Java Multiple Vulnerabilities

godchild_ii · ‎01-22-2009

Dear all,

I just received a warning on java vulnerabilities, CVE-2008-3339. The suggestion is to upgrade the java to 5.0 update 17.

However currently the latest java in hpux is 1.5.0.14, which includes sun java 1.5.0.16FCS.

Is it true that hpux java 1.5.0.14 can't fixes the vulnerabilities? And if it can't, when will the later version of java release to fix it?

Thanks and regards,
Godchild.

VK2COT · ‎01-22-2009

Hello,

Are you sure you got the correct CVE.

CVE-20098-3339 actually talks about:

QUOTE
search_result.cfm in Jobbex JobSite allows
remote attackers to obtain sensitive
information via unspecified vectors that
reveal the installation path in an error
message.

It contains flaws that allow remote SQL
injection attacks and cross site scripting.

SQLi occurs where the "jobstateid" and
"jobcountryid" don't properly sanitize input
submitted to the search_result.cfm script.
This may allow an attacker to inject or manipulate SQL queries in the backend database.
END QUOTE

Could you please share the document where you
found reference to Java to 5.0 update 17
on HP-UX?

The latest Java JDK/JRE at HP is
version 6.0.2.

Cheers,

VK2COT

VK2COT - Dusan Baljevic

godchild_ii · ‎01-22-2009

Hello VK2COT,

Thank for your reply.

Sorry for refering wrong ID.

The vulnerabilities I am checking is VUPEN/ADV-2008-3339

http://www.vupen.com/english/advisories/2008/3339

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Java Multiple Vulnerabilities

Java Multiple Vulnerabilities

Re: Java Multiple Vulnerabilities

Re: Java Multiple Vulnerabilities