LMS Status regarding Java Vulnerability CVE-2010-4476

Similar Messages

• Java error - Oracle Security Alert for CVE-2010-4476

  I have come across this security alert described at http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.htm l
  In summary - Java Runtime Environment hangs when converting "2.2250738585072012e-308" to a binary floating-point number.
  This vulnerability affects:
  Java SE
  JDK and JRE 6 Update 23 and earlier for Windows, Solaris, and Linux
  JDK 5.0 Update 27 and earlier for Solaris 9
  SDK 1.4.2_29 and earlier for Solaris 8
  Java for Business
  JDK and JRE 6 Update 23 and earlier for Windows, Solaris and Linux
  JDK and JRE 5.0 Update 27 and earlier for Windows, Solaris and Linux
  SDK and JRE 1.4.2_29 and earlier for Windows, Solaris and Linux
  Java for MacOS X 10.6 update 3 updates Java to SE 6 to version 1.6.0_22.
  Is anyone aware of new Java update for Mac that will fix this problem? If one doesn't exist, does anyone know when a new update will be available?
  Thanks.

  Hi Hussein,
  have you applied this? Please can you update?
  Our environment: 11.5.10.2 (9.2.0.7)running on HP-UX PARISC. We are using Jinitiator. We are not yet migrated to J2SE Plugin.
  So, since the sercurity patch is for JRE, is that still required for our environment?
  Please advise?
  Edited by: oraDBA2 on Feb 13, 2011 9:12 PM

• CSCuj31717 - IPS Vulnerability to CVE-2010-5107 - OpenSSH

  Hello,
  We have found our ACS 1121 appliances running 5.4 ACS code are vulnerable to
  CVE-2004-1653
  CVE-2010-5107
  Our information suggests the appliances are using Openssh 5.3 and these vulnerabilities have been fixed it Openssh 6.2 or newer versions.
  What is the timeline for udatding openssh on the ACS 1121 appliance? I have checked the bug database and see no current fixes have been published.
  We also use Cisco IPS modules in redundant Cisoc 5525X firewalls. These also appear to be vunerable.
  I would like to know firmware roadmap to fix these vulnerabilities.
  What remediations or workarounds does Cisco recommend in lieue of a oppenssh upgrade/patch/fix?
  Regards,
  Scott Robertson

  Hi Scott,
  For the ACS, bug CSCuj27463 is filed (and fixed) to address CVE-2010-5107.
  For timelines on releases, please open a TAC case and reference the bugs.
  Sincerely,
  David.

• I have a Java/CVE-2010-94 virus on my macbook pro. Can Someone help me fix this?

  I used Virus Barrier Express that I downloaded from the App Store and it found a virus named Java/CVE-2010-94. I ran Virus Barrier Express again after I prssed the "fixed it" button; however, i'm not sure if this virus or any other virus is still on my MacBook Pro. Can someone please help me know if i'm safe to use my Mac?
  *The first sign of any type of virus was when I was on a website and my screen froze. I couldn't move anything or press anything. Something popped up and told me to turn off the Mac. I had no choice and I did turn it off. I used my Virus Barrier Express to scan any viruses, but nothing appeared. It only appeared after I downloaded new updates yesterday.
  *I just did some research and it turned out to be a "kernel Panic". http://support.apple.com/kb/TS3742 I haven't encountered another one ever since so does that mean my Mac is safe now?

  Steven --
  Get rid of the VirusBarrier Express.  At this time, there are no Mac viruses.  All you're doing with that thing is slowing down your Mac.  Look in your VBE folder, to see if there's an UNinstaller.  I don't know why Apple is making these things available.  They're garbage, 98% of them.  Two good ones are ClamXav and Sophos.  But still, IMHO, they are unnecessary.
  Kernel Panics, on the other hand, are serious.  If you don't have any more of them, that's good.  If you have any more of them, come back and post your Panic report here. 
  Here's info on this virus, which should affect only PCs.
  http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Exp loit%3AJava%2FCVE-2010-0094.AA
  But the have some great advice to avoid malware:
  Take the following steps to help prevent infection on your computer:
  Enable a firewall on your computer.
  Get the latest computer updates for all your installed software.
  Use up-to-date antivirus software.
  Limit user privileges on the computer.
  Use caution when opening attachments and accepting file transfers.
  Use caution when clicking on links to web pages.
  Avoid downloading pirated software.
  Protect yourself against social engineering attacks.
  Use strong passwords.

• CSCuq79267 - UCS Apache 2.2 Vulnerability CVE-2014-0118

  I too am seeing this same behavior. Nessus has found this, and 3 other, vulnerabilities with the Apache version provided by the UCS platform.
  Any fixes in the works? We are currently running firmware 2.2(3c). The release notes for 2.2(3d) and 2.2(3e) do not address CVE-2014-0118.
  EDIT:
  2.2(3f) also does not address these vulnerabilities. Does the UCS version of Apache use the modules that are found faulty according to Nessus?
  Nessus is also reporting the following CVEs related to this one: CVE-2013-6438, CVE-2014-0098, CVE-2013-5704, CVE-2014-0226, and CVE-2014-0231.

  Hi,
  Please refer this links,
  Linux GHOST vulnerability (CVE-2015-0235) is not as scary as it looks | Symantec Connect
  https://rhn.redhat.com/errata/RHSA-2015-0090.html
  Regards,
  S27

• Are BlackBerry products affected by Samba vulnerability, CVE-2015-0240?

  Samba versions 3.5.0 to 4.2.0rc4 are now known to have a remote code execution vulnerability, CVE-2015-0240. [1] Are BlackBerry products affected?
  [1] https://www.samba.org/samba/security/CVE-2015-0240

  We have updated the release notes to indicate following-
  All versions prior to the following releases are shipping with the vulnerable code. This also includes any train which has already reached end of software maintenance (eg- 3.8.x) 
  15.5(1)S/XE3.14.1S
  15.4(3)S2/XE3.13.3S
  15.4(2)S1/XE3.12.3S
  15.4(1)S3/XE3.11.4S
  15.3(3)S4/XE3.10.6S
  15.2(4)S6/XE3.7.7S
  15.1(3)S7/XE3.4.7S
  Regards,
  Vishnu Asok

• Is AsyncOS vulnerable to New Critical GLibc Vulnerability CVE-2015-0235 (aka Ghost)

  Raising for awareness in the community.
  New Critical GLibc Vulnerability CVE-2015-0235 (aka GHOST)
  https://isc.sans.edu/diary/New+Critical+GLibc+Vulnerability+CVE-2015-0235+%28aka+GHOST%29/19237
  Raised a support case and current update is Cicso is investigating if AsynOS is vulnerable
  Paul

  Currently it is being reviewed and looked into:
  http://tools.cisco.com/security/center/viewAlert.x?alertId=37181
  Please refer to the following information, as provided from our Product Security Incident Response Team (PSIRT):
  Complete information about reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco is available on Cisco.com at:
  http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html 
  This web page includes instructions for press inquiries regarding Cisco Security Advisories. All Cisco Security Advisories are available at:
  http://www.cisco.com/go/psirt

• Glibc GHOST vulnerability # CVE-2015-0235.

  Please suggest patch for glibc GHOST vulnerability # CVE-2015-0235 in Oracle Linux server.Please find below details:-
  ./ghost
  Linux JBLDCVSNPRE01 2.6.39-400.214.6.el6uek.x86_64 #1 SMP Thu May 8 03:38:30 PDT 2014 x86_64 x86_64 x86_64 GNU/Linux
  Red Hat Enterprise Linux Server release 6.5 (Santiago)
  Installed glibc version(s)
  - glibc-2.12-1.132.el6_5.1.x86_64: vulnerable

  Hi,
  Please refer this links,
  Linux GHOST vulnerability (CVE-2015-0235) is not as scary as it looks | Symantec Connect
  https://rhn.redhat.com/errata/RHSA-2015-0090.html
  Regards,
  S27

• OpenSSL vulnerability CVE-2014-0224

  My customer want to know whether ASE is affected by the following OpenSSL vulnerability in http://www.openssl.org/news/secadv_20140605.txt
        SSL/TLS MITM vulnerability (CVE-2014-0224),
        DTLS recursion flaw (CVE-2014-0221)
        DTLS invalid fragment vulnerability (CVE-2014-0195)
        SSL_MODE_RELEASE_BUFFERS NULL pointer dereference (CVE-2014-0198)
        SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298)
        Anonymous ECDH denial of service (CVE-2014-3470)
  Can you help me to confirm the above question?

  You have clearly double posted this question in two groups.
  So the first question goes back to you.
  Are you Running SAP Applications on ASE, if so this is not the proper group?

• Oracle Database Control Component Unspecified Vulnerability (CVE-2007-5530)

  Hi experts,
  Recently we are getting some vulnerabilities on one of our server. But we are unable to download and find patches which were mentioned in that.
  Ex:
  Oracle Database Control Component Unspecified Vulnerability (CVE-2007-5530)
  Oracle Database OLAP Component Unspecified Vulnerability (CVE-2008-3997)
  The entire report is showing these patch names, can you please suggest where i have to download these patches. I searched these in metalink but didn't found anything.
  *These are coming on one of our SAP appliation. so i am requesting suggetion here.
  Regards
  Nick Loy

  Nick,
  Check below links.
  http://secunia.com/advisories/cve_reference/CVE-2008-3997/
  http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html
  http://secunia.com/advisories/cve_reference/CVE-2007-5530/
  http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2007.html
  http://www.juniper.net/security/auto/vulnerabilities/vuln26039.html..
  Hope this helps you.
  Thanks,
  Sushil

• Is java vulnerable in safari 5.1? I have a macbook using 10.6.8

  I am worried about the java vulnerability.  I need it to pay bills on my banks website.  is java vulnerable in safari 5.1.  I am using a macbook with os 10.6.8

  The recently discovered zero-day flaw in Java 7 is so serious that the U.S. Department of Homeland Security has warned users to disable or uninstall it, and Apple has disabled the Java 7 plugin on Macs through its OS X anti-malware system, in order to protect users from a potentially serious security issue.
  You should disable Java (if not already done) until either the US Department of Homeland Security, or Oracle, declare it safe and Apple restore the facility. Oracle have released an update said to fix the security flaw, available from here:
  http://www.oracle.com/technetwork/java/javase/downloads/jre7-downloads-1880261.h tml
  Javascript should not be disabled (it has nothing to do with Java), and is probably what your bank is using.

• In Office 2011 the function "share it by e-mail" seems to be disabled. that happened recently, just after the apple update regarding Java. Any idea on how enable this function again?

  in Office 2011 the function "share it by e-mail" seems to be disabled. that happened recently, just after the apple update regarding Java. Any idea on how enable this function again?

  I was able to get to a support person who helped me fix this without charge. I guess it was my bad for not trying the right way to access support.
  Anyway, they answer is this.
  I had to create a new account on my computer. When I logged into the new account it immediately wanted an AppleID. I used my daughter's e-mail address for the AppleID. This setup the internet accounts correctly with her iCloud.com e-mail address. I was then able to access e-mail in both the browser and Mail. Not that complicated but nothing that I would have easily thought up on my own.
  Thank Apple Support!

• Mac OSX 10.9.4 coldfusion 11 standalone server ERROR: HTTP Status 500 - java.lang.NullPointerException

  Hi all.
  I have installed the cold fusion server.
  at first with mac server, apache..... but after install cold fusion and want to go to the admin page:
  HTTP Status 500 - java.lang.NullPointerException
  I deinstalled the server from mac and cold fusion..
  after a fresh install of coldfusion 11 and use the build in server..
  the same error..
  does anybody knows the problems?
  I Use Java 7 Update 67
  A friend of me have installed it .. it runs
  greetings thorsten

  Hi this is my cold fusion Error LOG
  java.lang.NullPointerException
    at coldfusion.CfmServlet.init(CfmServlet.java:97)
    at coldfusion.bootstrap.ClassloaderHelper.initServletClass(ClassloaderHelper.java:121)
    at coldfusion.bootstrap.BootstrapServlet.init(BootstrapServlet.java:59)
    at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1279)
    at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1192)
    at org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:864)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:134)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:422)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:104 0)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.jav a:607)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:313)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:745)
  Sep 16, 2014 8:30:59 AM org.apache.catalina.core.ApplicationContext log
  INFO: failed to load: coldfusion.CfmServlet
  Sep 16, 2014 8:30:59 AM org.apache.catalina.core.StandardWrapperValve invoke
  SEVERE: Allocate exception for servlet CfmServlet
  java.lang.NullPointerException
    at coldfusion.CfmServlet.init(CfmServlet.java:97)
    at coldfusion.bootstrap.ClassloaderHelper.initServletClass(ClassloaderHelper.java:121)
    at coldfusion.bootstrap.BootstrapServlet.init(BootstrapServlet.java:59)
    at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1279)
    at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1192)
    at org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:864)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:134)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:422)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:104 0)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.jav a:607)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:313)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:745)

• Apache vulnerability CVE-2011-3192

  We're have a private itunesu site on a server running Mac OS 10.5.8 with Apache 2.2.17 which is affected by the DoS vulnerability CVE-2011-3192.  I am looking for some feedback from other ItunesU admins who have either applied the suggested rewrite rule or have found another way to remediate the vulnerability.  The following rewrite rule is supposed to be added to the httpd.conf file:
  RewriteCond %{HTTP:range} !(^bytes=[^,]+(,[^,]+){0,4}$ | ^$)
  RewriteRule .* - [F]
  I have read that some streaming media servers are set up to use ranges, so I'm not real comfortable with implementing this rule without hearing from some others who may have either done it or have another way to address the vulnerability.
  Thank you all for your time!

  For the following PSIRT:
  http://www.cisco.com/en/US/products/csa/cisco-sa-20110830-apache.html
  Download the following patch "lms40-win-Oct2011-su1-0.zip" :
  http://www.cisco.com/cisco/software/release.html?mdfid=283434800&flowid=19062&softwareid=280775103&os=Windows&release=4.0&relind=AVAILABLE&rellifecycle=&reltype=latest
  The instructions should be in the zip file how to install the patch.
  This should cover all theses bugs that you can query in the bug tool kit:
  http://tools.cisco.com/Support/BugToolKit/action.do?hdnAction=searchBugs
  CSCte45565
  CSCto12712
  CSCto23584
  CSCto23622
  CSCto35544
  CSCto35577
  CSCtq48990

• Please help me :status : failure -java.lang.NullPointerExeption

  <p>
  yesterday i can connect to db with oracle sql developer,
  but today i can not connect to my db,
  it send follwing error:
  status : failure -java.lang.NullPointerExeption
  Thanks
  </p>
  Edited by: user10552477 on Nov 7, 2008 1:25 AM

  Well what have you changed then?
  Do you remember the original settings?
  Why did your friend tell you to change something?
  Were you facing any problem when your friend helped you with these non-working settings?
  Dear Satish Kandi
  I do'nt now change.
  I have a connection that i connect to my db .
  My freind tell me that maybe miss the java.exe
  i solve my path but dont solve my problem .
  i install oracle 11g in new pc , but it send same error .