 SR5  
CVE-2013-2444 5
N/A
5.0 SR16-FP3 6 SR14
6.0.1 SR6
7 SR5  
CVE-2013-2452 5 1.4.2 SR13-FP18 5.0 SR16-FP3 6 SR14
6.0.1 SR6
7 SR5  
CVE-2013-2446 5 1.4.2 SR13-FP18 5.0 SR16-FP3 6 SR14
6.0.1 SR6
7 SR5  
CVE-2013-2450 5 1.4.2 SR13-FP18 5.0 SR16-FP3 6 SR14
6.0.1 SR6
7 SR5  
CVE-2013-1571 4.3
N/A
5.0 SR16-FP3 6 SR14
6.0.1 SR6
7 SR5 Oracle Javadoc Updater Tool
CVE-2013-2449 4.3
N/A
N/A
N/A
7 SR5  
CVE-2013-2451 3.7
N/A
N/A
6 SR14
6.0.1 SR6
7 SR5  
CVE-2013-1500 3.6 1.4.2 SR13-FP18 5.0 SR16-FP3 6 SR14
6.0.1 SR6
7 SR5  

Further information on Oracle's June 18 2013 Critical Patch Update is available here.

Oracle April 16 2013 CPU (1.5.0_45, 1.6.0_45, 1.7.0_21)

CVE CVSS IBM 1.4.2 Fix IBM 5.0 Fix IBM 6 Fix IBM 7 Fix Notes
CVE-2013-2422 10
N/A
N/A
6 SR13-FP2
6.0.1 SR5-FP2
7 SR4-FP2  
CVE-2013-1491 10 1.4.2 SR13-FP17 5.0 SR16-FP2 6 SR13-FP2
6.0.1 SR5-FP2
7 SR4-FP2  
CVE-2013-2435 10
N/A
N/A
6 SR13-FP2
6.0.1 SR5-FP2
7 SR4-FP2  
CVE-2013-2420 10 1.4.2 SR13-FP17 5.0 SR16-FP2 6 SR13-FP2
6.0.1 SR5-FP2
7 SR4-FP2  
CVE-2013-2432 10 1.4.2 SR13-FP17 5.0 SR16-FP2 6 SR13-FP2
6.0.1 SR5-FP2
7 SR4-FP2  
CVE-2013-2425 10
N/A
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2013-2434 10
N/A
N/A
N/A
7 SR4-FP2  
CVE-2013-1569 10 1.4.2 SR13-FP17 5.0 SR16-FP2 6 SR13-FP2
6.0.1 SR5-FP2
7 SR4-FP2  
CVE-2013-2384 10 1.4.2 SR13-FP17 5.0 SR16-FP2 6 SR13-FP2
6.0.1 SR5-FP2
7 SR4-FP2  
CVE-2013-2383 10 1.4.2 SR13-FP17 5.0 SR16-FP2 6 SR13-FP2
6.0.1 SR5-FP2
7 SR4-FP2  
CVE-2013-2431 10
N/A
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2013-1557 10 1.4.2 SR13-FP17 5.0 SR16-FP2 6 SR13-FP2
6.0.1 SR5-FP2
7 SR4-FP2  
CVE-2013-1537 10 1.4.2 SR13-FP17 5.0 SR16-FP2 6 SR13-FP2
6.0.1 SR5-FP2
7 SR4-FP2  
CVE-2013-1558 10
N/A
N/A
N/A
7 SR4-FP2  
CVE-2013-2440 10
N/A
N/A
6 SR13-FP2
6.0.1 SR5-FP2
7 SR4-FP2  
CVE-2013-1518 10
N/A
5.0 SR16
N/A
N/A
 
CVE-2013-1488 9.3
N/A
N/A
N/A
7 SR4-FP2  
CVE-2013-2421 9.3
N/A
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2013-2426 9.3
N/A
N/A
N/A
7 SR4-FP2  
CVE-2013-2436 9.3
N/A
N/A
N/A
7 SR4-FP2  
CVE-2013-2429 7.6 1.4.2 SR13-FP17 5.0 SR16-FP2 6 SR13-FP2
6.0.1 SR5-FP2
7 SR4-FP2  
CVE-2013-2430 7.6 1.4.2 SR13-FP17 5.0 SR16-FP2 6 SR13-FP2
6.0.1 SR5-FP2
7 SR4-FP2  
CVE-2013-1563 7.6
N/A
N/A
6 SR13-FP2
6.0.1 SR5-FP2
7 SR4-FP2  
CVE-2013-2394 7.6 1.4.2 SR13-FP17 5.0 SR16-FP2 6 SR13-FP2
6.0.1 SR5-FP2
7 SR4-FP2  
CVE-2013-0401 5.8
N/A
5.0 SR16-FP2 6 SR13-FP2
6.0.1 SR5-FP2
7 SR4-FP2  
CVE-2013-2438 5
N/A
N/A
N/A
7 SR4-FP2  
CVE-2013-2424 5
N/A
5.0 SR16-FP2 6 SR13-FP2
6.0.1 SR5-FP2
7 SR4-FP2  
CVE-2013-2419 5 1.4.2 SR13-FP17 5.0 SR16-FP2 6 SR13-FP2
6.0.1 SR5-FP2
7 SR4-FP2  
CVE-2013-2417 5 1.4.2 SR13-FP17 5.0 SR16-FP2 6 SR13-FP2
6.0.1 SR5-FP2
7 SR4-FP2  
CVE-2013-2418 4.6
N/A
N/A
6 SR13-FP2
6.0.1 SR5-FP2
7 SR4-FP2  
CVE-2013-1540 4.3
N/A
N/A
6 SR13-FP2
6.0.1 SR5-FP2
7 SR4-FP2  
CVE-2013-2423 4.3
N/A
N/A
N/A
7 SR4-FP2  
CVE-2013-2433 4.3
N/A
N/A
6 SR13-FP2
6.0.1 SR5-FP2
7 SR4-FP2  
CVE-2013-2416 4.3
N/A
N/A
N/A
7 SR4-FP2  
CVE-2013-2415 2.1
N/A
N/A
N/A
7 SR4-FP2  

Further information on Oracle's April 16 2013 Critical Patch Update is available here.

Oracle March 2013 Security Alert (1.5.0_41, 1.6.0_43, 1.7.0_17)

CVE CVSS IBM 1.4.2 Fix IBM 5.0 Fix IBM 6 Fix IBM 7 Fix Notes
CVE-2013-0809 10 1.4.2 SR13-FP16 5.0 SR16 6 SR13
6.0.1 SR5
7 SR4  
CVE-2013-1493 10 1.4.2 SR13-FP16 5.0 SR16 6 SR13
6.0.1 SR5
7 SR4  

Further information on Oracle's March 2013 Security Alert is available here.

Oracle February 19 2013 CPU (1.4.2_42, 1.5.0_40, 1.6.0_41, 1.7.0_15)

CVE CVSS IBM 1.4.2 Fix IBM 5.0 Fix IBM 6 Fix IBM 7 Fix Notes
CVE-2013-1487 10
N/A
N/A
6 SR13
6.0.1 SR5
7 SR4  
CVE-2013-1486 10
N/A
5.0 SR16 6 SR13
6.0.1 SR5
7 SR4  
CVE-2013-1484 10
N/A
N/A
N/A
7 SR4  
CVE-2013-1485 5
N/A
N/A
N/A
7 SR4  
CVE-2013-0169 4.3 1.4.2 SR13-FP17 5.0 SR16-FP2 6 SR13-FP1
6.0.1 SR5-FP1
7 SR4-FP1  

Further information on Oracle's February 19 2013 Critical Patch Updates is available here.

Oracle February 1 2013 CPU (1.4.2_41, 1.5.0_39, 1.6.0_39, 1.7.0_13)

CVE CVSS IBM 1.4.2 Fix IBM 5.0 Fix IBM 6 Fix IBM 7 Fix Notes
CVE-2013-0437 10
N/A
N/A
N/A
7 SR4  
CVE-2013-1478 10 1.4.2 SR13-FP15 5.0 SR16 6 SR13
6.0.1 SR5
7 SR4  
CVE-2013-0445 10
N/A
5.0 SR16 6 SR13
6.0.1 SR5
7 SR4  
CVE-2013-1480 10 1.4.2 SR13-FP15 5.0 SR16 6 SR13
6.0.1 SR5
7 SR4  
CVE-2013-0441 10
N/A
N/A
6 SR13
6.0.1 SR5
7 SR4 Not applicable to IBM ORB
CVE-2013-1475 10 1.4.2 SR13-FP14 5.0 SR15 6 SR12
6.0.1 SR4
7 SR3  
CVE-2013-1476 10 1.4.2 SR13-FP15 5.0 SR16 6 SR13
6.0.1 SR5
7 SR4  
CVE-2012-1541 10
N/A
N/A
6 SR13
6.0.1 SR5
7 SR4  
CVE-2013-0446 10
N/A
N/A
6 SR13
6.0.1 SR5
7 SR4  
CVE-2012-3342 10
N/A
N/A
6 SR13
6.0.1 SR5
7 SR4  
CVE-2013-0442 10 1.4.2 SR13-FP15 5.0 SR16 6 SR13
6.0.1 SR5
7 SR4  
CVE-2013-0450 10
N/A
5.0 SR16 6 SR13
6.0.1 SR5
7 SR4  
CVE-2013-0425 10 1.4.2 SR13-FP15 5.0 SR16 6 SR13
6.0.1 SR5
7 SR4  
CVE-2013-0426 10 1.4.2 SR13-FP15 5.0 SR16 6 SR13
6.0.1 SR5
7 SR4  
CVE-2013-0428 10 1.4.2 SR13-FP15 5.0 SR16 6 SR13
6.0.1 SR5
7 SR4  
CVE-2012-3213 10
N/A
N/A
6 SR13
6.0.1 SR5
7 SR4  
CVE-2013-1481 10 1.4.2 SR13-FP15 5.0 SR16 6 SR13
6.0.1 SR5
N/A
 
CVE-2013-0444 7.6
N/A
N/A
N/A
7 SR4  
CVE-2013-0429 7.6
N/A
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2013-0419 7.6
N/A
N/A
6 SR13
6.0.1 SR5
7 SR4  
CVE-2013-0423 7.6
N/A
N/A
6 SR13
6.0.1 SR5
7 SR4  
CVE-2013-0351 7.5
N/A
N/A
6 SR13
6.0.1 SR5
7 SR4  
CVE-2013-0432 6.4 1.4.2 SR13-FP15 5.0 SR16 6 SR13
6.0.1 SR5
7 SR4  
CVE-2013-0449 5
N/A
N/A
N/A
7 SR4  
CVE-2013-1473 5
N/A
N/A
6 SR13
6.0.1 SR5
7 SR4  
CVE-2013-0435 5
N/A
N/A
6 SR13
6.0.1 SR5
7 SR4  
CVE-2013-0434 5 1.4.2 SR13-FP15 5.0 SR16 6 SR13
6.0.1 SR5
7 SR4  
CVE-2013-0409 5
N/A
5.0 SR16 6 SR13
6.0.1 SR5
7 SR4  
CVE-2013-0431 5
N/A
N/A
N/A
7 SR4  
CVE-2013-0427 5
N/A
5.0 SR16 6 SR13
6.0.1 SR5
7 SR4  
CVE-2013-0433 5
N/A
5.0 SR16 6 SR13
6.0.1 SR5
7 SR4  
CVE-2013-0424 5 1.4.2 SR13-FP15 5.0 SR16 6 SR13
6.0.1 SR5
7 SR4  
CVE-2013-0440 5 1.4.2 SR13-FP15 5.0 SR16 6 SR13
6.0.1 SR5
7 SR4  
CVE-2013-0438 4.3
N/A
N/A
6 SR13
6.0.1 SR5
7 SR4  
CVE-2013-0443 4 1.4.2 SR13-FP15 5.0 SR16 6 SR13
6.0.1 SR5
7 SR4  
CVE-2013-1489 0
N/A
N/A
N/A
N/A
Not applicable to IBM JRE/SDK

Further information on Oracle's February 1 2013 Critical Patch Updates is available here.

Oracle January 2013 Security Alert (1.7.0_11)

CVE CVSS IBM 1.4.2 Fix IBM 5.0 Fix IBM 6 Fix IBM 7 Fix Notes
CVE-2013-0422 10
N/A
N/A
N/A
7 SR4 See IBM PSIRT blog for further details
CVE-2012-3174 10
N/A
N/A
N/A
7 SR4 See IBM PSIRT blog for further details

Further information on Oracle's January 2013 Security Alert is available here.

Older Java Security Alerts

IBM Security Update November 2012

CVE CVSS IBM 1.4.2 Fix IBM 5.0 Fix IBM 6 Fix IBM 7 Fix Notes
CVE-2012-4820 9.3 1.4.2 SR13-FP14 5.0 SR15 6 SR12
6.0.1 SR4
7 SR3  
CVE-2012-4821 9.3
N/A
N/A
N/A
7 SR3  
CVE-2012-4822 9.3 1.4.2 SR13-FP14 5.0 SR15 6 SR12
6.0.1 SR4
7 SR3  
CVE-2012-4823 9.3
N/A
N/A
6 SR12
6.0.1 SR4
7 SR3  

Further information on these CVEs is available here.

Oracle October 16 2012 CPU (1.4.2_40, 1.5.0_38, 1.6.0_37, 1.7.0_09)

CVE CVSS IBM 1.4.2 Fix IBM 5.0 Fix IBM 6 Fix IBM 7 Fix Notes
CVE-2012-3159 7.5
N/A
N/A
6 SR12
6.0.1 SR4
7 SR3  
CVE-2012-3216 2.6 1.4.2 SR13-FP14 5.0 SR15 6 SR12
6.0.1 SR4
7 SR3  
CVE-2012-5068 7.5
N/A
N/A
6 SR12
6.0.1 SR4
N/A
Not applicable to IBM 7 JRE/SDK
CVE-2012-5070 5
N/A
N/A
N/A
7 SR3  
CVE-2012-5067 5
N/A
N/A
N/A
7 SR3  
CVE-2012-3143 10
N/A
5.0 SR15
5.0 SR15
6 SR12
6.0.1 SR4

6 SR12
6.0.1 SR4
7 SR3
7 SR3
 
CVE-2012-5076 10
N/A
N/A
N/A
7 SR3  
CVE-2012-5077 2.6
N/A
N/A
N/A
7 SR3 Applies to Oracle SecureRandom provider only.
CVE-2012-5073 5 1.4.2 SR13-FP14 5.0 SR15 6 SR12
6.0.1 SR4
7 SR3  
CVE-2012-5074 6.4
N/A
N/A
N/A
7 SR3  
CVE-2012-5075 5
N/A
5.0 SR15 6 SR12
6.0.1 SR4
7 SR3  
CVE-2012-5083 10 1.4.2 SR13-FP14 5.0 SR15 6 SR12
6.0.1 SR4
7 SR3  
CVE-2012-5083 10 1.4.2 SR13-FP14 5.0 SR15 6 SR12
6.0.1 SR4
7 SR3  
CVE-2012-5072 5
N/A
N/A
6 SR12
6.0.1 SR4
7 SR3  
CVE-2012-1531 10 1.4.2 SR13-FP14 5.0 SR15 6 SR12
6.0.1 SR4
7 SR3  
CVE-2012-5081 5 1.4.2 SR13-FP14 5.0 SR15 6 SR12
6.0.1 SR4
7 SR3  
CVE-2012-1532 10
N/A
N/A
6 SR12
6.0.1 SR4
7 SR3  
CVE-2012-1533 10
N/A
N/A
6 SR12
6.0.1 SR4
7 SR3  
CVE-2012-5069 5.8
N/A
5.0 SR15 6 SR12
6.0.1 SR4
7 SR3  
CVE-2012-5085 0 1.4.2 SR13-FP15 5.0 SR16 6 SR13
6.0.1 SR5
7 SR4  
CVE-2012-5071 6.4
N/A
5.0 SR15 6 SR12
6.0.1 SR4
7 SR3  
CVE-2012-5084 7.6 1.4.2 SR13-FP14 5.0 SR15 6 SR12
6.0.1 SR4
7 SR3  
CVE-2012-5087 10
N/A
N/A
N/A
7 SR3  
CVE-2012-5086 10
N/A
N/A
N/A
7 SR3 Not applicable to IBM 6 JRE/SDK
CVE-2012-5079 5 1.4.2 SR13-FP14 5.0 SR15 6 SR12
6.0.1 SR4
7 SR3  
CVE-2012-5088 10
N/A
N/A
N/A
7 SR3  
CVE-2012-5089 7.6
N/A
5.0 SR15 6 SR12
6.0.1 SR4
7 SR3  
CVE-2012-4416 6.4
N/A
N/A
N/A
N/A
Not applicable to IBM JRE/SDK

Further information on Oracle's October 16 2012 Critical Patch Update is available here.

Oracle August 2012 Security Alert (1.6.0_35, 1.7.0_07)

CVE CVSS IBM 1.4.2 Fix IBM 5.0 Fix IBM 6 Fix IBM 7 Fix Notes
CVE-2012-4681 10
N/A
N/A
N/A
7 SR2  
CVE-2012-1682 10
N/A
N/A
6 SR12
6.0.1 SR4
7 SR2  
CVE-2012-3136 10
N/A
N/A
N/A
7 SR2  
CVE-2012-0547 0
N/A
N/A
6 SR12
6.0.1 SR4
7 SR2 This issue is not directly exploitable

Further information on Oracle's August 2012 Security Alert is available here.

Oracle June 12 2012 CPU (1.4.2_38, 1.5.0_36, 1.6.0_33, 1.7.0_05)

CVE CVSS IBM 1.4.2 Fix IBM 5.0 Fix IBM 6 Fix IBM 7 Fix Notes
CVE-2012-1711 7.5
N/A
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2012-0551 5.8
N/A
N/A
6 SR11
6.0.1 SR2-FP1
7 SR2  
CVE-2012-1717 3.5 1.4.2 SR13-FP13 5.0 SR14 6 SR11
6.0.1 SR2-FP1
7 SR2  
CVE-2012-1716 10
N/A
5.0 SR14 6 SR11
6.0.1 SR2-FP1
7 SR2  
CVE-2012-1713 10 1.4.2 SR13-FP13
1.4.2 SR13-FP13
1.4.2 SR13-FP13
1.4.2 SR13-FP13
5.0 SR14
5.0 SR14
5.0 SR14
5.0 SR14
6 SR11
6.0.1 SR2-FP1

6 SR11
6.0.1 SR2-FP1

6 SR11
6.0.1 SR2-FP1

6 SR11
6.0.1 SR2-FP1
7 SR2
7 SR2
7 SR2
7 SR2
 
CVE-2012-1719 5 1.4.2 SR13-FP13 5.0 SR14 6 SR11
6.0.1 SR2-FP1
7 SR2  
CVE-2012-1718 3.6 1.4.2 SR13-FP13 5.0 SR14 6 SR11
6.0.1 SR2-FP1
7 SR3  
CVE-2012-1723 10
N/A
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2012-1724 5
N/A
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2012-1722 10
N/A
N/A
6 SR11
6.0.1 SR2-FP1
7 SR2  
CVE-2012-1721 10
N/A
N/A
6 SR11
6.0.1 SR2-FP1
7 SR2  
CVE-2012-1720 3.7
N/A
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2012-1725 10
N/A
5.0 SR14 6 SR11
6.0.1 SR2-FP1
7 SR2  
CVE-2012-1726 6.4
N/A
N/A
N/A
7 SR2  

Further information on Oracle's June 12 2012 Critical Patch Update is available here.

Oracle February 14 2012 CPU (1.4.2_36, 1.5.0_34, 1.6.0_31, 1.7.0_03)

CVE CVSS IBM 1.4.2 Fix IBM 5.0 Fix IBM 6 Fix IBM 7 Fix Notes
CVE-2012-0502 6.4 1.4.2 SR13-FP12 5.0 SR13-FP1 6 SR10-FP1 7 SR1  
CVE-2012-0503 7.5 1.4.2 SR13-FP12 5.0 SR13-FP1 6 SR10-FP1 7 SR1  
CVE-2012-0506 4.3 1.4.2 SR13-FP12 5.0 SR13-FP1 6 SR10-FP1 7 SR1  
CVE-2012-0507 10
N/A
5.0 SR13-FP1 6 SR10-FP1 7 SR1 Previously tracked under CVE-2011-3571
CVE-2011-3563 6.4 1.4.2 SR13-FP12 5.0 SR13-FP1 6 SR10-FP1 7 SR1  
CVE-2012-0500 10
N/A
N/A
6 SR10-FP1 7 SR1  
CVE-2012-0497 10
N/A
N/A
6 SR10-FP1 7 SR1  
CVE-2012-0498 10
N/A
5.0 SR13-FP1 6 SR10-FP1 7 SR1  
CVE-2012-0499 10 1.4.2 SR13-FP12 5.0 SR13-FP1 6 SR10-FP1 7 SR1  
CVE-2012-0500 10
N/A
N/A
6 SR10-FP1 7 SR1  
CVE-2012-0501 5
N/A
5.0 SR13-FP1 6 SR10-FP1 7 SR1  
CVE-2012-0505 7.5 1.4.2 SR13-FP12 5.0 SR13-FP1 6 SR10-FP1 7 SR1  
CVE-2011-5035 5
N/A
N/A
6 SR10-FP1 7 SR1  
CVE-2012-0504 9.3
N/A
N/A
N/A
N/A
Not applicable to IBM JRE/SDK

Further information on Oracle's February 14 2012 Critical Patch Update is available here.

Oracle October 18 2011 CPU (1.4.2_34, 1.5.0_32, 1.6.0_29, 1.7.0_01)

CVE CVSS IBM 1.4.2 Fix IBM 5.0 Fix IBM 6 Fix IBM 7 Fix Notes
CVE-2011-3547 5 1.4.2 SR13-FP11 5.0 SR13 6 SR10 7 SR1  
CVE-2011-3546 5.8
N/A
N/A
6 SR10 7 SR1  
CVE-2011-3548 10 1.4.2 SR13-FP11 5.0 SR13 6 SR10 7 SR1  
CVE-2011-3549 10 1.4.2 SR13-FP11 5.0 SR13 6 SR10
N/A
 
CVE-2011-3516 7.6
N/A
N/A
6 SR10
N/A
 
CVE-2011-3550 7.6
N/A
N/A
6 SR10 7 SR1  
CVE-2011-3551 9.3
N/A
N/A
6 SR10 7 SR1  
CVE-2011-3552 2.6 1.4.2 SR13-FP11 5.0 SR13 6 SR10 7 SR1  
CVE-2011-3553 3.5
N/A
N/A
6 SR10 7 SR1  
CVE-2011-3544 10
N/A
N/A
6 SR10 7 SR3  
CVE-2011-3545 10 1.4.2 SR13-FP11 5.0 SR13 6 SR10
N/A
 
CVE-2011-3521 10
N/A
N/A
6 SR10 7 SR1 Not applicable to IBM 5.0 JRE/SDK
CVE-2011-3554 10
N/A
5.0 SR13 6 SR10 7 SR1  
CVE-2011-3555 2.6
N/A
N/A
N/A
7 SR1  
CVE-2011-3558 5
N/A
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2011-3556 7.5 1.4.2 SR13-FP11 5.0 SR13 6 SR10 7 SR1  
CVE-2011-3557 6.8 1.4.2 SR13-FP11 5.0 SR13-FP1 6 SR10 7 SR1  
CVE-2011-3389 4.3 1.4.2 SR13-FP11 5.0 SR13-FP1 6 SR10 7 SR1  
CVE-2011-3560 6.4 1.4.2 SR13-FP11 5.0 SR13-FP1 6 SR10 7 SR1  
CVE-2011-3561 1.8
N/A
N/A
6 SR10 7 SR1  

Further information on Oracle's October 18 2011 Critical Patch Update is available here.

Oracle June 7 2011 CPU(1.4.2_32, 1.5.0_30, 1.6.0_26)

CVE CVSS IBM 1.4.2 Fix IBM 5.0
Fix
IBM 6 Fix Notes
CVE-2011-0865 2.6 1.4.2 SR13-FP10 5.0 SR12-FP5 6 SR9-FP2  
CVE-2011-0866 7.6 1.4.2 SR13-FP10 5.0 SR12-FP5 6 SR9-FP2  
CVE-2011-0786 7.6
N/A
N/A
6 SR9-FP2  
CVE-2011-0788 7.6
N/A
N/A
6 SR9-FP2  
CVE-2011-0802 10 1.4.2 SR13-FP10 5.0 SR12-FP5 6 SR9-FP2  
CVE-2011-0814 10 1.4.2 SR13-FP10 5.0 SR12-FP5 6 SR9-FP2  
CVE-2011-0815 10 1.4.2 SR13-FP10 5.0 SR12-FP5 6 SR9-FP2  
CVE-2011-0862 10 1.4.2 SR13-FP10 5.0 SR12-FP5 6 SR9-FP2  
CVE-2011-0867 5 1.4.2 SR13-FP10 5.0 SR12-FP5 6 SR9-FP2  
CVE-2011-0869 5
N/A
N/A
6 SR9-FP2  
CVE-2011-0817 10
N/A
N/A
6 SR9-FP2  
CVE-2011-0863 10
N/A
N/A
6 SR9-FP2  
CVE-2011-0868 5
N/A
N/A
6 SR9-FP2  
CVE-2011-0864 5
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2011-0871 10 1.4.2 SR13-FP10 5.0 SR12-FP5 6 SR9-FP2  
CVE-2011-0872 5 1.4.2 SR13-FP10 5.0 SR12-FP5 6 SR9-FP2  
CVE-2011-0873 10
N/A
5.0 SR12-FP5 6 SR9-FP2  

Further information on Oracle's June 7 2011 Critical Patch Update is available here.

Oracle February 15 2011 CPU (1.4.2_30, 1.5.0_28, 1.6.0_24)

CVE CVSS IBM 1.4.2 Fix IBM 5.0
Fix
IBM 6 Fix Notes
CVE-2010-4467 10
N/A
N/A
6 SR9-FP1  
CVE-2010-4468 5.1
N/A
5.0 SR12-FP4 6 SR9-FP1  
CVE-2010-4469 10
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2010-4465 10 1.4.2 SR13-FP9 5.0 SR12-FP4 6 SR9-FP1  
CVE-2010-4470 5
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2010-4422 7.6
N/A
N/A
6 SR9-FP1  
CVE-2010-4471 5
N/A
5.0 SR12-FP4 6 SR9-FP1  
CVE-2010-4448 2.6 1.4.2 SR13-FP9 5.0 SR12-FP4 6 SR9-FP1  
CVE-2010-4450 5.1
N/A
5.0 SR12-FP4
N/A
Not applicable to IBM 1.4.2 and 6 JREs/SDKs
CVE-2010-4451 7.6
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2010-4452 10
N/A
N/A
6 SR9-FP1  
CVE-2010-4462 10 1.4.2 SR13-FP9 5.0 SR12-FP4 6 SR9-FP1  
CVE-2010-4463 10
N/A
N/A
6 SR9-FP1  
CVE-2010-4472 2.6
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2010-4466 5 1.4.2 SR13-FP9 5.0 SR12-FP4 6 SR9-FP1  
CVE-2010-4447 8.3 1.4.2 SR13-FP9 5.0 SR12-FP4 6 SR9-FP1  
CVE-2010-4475 7.1 1.4.2 SR13-FP9 5.0 SR12-FP4 6 SR9-FP1  
CVE-2010-4454 10 1.4.2 SR13-FP9 5.0 SR12-FP4 6 SR9-FP1  
CVE-2010-4473 10 1.4.2 SR13-FP9 5.0 SR12-FP4 6 SR9-FP1  
CVE-2010-4476 5 1.4.2 SR13-FP9 5.0 SR12-FP4 6 SR9-FP1 Further information available here

Further information on Oracle's February 15 2011 Critical Patch Update is available here.

IBM Security Update February 2011

CVE CVSS IBM 1.4.2 Fix IBM 5.0
Fix
IBM 6 Fix Notes
CVE-2011-0311 3.5 1.4.2 SR13-FP10 5.0 SR12-FP4 6 SR9-FP1 APAR: IZ89602

This issue is limited to IBM JRE/SDK implementations. Further information is available here.

Oracle October 12 2010 SSR (1.4.2_28, 1.5.0_26, 1.6.0_22)

CVE CVSS IBM 1.4.2 Fix IBM 5.0
Fix
IBM 6 Fix Notes
CVE-2010-3553 10 1.4.2 SR13-FP6 5.0 SR12-FP3 6 SR9  
CVE-2010-3554 10
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2009-3555 6.8 1.4.2 SR13-FP6 5.0 SR12 6 SR9 RFC 5746
CVE-2010-3561 7.5
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2010-3562 10 1.4.2 SR13-FP6 5.0 SR12-FP2 6 SR9  
CVE-2010-3557 6.8 1.4.2 SR13-FP6 5.0 SR12-FP3 6 SR9  
CVE-2010-3558 10
N/A
N/A
6 SR9  
CVE-2010-3563 10
N/A
N/A
6 SR9  
CVE-2010-0771 10
N/A
N/A
6 SR9  
CVE-2010-3550 9.3
N/A
5.0 SR12-FP2 6 SR9  
CVE-2010-3549 6.8 1.4.2 SR13-FP6 5.0 SR12-FP2 6 SR9  
CVE-2010-3551 5 1.4.2 SR13-FP6 5.0 SR12-FP2 6 SR9  
CVE-2010-3555 9.3
N/A
N/A
6 SR9  
CVE-2010-3556 10 1.4.2 SR13-FP6 5.0 SR12-FP2 6 SR9  
CVE-2010-3559 10
N/A
5.0 SR12-FP2 6 SR9 Not applicable to IBM 1.4.2 JRE/SDK
CVE-2010-3548 5 1.4.2 SR13-FP6 5.0 SR12-FP2 6 SR9  
CVE-2010-1321 6.8 1.4.2 SR13-FP8 5.0 SR12-FP2 6 SR9  
CVE-2010-3565 10 1.4.2 SR13-FP6 5.0 SR12-FP2 6 SR9  
CVE-2010-3567 10
N/A
N/A
6 SR9 Not applicable to IBM 5.0 JRE/SDK
CVE-2010-3566 10
N/A
5.0 SR12-FP2 6 SR9  
CVE-2010-3568 10 1.4.2 SR13-FP6 5.0 SR12-FP2 6 SR9  
CVE-2010-3541 5.1 1.4.2 SR13-FP6 5.0 SR12-FP2 6 SR9  
CVE-2010-3569 10 1.4.2 SR13-FP6 5.0 SR12-FP2 6 SR9  
CVE-2010-3571 10 1.4.2 SR13-FP6 5.0 SR12-FP3 6 SR9  
CVE-2010-3572 10 1.4.2 SR13-FP6 5.0 SR12-FP2 6 SR9  
CVE-2010-3570 7.6
N/A
N/A
N/A
Not applicable to IBM JRE/SDKs
CVE-2010-3560 2.6
N/A
N/A
6 SR9  
CVE-2010-3573 5.1
N/A
5.0 SR12-FP2 6 SR9  
CVE-2010-3574 5.1 1.4.2 SR13-FP8 5.0 SR12-FP2 6 SR9  

Further information about the SSR issued by Oracle on October 12 2010 is available here.

Oracle 1.6.0_20 Emergency Release

CVE CVSS IBM 1.4.2 Fix IBM 5.0
Fix
IBM 6 Fix Notes
CVE-2010-0886 5.1
N/A
N/A
N/A
Not applicable to IBM JRE/SDKs
CVE-2010-0887 5.1
N/A
N/A
6 SR8-FP1

Further information about the Emergency SSR issued by Oracle is available here.

March 30 2010 SSR (1.4.2_26, 1.5.0_24, 1.6.0_19)

CVE CVSS IBM 1.4.2 Fix IBM 5.0
Fix
IBM 6 Fix Notes
CVE-2010-0082 5.1
N/A
N/A
N/A
Not applicable to IBM JRE/SDKs
CVE-2010-0084 5 1.4.2 SR13-FP5 5.0 SR11-FP1 6 SR8  
CVE-2010-0085 5.1 1.4.2 SR13-FP5 5.0 SR11-FP1 6 SR8  
CVE-2010-0087 7.5 1.4.2 SR13-FP5 5.0 SR11-FP1 6 SR8  
CVE-2010-0088 6.8 1.4.2 SR13-FP5 5.0 SR11-FP1 6 SR8  
CVE-2010-0089 5 1.4.2 SR13-FP5 5.0 SR11-FP1 6 SR8  
CVE-2010-0090 5.8
N/A
N/A
6 SR8  
CVE-2010-0091 4.3 1.4.2 SR13-FP5 5.0 SR11-FP1 6 SR8  
CVE-2010-0092 5.1
N/A
5.0 SR11-FP1 6 SR8  
CVE-2009-3555 6.8 1.4.2 SR13-FP4 5.0 SR11-FP1 6 SR7  
CVE-2010-0093 5.1
N/A
N/A
N/A
Not applicable to IBM JRE/SDKs
CVE-2010-0094 7.5
N/A
5.0 SR11-FP1 6 SR8  
CVE-2010-0095 6.8 1.4.2 SR13-FP5 5.0 SR11-FP1 6 SR8  
CVE-2010-0837 7.5
N/A
5.0 SR11-FP1 6 SR8  
CVE-2010-0838 7.5
N/A
5.0 SR11-FP1 6 SR8  
CVE-2010-0839 7.5 1.4.2 SR13-FP5 5.0 SR11-FP1 6 SR8  
CVE-2010-0840 7.5 1.4.2 SR13-FP5 5.0 SR11-FP2 6 SR8  
CVE-2010-0841 7.5 1.4.2 SR13-FP5 5.0 SR11-FP2 6 SR8  
CVE-2010-0842 7.5 1.4.2 SR13-FP5 5.0 SR11-FP2 6 SR8  
CVE-2010-0843 7.5 1.4.2 SR13-FP5 5.0 SR11-FP2 6 SR8  
CVE-2010-0844 7.5 1.4.2 SR13-FP5 5.0 SR11-FP2 6 SR8  
CVE-2010-0845 5.1
N/A
N/A
N/A
Not applicable to IBM JRE/SDKs
CVE-2010-0846 7.5 1.4.2 SR13-FP5 5.0 SR11-FP2 6 SR8  
CVE-2010-0847 7.5 1.4.2 SR13-FP5 5.0 SR11-FP2 6 SR8  
CVE-2010-0848 7.5 1.4.2 SR13-FP5 5.0 SR11-FP2 6 SR8  
CVE-2010-0849 7.5 1.4.2 SR13-FP5 5.0 SR11-FP2 6 SR8  

Further information about the SSR issued by Oracle on March 30 2010 is available here.

CVE Number Date released Synopsis Affected Releases Releases containing fix
CVE-2009-3555 27 January 2010 A security vulnerability in the TLS protocol (including SSL v3) may allow an attacker to conduct man-in-the-middle (MITM) type of attacks where chosen plain text may be injected as a prefix in an user's TLS session. This vulnerability does not allow an attacker to decrypt the intercepted network communication.

IBM Platforms:
6 SR6 and earlier
5.0 SR11 and earlier
1.4.2 SR13-FP3 and earlier


Sun Platforms:
6 Update 18 and earlier
5.0 Update 23 and earlier
1.4.2_25 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR7 and later
5.0 SR11-FP1 and later
1.4.2 SR13-FP4 and later


Sun Platforms:
6 Update 19 and later
5.0 Update 24 and later
1.4.2_26 and later


HP Platforms:
See HP site for details

CVE-2009-3876
CVE-2009-3877
4 December 2009 A vulnerability in the Java Runtime Environment with decoding DER encoded data might allow a remote client to cause the JRE to crash, resulting in a denial of service condition.

IBM Platforms:
6 SR6 and earlier
5.0 SR10 and earlier
1.4.2 SR13-FP1 and earlier


Sun Platforms:
6 Update 16 and earlier
5.0 Update 21 and earlier
1.4.2_23 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR7 and later
5.0 SR11 and later
1.4.2 SR13-FP2 and later


Sun Platforms:
6 Update 17 and later
5.0 Update 22 and later
1.4.2_24 and later


HP Platforms:
See HP site for details

CVE-2009-3867 19 November 2009 A buffer overflow vulnerability in the Java Runtime Environment audio system might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet.

IBM Platforms:
6 SR6 and earlier
5.0 SR10 and earlier
1.4.2 SR13-FP2 and earlier


Sun Platforms:
6 Update 16 and earlier
5.0 Update 21 and earlier
1.4.2_23 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR7 and later
5.0 SR11 and later
1.4.2 SR13-FP3 and later


Sun Platforms:
6 Update 17 and later
5.0 Update 22 and later
1.4.2_24 and later


HP Platforms:
See HP site for details

CVE-2009-3868 19 November 2009 A buffer overflow vulnerability in the Java Runtime Environment with parsing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet.

IBM Platforms:
6 SR6 and earlier
5.0 SR10 and earlier
1.4.2 SR13-FP1 and earlier


Sun Platforms:
6 Update 16 and earlier
5.0 Update 21 and earlier
1.4.2_23 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR7 and later
5.0 SR11 and later
1.4.2 SR13-FP2 and later


Sun Platforms:
6 Update 17 and later
5.0 Update 22 and later
1.4.2_24 and later


HP Platforms:
See HP site for details

CVE-2009-3872 19 November 2009 An integer overflow vulnerability in the Java Runtime Environment with reading JPEG files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet.

IBM Platforms:
6 SR6 and earlier
5.0 SR10 and earlier
1.4.2 SR13-FP1 and earlier


Sun Platforms:
6 Update 16 and earlier
5.0 Update 21 and earlier
1.4.2_23 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR7 and later
5.0 SR11 and later
1.4.2 SR13-FP2 and later


Sun Platforms:
6 Update 17 and later
5.0 Update 22 and later
1.4.2_24 and later


HP Platforms:
See HP site for details

CVE-2009-3873 19 November 2009 A buffer overflow vulnerability in the Java Runtime Environment with processing JPEG files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet.

IBM Platforms:
6 SR6 and earlier
5.0 SR10 and earlier
1.4.2 SR13-FP1 and earlier


Sun Platforms:
6 Update 16 and earlier
5.0 Update 21 and earlier
1.4.2_23 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR7 and later
5.0 SR11 and later
1.4.2 SR13-FP2 and later


Sun Platforms:
6 Update 17 and later
5.0 Update 22 and later
1.4.2_24 and later


HP Platforms:
See HP site for details

CVE-2009-3875 19 November 2009 A security vulnerability in the Java Runtime Environment with verifying HMAC digests might allow authentication to be bypassed. This action can allow a user to forge a digital signature that would be accepted as valid. Applications that validate HMAC-based digital signatures might be vulnerable to this type of attack.

IBM Platforms:
6 SR6 and earlier
5.0 SR10 and earlier
1.4.2 SR13-FP2 and earlier


Sun Platforms:
6 Update 16 and earlier
5.0 Update 21 and earlier
1.4.2_23 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR7 and later
5.0 SR11 and later
1.4.2 SR13-FP3 and later


Sun Platforms:
6 Update 17 and later
5.0 Update 22 and later
1.4.2_24 and later


HP Platforms:
See HP site for details

CVE-2009-3865 19 November 2009 A command execution vulnerability in the Java Runtime Environment Deployment Toolkit might be used to run arbitrary code. This issue might occur as the result of a user of the Java Runtime Environment viewing a specially crafted web page that exploits this vulnerability.

IBM Platforms:
6 SR6 and earlier


Sun Platforms:
6 Update 16 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR7 and later


Sun Platforms:
6 Update 17 and later


HP Platforms:
See HP site for details

CVE-2009-3869 19 November 2009 A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet.

IBM Platforms:
6 SR6 and earlier
5.0 SR10 and earlier
1.4.2 SR13-FP2 and earlier


Sun Platforms:
6 Update 16 and earlier
5.0 Update 21 and earlier
1.4.2_23 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR7 and later
5.0 SR11 and later
1.4.2 SR13-FP3 and later


Sun Platforms:
6 Update 17 and later
5.0 Update 22 and later
1.4.2_24 and later


HP Platforms:
See HP site for details

CVE-2009-3871 19 November 2009 A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet.

IBM Platforms:
6 SR6 and earlier
5.0 SR10 and earlier
1.4.2 SR13-FP2 and earlier


Sun Platforms:
6 Update 16 and earlier
5.0 Update 21 and earlier
1.4.2_23 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR7 and later
5.0 SR11 and later
1.4.2 SR13-FP3 and later


Sun Platforms:
6 Update 17 and later
5.0 Update 22 and later
1.4.2_24 and later


HP Platforms:
See HP site for details

CVE-2009-3866 19 November 2009 A security vulnerability in the Java Web Start Installer might be used to allow an untrusted Java Web Start application to run as a trusted application and run arbitrary code. This issue might occur as the result of a user of the Java Runtime Environment viewing a specially crafted web page that exploits this vulnerability.

IBM Platforms:
6 SR6 and earlier


Sun Platforms:
6 Update 16 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR7 and later


Sun Platforms:
6 Update 17 and later


HP Platforms:
See HP site for details

CVE-2009-3874 19 November 2009 An integer overflow vulnerability in the Java Runtime Environment with processing JPEG images might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet.

IBM Platforms:
6 SR6 and earlier
5.0 SR10 and earlier
1.4.2 SR13-FP2 and earlier


Sun Platforms:
6 Update 16 and earlier
5.0 Update 21 and earlier
1.4.2_23 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR7 and later
5.0 SR11 and later
1.4.2 SR13-FP3 and later


Sun Platforms:
6 Update 17 and later
5.0 Update 22 and later
1.4.2_24 and later


HP Platforms:
See HP site for details

CVE-2009-2676 24 August 2009 A security vulnerability in the JNLPAppletLauncher might impact users of the Sun JDK and JRE. Non-current versions of the JNLPAppletLauncher might be re-purposed with an untrusted Java applet to write arbitrary files on the system of the user downloading and running the untrusted applet.

The JNLPAppletLauncher is a general purpose JNLP-based applet launcher class for deploying applets that use extension libraries containing native code.

IBM Platforms:
6 SR5 and earlier
 


Sun Platforms:
6 Update 14 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR6 and later


Sun Platforms:
6 Update 15 and later


HP Platforms:
See HP site for details

CVE-2009-2493
12 August 2009 The Java Runtime Environment includes the Java Web Start technology that uses the Java Web Start ActiveX control to launch Java Web Start in Internet Explorer. A security vulnerability in the Active Template Library (ATL) in various releases of Microsoft Visual Studio, which is used by the Java Web Start ActiveX control, might allow the Java Web Start ActiveX control to be leveraged to run arbitrary code. This might occur as the result of a user of the Java Runtime Environment viewing a specially crafted web page that exploits this vulnerability.

IBM Platforms:
5.0 SR10 and earlier
6 SR5 and earlier


Sun Platforms:
6 Update 14 and earlier
5.0 Update 19 and earlier
1.4.2_21 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR6 and later
5.0 SR11 and later


Sun Platforms:
6 Update 15 and later
5.0 Update 20 and later
1.4.2_22 and later


HP Platforms:
See HP site for details

CVE-2009-2670 10 August 2009 A vulnerability in the Java Runtime Environment audio system might allow an untrusted applet or Java Web Start application to access system properties.

IBM Platforms:
5.0 SR9 and earlier
6 SR5 and earlier
 


Sun Platforms:
6 Update 14 and earlier
5.0 Update 19 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR6 and later
5.0 SR10 and later


Sun Platforms:
6 Update 15 and later
5.0 Update 20 and later


HP Platforms:
See HP site for details

CVE-2009-0217 10 August 2009 A vulnerability with verifying HMAC-based XML digital signatures in the XML Digital Signature implementation included with the Java Runtime Environment (JRE) might allow authentication to be bypassed. Applications that validate HMAC-based XML digital signatures might be vulnerable to this type of attack.

Note: This vulnerability cannot be exploited by an untrusted applet or Java Web Start application.

IBM Platforms:
6 SR6 and earlier
 


Sun Platforms:
6 Update 14 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR7 and later


Sun Platforms:
6 Update 15 and later


HP Platforms:
See HP site for details

CVE-2009-2671
CVE-2009-2672
10 August 2009 A vulnerability in the Java Runtime Environment with the SOCKS proxy implementation might allow an untrusted applet or Java Web Start application to determine the username of the user running the applet or application.

A second vulnerability in the Java Runtime Environment with the proxy mechanism implementation might allow an untrusted applet or Java Web Start application to obtain browser cookies and leverage those cookies to hijack sessions.

IBM Platforms:
5.0 SR9 and earlier
6 SR5 and earlier
 


Sun Platforms:
6 Update 14 and earlier
5.0 Update 19 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR6 and later
5.0 SR10 and later


Sun Platforms:
6 Update 15 and later
5.0 Update 20 and later


HP Platforms:
See HP site for details

CVE-2009-2673 10 August 2009 A vulnerability in the Java Runtime Environment with the proxy mechanism implementation might allow an untrusted applet or Java Web Start application to make non-authorized socket or URL connections to hosts other than the origin host.

IBM Platforms:
5.0 SR9 and earlier
6 SR5 and earlier
 


Sun Platforms:
6 Update 14 and earlier
5.0 Update 19 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR6 and later
5.0 SR10 and later


Sun Platforms:
6 Update 15 and later
5.0 Update 20 and later


HP Platforms:
See HP site for details

CVE-2009-2674 10 August 2009 An integer overflow vulnerability in the Java Runtime Environment with processing JPEG images might allow an untrusted Java Web Start application to escalate privileges. For example, an untrusted application might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet.

IBM Platforms:
6 SR5 and earlier
 


Sun Platforms:
6 Update 14 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR6 and later


Sun Platforms:
6 Update 15 and later


HP Platforms:
See HP site for details

CVE-2009-2675 10 August 2009 An integer overflow vulnerability in the Java Runtime Environment with unpacking applets and Java Web Start applications using the unpack200 JAR unpacking utility might allow an untrusted applet or application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet.

IBM Platforms:
5.0 SR9 and earlier
6 SR5 and earlier
 


Sun Platforms:
6 Update 14 and earlier
5.0 Update 19 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR6 and later
5.0 SR10 and later


Sun Platforms:
6 Update 15 and later
5.0 Update 20 and later


HP Platforms:
See HP site for details

CVE-2009-2625 10 August 2009 A vulnerability in the Java Runtime Environment (JRE) with parsing XML data might allow a remote client to create a denial-of-service condition on the system that the JRE runs on.

IBM Platforms:
5.0 SR9 and earlier
6 SR5 and earlier
 


Sun Platforms:
6 Update 14 and earlier
5.0 Update 19 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR6 and later
5.0 SR10 and later
1.4.2 SR13-FP1 and later


Sun Platforms:
6 Update 15 and later
5.0 Update 20 and later


HP Platforms:
See HP site for details

CVE-2009-1100 6 April 2009 A vulnerability in the Java Runtime Environment (JRE) with storing temporary font files might allow an untrusted applet or application to consume a disproportionate amount of disk space resulting in a denial-of-service condition.

IBM Platforms:
6 SR4 and earlier
5.0 SR9 and earlier
1.4.2 SR13 and earlier


Sun Platforms:
6 Update 12 and earlier
5.0 Update 17 and earlier
1.4.2_19 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR5 and later
5.0 SR9-SSU and later
1.4.2 SR13FP2 and later
 


Sun Platforms:
6 Update 13 and later
5.0 Update 18 and later
1.4.2_20 and later


HP Platforms:
See HP site for details

CVE-2009-1101 6 April 2009 A vulnerability in the Java Runtime Environment (JRE) HTTP server implementation might allow a remote client to create a denial-of-service condition on a JAX-WS service endpoint that runs on the JRE.

IBM Platforms:
6 SR4 and earlier


Sun Platforms:
6 Update 12 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR5 and later


Sun Platforms:
6 Update 13 and later


HP Platforms:
See HP site for details

CVE-2009-1103 6 April 2009 A vulnerability in the Java Plug-in with deserializing applets might allow an untrusted applet to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet.

IBM Platforms:
6 SR4 and earlier
5.0 SR9 and earlier
1.4.2 SR12 and earlier


Sun Platforms:
6 Update 12 and earlier
5.0 Update 17 and earlier
1.4.2_19 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR5 and later
5.0 SR9-SSU and later
1.4.2 SR13 and later


Sun Platforms:
6 Update 13 and later
5.0 Update 18 and later
1.4.2_20 and later


HP Platforms:
See HP site for details

CVE-2009-1105 6 April 2009 The Java Plug-in allows a trusted applet to be launched on an earlier version of the Java Runtime Environment (JRE) provided the user that downloaded the applet allows it to run on the requested release. A vulnerability allows Javascript code that is present in the same web page as the applet to exploit known vulnerabilities of the requested JRE.

IBM Platforms:
6 SR4 and earlier


Sun Platforms:
6 Update 12, 11 and 10


HP Platforms:
See HP site for details

IBM Platforms:
6 SR5 and later


Sun Platforms:
6 Update 13 and later


HP Platforms:
See HP site for details

CVE-2009-1104 6 April 2009 The Java Plug-in allows Javascript code that is loaded from the localhost to connect to any port on the system. This might be leveraged together with XSS vulnerabilities in a blended attack to access other applications listening on ports other than the one where the Javascript code was served from.

IBM Platforms:
6 SR4 and earlier
5.0 SR9 and earlier
1.4.2 SR12 and earlier


Sun Platforms:
6 Update 12 and earlier
5.0 Update 17 and earlier
1.4.2_19 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR5 and later
5.0 SR9-SSU and later
1.4.2 SR13 and later


Sun Platforms:
6 Update 13 and later
5.0 Update 18 and later
1.4.2_20 and later


HP Platforms:
See HP site for details

CVE-2009-1093 6 April 2009 A vulnerability in the Java Runtime Environment (JRE) with initializing LDAP connections might be exploited by a remote client to cause a denial-of-service condition on the LDAP service.

IBM Platforms:
6 SR4 and earlier
5.0 SR9 and earlier
1.4.2 SR12 and earlier


Sun Platforms:
6 Update 12 and earlier
5.0 Update 17 and earlier
1.4.2_19 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR5 and later
5.0 SR9-SSU and later
1.4.2 SR13 and later


Sun Platforms:
6 Update 13 and later
5.0 Update 18 and later
1.4.2_20 and later


HP Platforms:
See HP site for details

CVE-2009-1094 6 April 2009 A vulnerability in Java Runtime Environment LDAP client implementation might allow malicious data from an LDAP server to cause malicious code to be unexpectedly loaded and executed on an LDAP client.

IBM Platforms:
6 SR4 and earlier
5.0 SR9 and earlier
1.4.2 SR12 and earlier


Sun Platforms:
6 Update 12 and earlier
5.0 Update 17 and earlier
1.4.2_19 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR5 and later
5.0 SR9-SSU and later
1.4.2 SR13 and later


Sun Platforms:
6 Update 13 and later
5.0 Update 18 and later
1.4.2_20 and later


HP Platforms:
See HP site for details

CVE-2009-1107 6 April 2009 The Java Plugin displays a warning dialog for signed applets. A signed applet can obscure the contents of the dialog and trick a user into trusting the applet.

IBM Platforms:
6 SR4 and earlier
5.0 SR9 and earlier


Sun Platforms:
6 Update 12 and earlier
5.0 Update 17 and earlier
1.4.2_19 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR5 and later
5.0 SR9-SSU and later


Sun Platforms:
6 Update 13 and later
5.0 Update 18 and later
1.4.2_20 and later


HP Platforms:
See HP site for details

CVE-2009-1095
CVE-2009-1096
6 April 2009 Buffer overflow vulnerabilities in the Java Runtime Environment (JRE) with unpacking applets and Java Web Start applications using the unpack200 JAR unpacking utility might allow an untrusted applet or application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet.

IBM Platforms:
6 SR4 and earlier
5.0 SR9 and earlier


Sun Platforms:
6 Update 12 and earlier
5.0 Update 17 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR5 and later
5.0 SR9-SSU and later


Sun Platforms:
6 Update 13 and later
5.0 Update 18 and later


HP Platforms:
See HP site for details

CVE-2009-1106 6 April 2009 A vulnerability in the Java Runtime Environment with parsing crossdomain.xml files might allow an untrusted applet to connect to any site that provides a crossdomain.xml file instead of sites that allow the domain that the applet is running on.

IBM Platforms:
6 SR4 and earlier


Sun Platforms:
6 Update 12, 11, and 10


HP Platforms:
See HP site for details

IBM Platforms:
6 SR5 and later


Sun Platforms:
6 Update 13 and later


HP Platforms:
See HP site for details

CVE-2009-1097 6 April 2009 A buffer overflow vulnerability in the Java Runtime Environment with processing PNG images might allow an untrusted Java Web Start application to escalate privileges. For example, an untrusted application might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted application.

IBM Platforms:
6 SR4 and earlier


Sun Platforms:
6 Update 12 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR5 and later


Sun Platforms:
6 Update 13 and later


HP Platforms:
See HP site for details

CVE-2009-1097 6 April 2009 A buffer overflow vulnerability in the Java Runtime Environment with processing GIF images might allow an untrusted Java Web Start application to escalate privileges. For example, an untrusted application might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted application.

IBM Platforms:
6 SR4 and earlier


Sun Platforms:
6 Update 12 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR5 and later


Sun Platforms:
6 Update 13 and later


HP Platforms:
See HP site for details

CVE-2009-1098 6 April 2009 A buffer overflow vulnerability in the Java Runtime Environment with processing GIF images might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet.

IBM Platforms:
6 SR4 and earlier
5.0 SR9 and earlier
1.4.2 SR12 and earlier


Sun Platforms:
6 Update 12 and earlier
5.0 Update 17 and earlier
1.4.2_19 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR5 and later
5.0 SR9-SSU and later
1.4.2 SR13 and later


Sun Platforms:
6 Update 13 and later
5.0 Update 18 and later
1.4.2_20 and later


HP Platforms:
See HP site for details

CVE-2009-1099 6 April 2009 A buffer overflow vulnerability in the Java Runtime Environment with processing fonts might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet.

IBM Platforms:
6 SR4 and earlier
5.0 SR9 and earlier


Sun Platforms:
6 Update 12 and earlier
5.0 Update 17 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR5 and later
5.0 SR9-SSU and later


Sun Platforms:
6 Update 13 and later
5.0 Update 18 and later


HP Platforms:
See HP site for details

CVE-2008-5349 6 April 2009 A vulnerability in how the Java Runtime Environment (JRE) handles certain RSA public keys might cause the JRE to consume an excessive amount of CPU resources. This might lead to a Denial of Service (DoS) condition on affected systems. Such keys could be provided by a remote client of an application.

This issue affects the following security providers: IBMJCE, IBMPKCS11Impl and IBMJCEFIPS.

IBM Platforms (IBMJCE
and IBMPKCS11Impl):
6 SR3 and earlier
5.0 SR8 and earlier

IBM Platforms (IBMJCEFIPS):
6 SR4 and earlier
5.0 SR9 and earlier
1.4.2 SR13 and earlier


Sun Platforms:
6 Update 10 and earlier
5.0 Update 16 and earlier


HP Platforms:
See HP site for details

IBM Platforms (IBMJCE
and IBMPKCS11Impl):
6 SR4 and later
5.0 SR9 and later

IBM Platforms (IBMJCEFIPS):
6 SR5 and later
5.0 SR9-SSU and later
1.4.2 SR13-FP1 and later


Sun Platforms:
6 Update 11 and later
5.0 Update 17 and later


HP Platforms:
See HP site for details

CVE-2008-5350 11 December 2008 A security vulnerability in the Java Runtime Environment (JRE) might allow an untrusted applet or application to list the contents of the home directory of the user running the applet or application.

IBM Platforms:
6 SR2 and earlier
5.0 SR8a and earlier
1.4.2 SR12 and earlier


Sun Platforms:
6 Update 10 and earlier
5.0 Update 16 and earlier
1.4.2_18 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR3 and later
5.0 SR9 and later
1.4.2 SR13 and later


Sun Platforms:
6 Update 11 and later
5.0 Update 17 and later
1.4.2_19 and later


HP Platforms:
See HP site for details

CVE-2008-5346 11 December 2008 A security vulnerability in the Java Runtime Environment (JRE) with parsing zip files might allow an untrusted applet or application to read arbitrary memory locations in the process that the applet or application is running in.

IBM Platforms:
5.0 SR8a and earlier
1.4.2 SR12 and earlier


Sun Platforms:
5.0 Update 16 and earlier
1.4.2_18 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
5.0 SR9 and later
1.4.2 SR13 and later


Sun Platforms:
5.0 Update 17 and later
1.4.2_19 and later


HP Platforms:
See HP site for details

CVE-2008-5343 11 December 2008 A vulnerability in Java Web Start and Java Plug-in might allow hidden code on a host to make network connections to that host and to hijack HTTP sessions using cookies stored in the browser.

IBM Platforms:
6 SR3 and earlier
5.0 SR8a and earlier
1.4.2 SR12 and earlier


Sun Platforms:
6 Update 10 and earlier
5.0 Update 16 and earlier
1.4.2_18 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR4 and later
5.0 SR9 and later
1.4.2 SR13 and later


Sun Platforms:
6 Update 11 and later
5.0 Update 17 and later
1.4.2_19 and later


HP Platforms:
See HP site for details

CVE-2008-5344 11 December 2008 A vulnerability in the Java Runtime Environment (JRE) with applet classloading might allow an untrusted applet to read arbitrary files on a system that the applet runs on and make network connections to hosts other than the host it was loaded from.

IBM Platforms:
6 SR2 and earlier
5.0 SR8a and earlier
1.4.2 SR12 and earlier


Sun Platforms:
6 Update 10 and earlier
5.0 Update 16 and earlier
1.4.2_18 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR3 and later
5.0 SR9 and later
1.4.2 SR13 and later


Sun Platforms:
6 Update 11 and later
5.0 Update 17 and later
1.4.2_19 and later


HP Platforms:
See HP site for details

CVE-2008-5359 11 December 2008 A buffer overflow vulnerability in the Java Runtime Environment (JRE) image processing code might allow an untrusted applet or application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet.

IBM Platforms:
6 SR2 and earlier
5.0 SR8a and earlier
1.4.2 SR12 and earlier


Sun Platforms:
6 Update 10 and earlier
5.0 Update 16 and earlier
1.4.2_18 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR3 and later
5.0 SR9 and later
1.4.2 SR13 and later


Sun Platforms:
6 Update 11 and later
5.0 Update 17 and later
1.4.2_19 and later


HP Platforms:
See HP site for details

CVE-2008-5341 11 December 2008 A vulnerability in the Java Runtime Environment might allow an untrusted Java Web Start application to determine the location of the Java Web Start cache and the username of the user running the Java Web Start application.

IBM Platforms:
6 SR3 and earlier
5.0 SR8a and earlier


Sun Platforms:
6 Update 10 and earlier
5.0 Update 16 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR4 and later
5.0 SR9 and later


Sun Platforms:
6 Update 11 and later
5.0 Update 17 and later


HP Platforms:
See HP site for details

CVE-2008-5339 11 December 2008 A vulnerability in the Java Runtime Environment (JRE) might allow an untrusted Java Web Start application to make network connections to hosts other than the host that the application is downloaded from.

IBM Platforms:
6 SR2 and earlier
5.0 SR8a and earlier
1.4.2 SR12 and earlier


Sun Platforms:
6 Update 10 and earlier
5.0 Update 16 and earlier
1.4.2_18 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR3 and later
5.0 SR9 and later
1.4.2 SR13 and later


Sun Platforms:
6 Update 11 and later
5.0 Update 17 and later
1.4.2_19 and later


HP Platforms:
See HP site for details

CVE-2008-5340 11 December 2008 A vulnerability in the Java Runtime Environment with launching Java Web Start applications might allow an untrusted Java Web Start application to escalate privileges. For example, an untrusted application might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted application.

IBM Platforms:
6 SR3 and earlier
5.0 SR8a and earlier
1.4.2 SR12 and earlier


Sun Platforms:
6 Update 10 and earlier
5.0 Update 16 and earlier
1.4.2_18 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR4 and later
5.0 SR9 and later
1.4.2 SR13 and later


Sun Platforms:
6 Update 11 and later
5.0 Update 17 and later
1.4.2_19 and later


HP Platforms:
See HP site for details

CVE-2008-5347 11 December 2008 Security vulnerabilities in the JAX-WS and JAXB packages in the Java Runtime Environment (JRE) where internal classes can be accessed might allow an untrusted applet or application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet.

IBM Platforms:
6 SR2 and earlier


Sun Platforms:
6 Update 10 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR3 and later


Sun Platforms:
6 Update 11 and later


HP Platforms:
See HP site for details

CVE-2008-5348 11 December 2008 A security vulnerability in the Java Runtime Environment (JRE) with authenticating users through Kerberos might lead to a Denial of Service (DoS) to the system as a whole, due to excessive consumption of operating system resources.

IBM Platforms:
6 SR2 and earlier
5.0 SR8a and earlier
1.4.2 SR12 and earlier


Sun Platforms:
6 Update 10 and earlier
5.0 Update 16 and earlier
1.4.2_18 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR3 and later
5.0 SR9 and later
1.4.2 SR13 and later


Sun Platforms:
6 Update 11 and later
5.0 Update 17 and later
1.4.2_19 and later


HP Platforms:
See HP site for details

CVE-2008-2086 11 December 2008 A vulnerability in Java Web Start might allow certain trusted operations to be performed, such as modifying system properties.

IBM Platforms:
6 SR2 and earlier
5.0 SR8a and earlier
1.4.2 SR12 and earlier


Sun Platforms:
6 Update 10 and earlier
5.0 Update 16 and earlier
1.4.2_18 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR3 and later
5.0 SR9 and later
1.4.2 SR13 and later


Sun Platforms:
6 Update 11 and later
5.0 Update 17 and later
1.4.2_19 and later


HP Platforms:
See HP site for details

CVE-2008-5345 11 December 2008 The Java Runtime Environment (JRE) allows code loaded from the local filesystem to access localhost. This might allow code that is maliciously placed on the local filesystem and then subsequently run, to have network access to localhost that would not otherwise be allowed if the code were loaded from a remote host. This might be leveraged to steal cookies and hijack sessions (for domains that map a name to the localhost).

IBM Platforms:
6 SR2 and earlier
5.0 SR8a and earlier
1.4.2 SR12 and earlier


Sun Platforms:
6 Update 10 and earlier
5.0 Update 16 and earlier
1.4.2_18 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR3 and later
5.0 SR9 and later
1.4.2 SR13 and later


Sun Platforms:
6 Update 11 and later
5.0 Update 17 and later
1.4.2_19 and later


HP Platforms:
See HP site for details

CVE-2008-5351 11 December 2008 The UTF-8 (Unicode Transformation Format-8) decoder in the Java Runtime Environment (JRE) accepts encodings that are longer than the "shortest" form. This behavior is not a vulnerability in Java SE. However, it might be leveraged to exploit systems running software that relies on the JRE UTF-8 decoder to reject non-shortest form sequences. For example, non-shortest form sequences might be decoded into illegal URIs, which might then allow files that are not otherwise accessible to be read, if the URIs are not checked following UTF-8 decoding.

IBM Platforms:
6 SR3 and earlier
5.0 SR8a and earlier
1.4.2 SR12 and earlier


Sun Platforms:
6 Update 10 and earlier
5.0 Update 16 and earlier
1.4.2_18 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR4 and later
5.0 SR9 and later
1.4.2 SR13 and later


Sun Platforms:
6 Update 11 and later
5.0 Update 17 and later
1.4.2_19 and later


HP Platforms:
See HP site for details

CVE-2008-5360 11 December 2008 The Java Runtime Environment creates temporary files with insufficiently random names. This might be leveraged to write JAR files, which might then be loaded as untrusted applets and Java Web Start applications to access and provide services from localhost and hence steal cookies.

IBM Platforms:
6 SR2 and earlier
5.0 SR8a and earlier
1.4.2 SR12 and earlier


Sun Platforms:
6 Update 10 and earlier
5.0 Update 16 and earlier
1.4.2_18 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR3 and later
5.0 SR9 and later
1.4.2 SR13 and later


Sun Platforms:
6 Update 11 and later
5.0 Update 17 and later
1.4.2_19 and later


HP Platforms:
See HP site for details

CVE-2008-5353 11 December 2008 A security vulnerability in the Java Runtime Environment (JRE) related to deserializing calendar objects might allow an untrusted applet or application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet.

IBM Platforms:
6 SR2 and earlier
5.0 SR8a and earlier
1.4.2 SR12 and earlier


Sun Platforms:
6 Update 10 and earlier
5.0 Update 16 and earlier
1.4.2_18 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR3 and later
5.0 SR9 and later
1.4.2 SR13 and later


Sun Platforms:
6 Update 11 and later
5.0 Update 17 and later
1.4.2_19 and later


HP Platforms:
See HP site for details

CVE-2008-5356 11 December 2008 A buffer vulnerability in the Java Runtime Environment (JRE) with processing fonts might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet.

IBM Platforms:
6 SR3 and earlier
5.0 SR8a and earlier
1.4.2 SR12 and earlier


Sun Platforms:
6 Update 10 and earlier
5.0 Update 16 and earlier
1.4.2_18 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR4 and later
5.0 SR9 and later
1.4.2 SR13 and later


Sun Platforms:
6 Update 11 and later
5.0 Update 17 and later
1.4.2_19 and later


HP Platforms:
See HP site for details

CVE-2008-5354 11 December 2008 A buffer overflow vulnerability in the Java Runtime Environment (JRE) might allow an untrusted Java application that is launched through the command line to escalate privileges. For example, the untrusted Java application might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted Java application.

This vulnerability cannot be exploited by an applet or Java Web Start application.

IBM Platforms:
6 SR2 and earlier
5.0 SR8a and earlier
1.4.2 SR12 and earlier


Sun Platforms:
6 Update 10 and earlier
5.0 Update 16 and earlier
1.4.2_18 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR3 and later
5.0 SR9 and later
1.4.2 SR13 and later


Sun Platforms:
6 Update 11 and later
5.0 Update 17 and later
1.4.2_19 and later


HP Platforms:
See HP site for details

CVE-2008-5357 11 December 2008 A buffer vulnerability in the Java Runtime Environment (JRE) with processing fonts might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet.

IBM Platforms:
6 SR3 and earlier
5.0 SR8a and earlier
1.4.2 SR12 and earlier


Sun Platforms:
6 Update 10 and earlier
5.0 Update 16 and earlier
1.4.2_18 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR4 and later
5.0 SR9 and later
1.4.2 SR13 and later


Sun Platforms:
6 Update 11 and later
5.0 Update 17 and later
1.4.2_19 and later


HP Platforms:
See HP site for details

CVE-2008-5352 11 December 2008 A buffer overflow vulnerability in the Java Runtime Environment (JRE) with unpacking applets and Java Web Start applications using the "unpack200" JAR unpacking utility might allow an untrusted applet or application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet.

IBM Platforms:
6 SR2 and earlier
5.0 SR8a and earlier


Sun Platforms:
6 Update 10 and earlier
5.0 Update 16 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR3 and later
5.0 SR9 and later


Sun Platforms:
6 Update 11 and later
5.0 Update 17 and later


HP Platforms:
See HP site for details

CVE-2008-5358 11 December 2008 A buffer overflow vulnerability in the Java Runtime Environment with processing GIF images might allow an untrusted Java Web Start application to escalate privileges. For example, an untrusted application might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet.

IBM Platforms:
6 SR3 and earlier


Sun Platforms:
6 Update 10 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR4 and later


Sun Platforms:
6 Update 11 and later


HP Platforms:
See HP site for details

CVE-2008-5342 11 December 2008 A security vulnerability in the the Java Web Start BasicService allows untrusted applications that are downloaded from another system to request local files to be displayed by the browser of the user running the untrusted application.

IBM Platforms:
6 SR3 and earlier
5.0 SR8a and earlier
1.4.2 SR12 and earlier


Sun Platforms:
6 Update 10 and earlier
5.0 Update 16 and earlier
1.4.2_18 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR4 and later
5.0 SR9 and later
1.4.2 SR13 and later


Sun Platforms:
6 Update 11 and later
5.0 Update 17 and later
1.4.2_19 and later


HP Platforms:
See HP site for details

CVE-2008-3105 14 August 2008 A vulnerability in the Java Runtime Environment with processing XML data might allow unauthorized access to certain URL resources (such as some files and web pages) or a Denial of Service (DoS) condition to be created on the system running the JRE. For this vulnerability to be exploited, a trusted application running on a JAX-WS server needs to process XML data that contains malicious content. This vulnerability cannot be exploited through an untrusted applet or untrusted Java Web Start application.

IBM Platforms:
6 SR1 and earlier


Sun Platforms:
6 Update 6 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR2 and later

See Note 1


Sun Platforms:
6 Update 7 and later


HP Platforms:
See HP site for details

CVE-2008-3108 23 July 2008 A buffer overflow vulnerability in the Java Runtime Environment with processing fonts might allow an untrusted applet or application to elevate its privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet.

IBM Platforms:
5.0 SR5 and earlier
1.4.2 SR10 and earlier


Sun Platforms:
5.0 Update 9 and earlier
1.4.2_17 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
5.0 SR5a and later
1.4.2 SR11 and later


Sun Platforms:
5.0 Update 10 and later
1.4.2_18 and later


HP Platforms:
See HP site for details

CVE-2008-3109 23 July 2008 A vulnerability in the Java Runtime Environment with scripting language support might allow an untrusted applet or application to elevate its privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet.

IBM Platforms:
6 SR1 and earlier


Sun Platforms:
6 Update 6 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR2 and later


Sun Platforms:
6 Update 7 and later


HP Platforms:
See HP site for details

CVE-2008-3110 23 July 2008 A vulnerability in the Java Runtime Environment with scripting language support might allow an untrusted applet to access information from another applet.

IBM Platforms:
6 SR1 and earlier


Sun Platforms:
6 Update 6 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR2 and later


Sun Platforms:
6 Update 7 and later


HP Platforms:
See HP site for details

CVE-2008-3111 23 July 2008 Buffer overflow vulnerabilities in Java Web Start might allow an untrusted Java Web Start application to elevate its privileges. For example, an untrusted Java Web Start application might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted application.

IBM Platforms:
5.0 SR7 and earlier
1.4.2 SR10 and earlier


Sun Platforms:
6 Update 3 and earlier
5.0 Update 15 and earlier
1.4.2_17 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
5.0 SR8 and later
1.4.2 SR11 and later


Sun Platforms:
6 Update 4 and later
5.0 Update 16 and later
1.4.2_18 and later


HP Platforms:
See HP site for details

CVE-2008-3115 23 July 2008 After the installation of a JRE 5.0 Update 6 or later release, the system will no longer allow applets to run on an older release of the JRE. Due to a defect in the implementation of this feature, if an older release is subsequently installed, the system will allow applets to run on that older release.

IBM Platforms:
6 SR1 and earlier
5.0 SR7 and earlier


Sun Platforms:
6 Update 6 and earlier (Windows Vista only)
5.0 Update 6 through 15 (Windows Vista only)


HP Platforms:
See HP site for details

IBM Platforms:
6 SR2 and later
5.0 SR8 and later


Sun Platforms:
6 Update 7 and later
5.0 Update 16 and later


HP Platforms:
See HP site for details

CVE-2008-3106 23 July 2008 A vulnerability in the Java Runtime Environment with processing XML data might allow an untrusted applet or application that is downloaded from a website unauthorized access to certain URL resources (such as some files and web pages).

IBM Platforms:
6 SR1 and earlier
5.0 SR7 and earlier
1.4.2 SR10 and earlier


Sun Platforms:
6 Update 6 and earlier
5.0 Update 15 and earlier
1.4.2_17 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR2 and later
5.0 SR8 and later
1.4.2 SR11 and later


Sun Platforms:
6 Update 7 and later
5.0 Update 16 and later
1.4.2_18 and later


HP Platforms:
See HP site for details

CVE-2008-3103 23 July 2008 A vulnerability in the Java Management Extension (JMX) management agent included in the Java Runtime Environment might allow a JMX client running on a remote host to perform illegal operations on a system running JMX with local monitoring enabled.

IBM Platforms:
6 SR1 and earlier
5.0 SR8 and earlier


Sun Platforms:
6 Update 6 and earlier
5.0 Update 15 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR2 and later
5.0 SR8a and later


Sun Platforms:
6 Update 7 and later
5.0 Update 16 and later


HP Platforms:
See HP site for details

CVE-2008-3104 23 July 2008 Security vulnerabilities in the Java Runtime Environment might allow an untrusted applet that is loaded from a remote system to circumvent network access restrictions and establish socket connections to certain services running on the local host, as if it were loaded from the system that the applet is running on. This might allow the untrusted remote applet the ability to exploit any security vulnerabilities existing in the services it has connected to.

IBM Platforms:
6 SR1 and earlier
5.0 SR7 and earlier
1.4.2 SR11 and earlier


Sun Platforms:
6 Update 6 and earlier
5.0 Update 15 and earlier
1.4.2_17 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR2 and later
5.0 SR8 and later
1.4.2 SR12 and later


Sun Platforms:
6 Update 7 and later
5.0 Update 16 and later
1.4.2_18 and later


HP Platforms:
See HP site for details

CVE-2008-3112 23 July 2008 A vulnerability in Java Web Start might allow an untrusted Java Web Start application downloaded from a website to create arbitrary files with the permissions of the user running the untrusted Java Web Start application.

IBM Platforms:
6 SR1 and earlier
5.0 SR7 and earlier
1.4.2 SR11 and earlier


Sun Platforms:
6 Update 6 and earlier
5.0 Update 15 and earlier
1.4.2_17 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR2 and later
5.0 SR8 and later
1.4.2 SR12 and later


Sun Platforms:
6 Update 7 and later
5.0 Update 16 and later
1.4.2_18 and later


HP Platforms:
See HP site for details

CVE-2008-3113 23 July 2008 A vulnerability in Java Web Start might allow an untrusted Java Web Start application downloaded from a website to create or delete arbitrary files with the permissions of the user running the untrusted Java Web Start application.

IBM Platforms:
5.0 SR7 and earlier
1.4.2 SR11 and earlier


Sun Platforms:
5.0 Update 15 and earlier
1.4.2_17 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
5.0 SR8 and later
1.4.2 SR12 and later


Sun Platforms:
5.0 Update 16 and later
1.4.2_18 and later


HP Platforms:
See HP site for details

CVE-2008-3114 23 July 2008 A vulnerability in Java Web Start might allow an untrusted Java Web Start application to determine the location of the Java Web Start cache.

IBM Platforms:
6 SR1 and earlier
5.0 SR7 and earlier
1.4.2 SR11 and earlier


Sun Platforms:
6 Update 6 and earlier
5.0 Update 15 and earlier
1.4.2_17 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR2 and later
5.0 SR8 and later
1.4.2 SR12 and later


Sun Platforms:
6 Update 7 and later
5.0 Update 16 and later
1.4.2_18 and later


HP Platforms:
See HP site for details

CVE-2008-1196 27 March 2008 A buffer overflow vulnerability in Java Web Start might allow an untrusted Java Web Start application that is downloaded from a website to elevate its privileges. For example, an untrusted Java Web Start application might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted application.

IBM Platforms:
6 GA
5.0 SR6 and earlier
1.4.2 SR10 and earlier


Sun Platforms:
6 Update 4 and earlier
5.0 Update 14 and earlier
1.4.2_16 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR1 and later
5.0 SR7 and later
1.4.2 SR11 and later


Sun Platforms:
6 Update 5 and later
5.0 Update 15 and later
1.4.2_17 and later


HP Platforms:
See HP site for details

CVE-2008-1195 27 March 2008 A vulnerability in the Java Runtime Environment might allow JavaScript(TM) code that is downloaded by a browser to make connections to network services on the system that the browser runs on, through Java APIs. This might allow files (that are accessible through these network services) or vulnerabilities (that exist on these network services) that are not otherwise normally accessible to be accessed or exploited.

IBM Platforms:
6 GA
5.0 SR6 and earlier
1.4.2 SR9 and earlier


Sun Platforms:
6 Update 4 and earlier
5.0 Update 14 and earlier
1.4.2_16 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR1 and later
5.0 SR7 and later
1.4.2 SR10 and later


Sun Platforms:
6 Update 5 and later
5.0 Update 15 and later
1.4.2_17 and later


HP Platforms:
See HP site for details

CVE-2008-1194 27 March 2008 Two buffer overflow vulnerabilities might allow an untrusted applet or application to cause the Java Runtime Environment to crash.

IBM Platforms:
6 GA
5.0 SR6 and earlier


Sun Platforms:
6 Update 4 and earlier
5.0 Update 14 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR1 and later
5.0 SR7 and later


Sun Platforms:
6 Update 5 and later
5.0 Update 15 and later


HP Platforms:
See HP site for details

CVE-2008-1194 27 March 2008 A buffer overflow vulnerability in the Java Runtime Environment image parsing code might allow an untrusted applet or application to create a denial-of-service condition, by causing the Java Runtime Environment to crash.

IBM Platforms:
6 GA
5.0 SR6 and earlier


Sun Platforms:
6 Update 4 and earlier
5.0 Update 14 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR1 and later
5.0 SR7 and later


Sun Platforms:
6 Update 5 and later
5.0 Update 15 and later


HP Platforms:
See HP site for details

CVE-2008-1193 27 March 2008 A buffer overflow vulnerability in the Java Runtime Environment image parsing code allow an untrusted applet or application to elevate its privileges. For example, an application might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted application.

IBM Platforms:
6 GA
5.0 SR6 and earlier


Sun Platforms:
6 Update 4 and earlier
5.0 Update 14 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR1 and later
5.0 SR7 and later


Sun Platforms:
6 Update 5 and later
5.0 Update 15 and later


HP Platforms:
See HP site for details

CVE-2008-1192 27 March 2008 A vulnerability in the Java Plug-in might an untrusted applet to bypass same origin policy and leverage this flaw to run local applications that are accessible to the user running the untrusted applet.

IBM Platforms:
6 GA
5.0 SR6 and earlier
1.4.2 SR9 and earlier


Sun Platforms:
6 Update 4 and earlier
5.0 Update 14 and earlier
1.4.2_16 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR1 and later
5.0 SR7 and later
1.4.2 SR10 and later


Sun Platforms:
6 Update 5 and later
5.0 Update 15 and later
1.4.2_17 and later


HP Platforms:
See HP site for details

CVE-2008-1191 27 March 2008 A vulnerability in Java Web Start might allow an untrusted Java Web Start application to create files on the system that the untrusted application runs on and leverage these files to run local applications with the privileges of the user running the untrusted Java Web Start application.

IBM Platforms:
6 GA


Sun Platforms:
6 Update 4 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR1 and later


Sun Platforms:
6 Update 5 and later


HP Platforms:
See HP site for details

CVE-2008-1190 27 March 2008 A vulnerability in Java Web Start might allow an untrusted Java Web Start application to elevate its privileges. For example, an application might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted application.

IBM Platforms:
6 GA
5.0 SR6 and earlier
1.4.2 SR9 and earlier


Sun Platforms:
6 Update 4 and earlier
5.0 Update 14 and earlier
1.4.2_16 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR1 and later
5.0 SR7 and later
1.4.2 SR10 and later


Sun Platforms:
6 Update 5 and later
5.0 Update 15 and later
1.4.2_17 and later


HP Platforms:
See HP site for details

CVE-2008-1189 27 March 2008 A buffer overflow vulnerability in the Java Runtime Environment might allow an untrusted applet or application to elevate its privileges. For example, an applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet.

IBM Platforms:
6 GA
5.0 SR6 and earlier
1.4.2 SR9 and earlier


Sun Platforms:
6 Update 4 and earlier
5.0 Update 14 and earlier
1.4.2_16 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR1 and later
5.0 SR7 and later
1.4.2 SR10 and later


Sun Platforms:
6 Update 5 and later
5.0 Update 15 and later
1.4.2_17 and later


HP Platforms:
See HP site for details

CVE-2008-1188 27 March 2008 Two buffer overflow vulnerabilities in Java Web Start might independently allow an untrusted Java Web Start application to elevate its privileges. For example, an untrusted Java Web Start application might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted application.

IBM Platforms:
6 GA
5.0 SR6 and earlier


Sun Platforms:
6 Update 4 and earlier
5.0 Update 14 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR1 and later
5.0 SR7 and later


Sun Platforms:
6 Update 5 and later
5.0 Update 15 and later


HP Platforms:
See HP site for details

CVE-2008-1187 27 March 2008 A vulnerability in the Java Runtime Environment with parsing XML data might allow an untrusted applet or application to elevate its privileges. For example, an applet might read certain URL resources (such as some files and web pages).

IBM Platforms:
6 GA
5.0 SR6 and earlier
1.4.2 SR10 and earlier


Sun Platforms:
6 Update 4 and earlier
5.0 Update 14 and earlier
1.4.2_16 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
6 SR1 and later
5.0 SR7 and later
1.4.2 SR11 and later


Sun Platforms:
6 Update 5 or later
5.0 Update 15 or later
1.4.2_17 or later


HP Platforms:
See HP site for details

CVE-2008-0657 27 March 2008 A vulnerability in the Java Runtime Environment might allow an untrusted application or applet that is downloaded from a website to elevate its privileges. For example, the application or applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted application or applet.

IBM Platforms:
5.0 SR6 and earlier


Sun Platforms:
6 Update 1 and earlier
5.0 Update 13 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
5.0 SR7 and later


Sun Platforms:
6 Update 2 and later
5.0 Update 14 and later


HP Platforms:
See HP site for details

CVE-2007-5232 5 November 2007 A vulnerability in the Java Runtime Environment (JRE) with applet caching might allow an untrusted applet that is downloaded from a malicious website to make network connections to network services on machines other than the one that the applet was downloaded from. This might allow network resources (such as web pages) and vulnerabilities (that exist on these network services) that are not otherwise normally accessible to be accessed or exploited.

IBM Platforms:
5.0 SR5 and earlier
1.4.2 SR9 and earlier
1.3.1 SR11 and earlier


Sun Platforms:
6 Update 2 and earlier
5.0 Update 12 and earlier
1.4.2_15 and earlier
1.3.1_20 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
5.0 SR6 and later
1.4.2 SR10 and later


Sun Platforms:
6 Update 3 and later
5.0 Update 13 and later
1.4.2_16 and later


HP Platforms:
See HP site for details

CVE-2007-5274
CVE-2007-5273
5 November 2007 A vulnerability in the Java Runtime Environment (JRE) might allow malicious Javascript code that is downloaded by a browser from a malicious website to make network connections, through Java APIs, to network services on machines other than the one that the Javascript code was downloaded from. This might allow network resources (such as web pages) and vulnerabilities (that exist on these network services) that are not otherwise normally accessible to be accessed or exploited.

A second vulnerability in the JRE might allow an untrusted applet that is downloaded from a malicious website through a web proxy to make network connections to network services on machines other than the one that the applet was downloaded from. This might allow network resources (such as web pages) and vulnerabilities (that exist on these network services) that are not otherwise normally accessible to be accessed or exploited.

IBM Platforms:
5.0 SR5 and earlier
1.4.2 SR9 and earlier
1.3.1 SR11 and earlier


Sun Platforms:
6 Update 2 and earlier
5.0 Update 12 and earlier
1.4.2_15 and earlier
1.3.1_20 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
5.0 SR6 and later
1.4.2 SR10 and later


Sun Platforms:
6 Update 3 and later
5.0 Update 13 and later
1.4.2_16 and later


HP Platforms:
See HP site for details

CVE-2007-5236 5 November 2007 An untrusted Java Web Start application might write arbitrary files with the privileges of the user running the application.

IBM Platforms:
5.0 SR5 and earlier
1.4.2 SR9 and earlier


Sun Platforms:
5.0 Update 12 and earlier
1.4.2_15 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
5.0 SR6 and later
1.4.2 SR10 and later


Sun Platforms:
5.0 Update 13 and later
1.4.2_16 and later


HP Platforms:
See HP site for details

CVE-2007-5238 5 November 2007 Three separate vulnerabilities might allow an untrusted Java Web Start application to determine the location of the Java Web Start cache.

IBM Platforms:
5.0 SR5 and earlier
1.4.2 SR9 and earlier


Sun Platforms:
6 Update 2 and earlier
5.0 Update 12 and earlier
1.4.2_15 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
5.0 SR6 and later
1.4.2 SR10 and later


Sun Platforms:
6 Update 3 and later
5.0 Update 13 and later
1.4.2_16 and later


HP Platforms:
See HP site for details

CVE-2007-5239 5 November 2007 An untrusted Java Web Start application or Java applet might move or copy arbitrary files by requesting the user of the application or applet to drag and drop a file from the Java Web Start application or Java applet window.

IBM Platforms:
5.0 SR5 and earlier
1.4.2 SR9 and earlier
1.3.1 SR11 and earlier


Sun Platforms:
6 Update 2 and earlier
5.0 Update 12 and earlier
1.4.2_15 and earlier
1.3.1_20 and earlier


HP Platforms:
See HP site for details

IBM Platforms:
5.0 SR6 and later
1.4.2 SR10 and later


Sun Platforms:
6 Update 3 and later
5.0 Update 13 and later
1.4.2_16 and later


HP Platforms:
See HP site for details

CVE-2007-5240 5 November 2007 An untrusted applet might display an over-sized window so that the applet warning banner is not visible to the user running the untrusted applet.

IBM Platforms:
5.0 SR6 and later
1.4.2 SR10 and later


Sun Platforms:
6 Update 3 and later
5.0 Update 13 and later
1.4.2_16 and later


HP Platforms:
See HP site for details

IBM Platforms:
5.0 SR6 and later
1.4.2 SR10 and later


Sun Platforms:
6 Update 3 and later
5.0 Update 13 and later
1.4.2_16 and later


HP Platforms:
See HP site for details

CVE-2007-4381 5 November 2007 A vulnerability in the font parsing code in the Java Runtime Environment might allow an untrusted applet to elevate its privileges. For example, an applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet.

IBM Platforms:
5.0 SR5 or earlier
1.4.2 SR9 or earlier


Sun Platforms:
5.0 update 9 earlier
1.4.2_14 or earlier
Java 6 and 1.3.1 are not affected


HP Platforms:
See HP site for details

IBM Platforms:
5.0 SR5a or later
1.4.2 SR10 or later


Sun Platforms:
5.0 update 10 or later
1.4.2_15 or later


HP Platforms:
See HP site for details

CVE-2007-3698 5 November 2007 The Java Secure Socket Extension (JSSE) that is included in various releases of the Java Runtime Environment does not correctly process SSL/TLS handshake requests. This vulnerability might be exploited to create a Denial of Service (DoS) condition to the system as a whole on a server that listens for SSL/TLS connections using JSSE for SSL/TLS support.

IBM Platforms:
JSSE in 1.4.2 SR9 or earlier
JSSE2 is not affected


Sun Platforms:
6 update 1 or earlier
5.0 update 7 through update 11
1.4.2_11 through 1.4.2_14


HP Platforms:
See HP site for details

IBM Platforms:
1.4.2 SR10 or later


Sun Platforms:
6 update 2 or later
5.0 update 12 or later
1.4.2_15 or later


HP Platforms:
See HP site for details

CVE-2007-2788
CVE-2007-2789
CVE-2007-3004
CVE-2007-3005
9 August 2007 A buffer overflow vulnerability in the image parsing code in the Java(TM) Runtime Environment might allow an untrusted applet or application to elevate its privileges. For example, an applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet.

A second vulnerability might allow an untrusted applet or application to cause the Java Virtual Machine to hang.
Issue 1

IBM Platforms:
5.0 SR5 or earlier
1.4.2 SR8 or earlier
1.3.1 SR10a or earlier


Sun Platforms:
6 GA
5.0 update 10 or earlier
1.4.2_14 or earlier
1.3.1_20 or earlier


HP Platforms:
See HP site for details

Issue 2

IBM Platforms:
5.0 SR5 or earlier
1.4.2 SR8 or earlier
1.3.1 SR10a or earlier


Sun Platforms:
6 GA
5.0 update 10 or earlier
1.4.2_14 or earlier
1.3.1_19 or earlier


HP Platforms:
See HP site for details

Issue 1

IBM Platforms:
5.0 SR5a or later
1.4.2 SR9 or later
1.3.1 SR11 or later


Sun Platforms:
6 update 1 or later
5.0 update 11 or later
1.4.2_15 or later


HP Platforms:
See HP site for details

Issue 2

IBM Platforms:
5.0 SR5a or later
1.4.2 SR9 or later
1.3.1 SR11 or later


Sun Platforms:
6 update 1 or later
5.0 update 11 or later
1.4.2_15 or later
1.3.1_20 or later


HP Platforms:
See HP site for details

CVE-2007-3655 9 August 2007 A buffer overflow vulnerability in the Java Web Start URL parsing code might allow an untrusted application to elevate its privileges. For example, an application might grant itself permissions to read and write local files or run local applications with the privileges of the user running the Java Web Start application.

IBM Platforms:
5.0 SR5 or earlier


Sun Platforms:
6 update 1 or earlier
5.0 update 11 or earlier


HP Platforms:
See HP site for details

IBM Platforms:
5.0 SR5a or later


Sun Platforms:
6 update 2 or later
5.0 update 12 or later


HP Platforms:
See HP site for details

CVE-2007-3922 9 August 2007 A security vulnerability in the Java Runtime Environment Applet Class Loader might allow an untrusted applet that is loaded from a remote system to circumvent network access restrictions and establish socket connections to certain services running on the local host, as if it were loaded from the system that the applet is running on. This might allow the untrusted remote applet the ability to exploit any security vulnerabilities existing in the services it has connected to.

IBM Platforms:
1.4.2 SR9 or earlier
5.0 SR5 or earlier
1.3.1 SR10a or earlier


Sun Platforms:
6 update 1 or earlier
5.0 update 11 or earlier
1.4.2_14 or earlier


HP Platforms:
See HP site for details

IBM Platforms:
1.4.2 SR10 or later
5.0 SR5a or later
1.3.1 SR11 or later


Sun Platforms:
6 update 2 or later
5.0 update 12 or later
1.4.2_15 or later


HP Platforms:
See HP site for details

CVE-2007-3504 18 July 2007 A vulnerability in Java(TM) Web Start allows an untrusted application to grant itself permissions to overwrite the .java.policy file and then invoke applets or Java Web Start applications that can run arbitrary code with the permissions of the user running the untrusted application. There are no reported attacks based on this vulnerability.

IBM Platforms:
5.0 SR4 or earlier
1.4.2 SR8 or earlier


Sun Platforms:
5.0 update 11 or earlier
1.4.2_13 or earlier


HP Platforms:
See HP site for details

IBM Platforms:
5.0 SR5 or later
1.4.2 SR9 or later


Sun Platforms:
5.0 update 12 or later
1.4.2_14 or later


HP Platforms:
See HP site for details

CVE-2007-3503 12 July 2007 A defect in the Javadoc(TM) tool lets it generate HTML documentation pages that might be leveraged in a cross-site scripting attack. For this defect to be exploited, a user has to click a URL that is created by an attacker that points to a web page with documentation generated by Javadoc. The URL includes Javascript code that will be executed by the browser when the web page is loaded. The Javascript code might access information that is stored in the user's cookies from the website that hosts the documentation pages. There are no reported attacks based on this vulnerability.

IBM Platforms:
5.0 SR4 or earlier


Sun Platforms:
6 GA
5.0 update 11 or earlier


HP Platforms:
See HP site for details

IBM Platforms:
5.0 SR5 or later


Sun Platforms:
6 update 1 or later
5.0 update 12 or later


HP Platforms:
See HP site for details

CVE-2007-2435 5 June 2007 A vulnerability in Java(TM) Web Start allows an untrusted application to elevate its privileges. For example, an application might grant itself permissions to read and write local files that are accessible to the user running the Java Web Start application.

IBM Platforms:
5.0 SR4 or earlier
1.4.2 SR7 or earlier


Sun Platforms:
5.0 update 10 or earlier
1.4.2_13 or earlier


HP Platforms:
See HP site for details

IBM Platforms:
5.0 SR5 or later
1.4.2 SR8 or later


Sun Platforms:
5.0 update 11 or later
1.4.2_14 or later


HP Platforms:
See HP site for details

CVE-2007-0243 05 April 2007 A buffer overflow vulnerability in the Java(TM) Runtime Environment might allow an untrusted applet to elevate its privileges. For example, an applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet.

IBM Platforms:
5.0 SR3 or earlier
1.4.2 SR7 or earlier
1.3.1 SR10a or earlier


Sun Platforms:
5.0 update 9 or earlier
1.4.2_12 or earlier
1.3.1_18 or earlier


HP Platforms:
See HP site for details

IBM Platforms:
5.0 SR4 or later
1.4.2 SR8 or later
1.3.1 SR11 or later


Sun Platforms:
5.0 update 10 or later
1.4.2_13 or later
1.3.1_19 or later


HP Platforms:
See HP site for details

CVE-2006-6737
CVE-2006-6736
04 January 2007 Two vulnerabilities in the Java Runtime Environment might independently allow an untrusted applet to access data in other applets.
Issue 1

IBM Platforms:
5.0 GA
1.4.2 SR3 or earlier
1.3.1 SR10 or earlier


Sun Platforms:
5.0 update 5 or earlier
1.4.2_10 or earlier
1.3.1_18 or earlier


HP Platforms:
See HP site for details

Issue 2

IBM Platforms:
5.0 SR2 or earlier
1.4.2 SR7 or earlier
1.3.1 SR10 or earlier


Sun Platforms:
5.0 update 6 or earlier
1.4.2_12 or earlier
1.3.1_18 or earlier


HP Platforms:
See HP site for details

Issue 1

IBM Platforms:
5.0 SR1 or later
1.4.2 SR4 or later
1.3.1 SR10a or later


Sun Platforms:
5.0 update 6 or later
1.4.2_11 or lateer
1.3.1_19 or later


HP Platforms:
See HP site for details

Issue 2

IBM Platforms:
5.0 SR3 or later
1.4.2 SR8 or later
1.3.1 SR10a or later


Sun Platforms:
5.0 update 7 or later
1.4.2_13 or later
1.3.1_19 or later


HP Platforms:
See HP site for details

CVE-2006-6745 04 January 2007 Two vulnerabilities in the Java(TM) Runtime Environment with serialization might independently allow an untrusted applet or application to elevate its privileges.

IBM Platforms:
5.0 SR2 or earlier
1.4.2 SR7 or earlier
1.3.1 is not affected


Sun Platforms:
5.0 update 7 or earlier
1.4.2_12 or earlier
1.3.1 is not affected


HP Platforms:
See HP site for details

IBM Platforms:
5.0 SR3 or later
1.4.2 SR8 or later
1.3.1 is not affected


Sun Platforms:
5.0 update 8 or later
1.4.2_13 or later
1.3.1 is not affected


HP Platforms:
See HP site for details

CVE-2006-6731 04 January 2007 Two buffer overflow vulnerabilities in the Java(TM) Runtime Environment might independently allow an untrusted applet to elevate its privileges. For example, an applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet.

IBM Platforms:
5.0 SR2 or earlier
1.4.2 SR6 or earlier
1.3.1 SR10 or earlier


Sun Platforms:
5.0 update 7 or earlier
1.4.2_12 or earlier
1.3.1_18 or earlier


HP Platforms:
See HP site for details

IBM Platforms:
5.0 SR3 or later
1.4.2 SR7 or later
1.3.1 SR10a or later


Sun Platforms:
5.0 update 8 or later
1.4.2_13 or later
1.3.1_19 or later


HP Platforms:
See HP site for details

Note 1: For compatibility reasons, this fix is implemented via two system properties:
  • javax.xml.stream.supportDTD
  • com.ibm.xml.xlxp.support.dtd.compat.mode

Setting both these properties to false activates the fix. Refer to the Java 6 User Guide for more information.

Return to Sun Alert ID 238628