Solutions de vulnérabilité
 |
analyses ajoutés les 7 derniers jours |
| L'analyse périodique de vulnérabilité Nimsoft Cloud Monitor vérifie la vulnérabilité ci-dessous. Pour connaître les solutions de vulnérabilité les plus récemment ajoutées analysées par WatchMouse, rendez-vous sur la vue d'ensemble Solutions de vulnérabilité |
| Catégorie: Red Hat Local Security Checks | Facteur de risque: Medium | Ajouté: 5 mars 2010 |
| Synopsis: The remote host is missing the patch for the advisory RHSA-2010-0130 Description: Updated java-1.5.0-ibm packages that fix a security issue are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session (for example, an HTTPS connection to a website). This could force the server to process an attacker's request as if authenticated using the victim's credentials. (CVE-2009-3555) This update disables renegotiation in the Java Secure Socket Extension (JSSE) component. Unsafe renegotiation can be re-enabled using the com.ibm.jsse2.renegotiate property. Refer to the following Knowledgebase article for details: http://kbase.redhat.com/faq/docs/DOC-20491 All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.5.0 SR11-FP1 Java release. All running instances of IBM Java must be restarted for this update to take effect. See also: http://rhn.redhat.com/errata/RHSA-2010-0130.html Solution: Get the newest RedHat Updates. Risk factor: Medium / CVSS Base Score : 6.4 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P) |
||
