绿盟科技NSFOCUS安全漏洞系统

安全研究

安全漏洞

Oracle Java SE和Java for Business远程JAVA运行时环境漏洞

发布日期：2011-02-15
更新日期：2011-02-15

受影响系统：

Oracle Sun JRE Sun JRE (Windows Production Re
Oracle Sun JRE Sun JRE (Windows Production Re
Oracle Sun JRE Sun JRE (Windows Production Re
Oracle Sun JRE Sun JRE (Windows Production Re
Oracle Sun JRE Sun JRE (Windows Production Re
Oracle Sun JRE Sun JRE (Windows Production Re
Oracle Sun JRE Sun JRE (Windows Production Re
Oracle Sun JRE Sun JRE (Windows Production Re
Oracle Sun JRE Sun JRE (Windows Production Re
Oracle Sun JRE Sun JRE (Windows Production Re
Oracle Sun JRE Sun JRE (Windows Production Re
Oracle Sun JRE Sun JRE (Windows Production Re
Oracle Sun JRE Sun JRE (Windows Production Re
Oracle Sun JRE Sun JRE (Solaris Production Re
Oracle Sun JRE Sun JRE (Solaris Production Re
Oracle Sun JRE Sun JRE (Solaris Production Re
Oracle Sun JRE Sun JRE (Solaris Production Re
Oracle Sun JRE Sun JRE (Solaris Production Re
Oracle Sun JRE Sun JRE (Solaris Production Re
Oracle Sun JRE Sun JRE (Solaris Production Re
Oracle Sun JRE Sun JRE (Solaris Production Re
Oracle Sun JRE Sun JRE (Solaris Production Re
Oracle Sun JRE Sun JRE (Solaris Production Re
Oracle Sun JRE Sun JRE (Solaris Production Re
Oracle Sun JRE Sun JRE (Solaris Production Re
Oracle Sun JRE Sun JRE (Linux Production Rele
Oracle Sun JRE Sun JRE (Linux Production Rele
Oracle Sun JRE Sun JRE (Linux Production Rele
Oracle Sun JRE Sun JRE (Linux Production Rele
Oracle Sun JRE Sun JRE (Linux Production Rele
Oracle Sun JRE Sun JRE (Linux Production Rele
Oracle Sun JRE Sun JRE (Linux Production Rele
Oracle Sun JRE Sun JRE (Linux Production Rele
Oracle Sun JRE Sun JRE (Linux Production Rele
Oracle Sun JRE Sun JRE (Linux Production Rele
Oracle Sun JRE Sun JRE (Linux Production Rele
Oracle Sun JRE Sun JRE (Linux Production Rele
Oracle Sun JRE Sun JRE (Linux Production Rele
Oracle Sun JDK Sun JDK (Windows Production Re
Oracle Sun JDK Sun JDK (Windows Production Re
Oracle Sun JDK Sun JDK (Windows Production Re
Oracle Sun JDK Sun JDK (Windows Production Re
Oracle Sun JDK Sun JDK (Windows Production Re
Oracle Sun JDK Sun JDK (Windows Production Re
Oracle Sun JDK Sun JDK (Windows Production Re
Oracle Sun JDK Sun JDK (Windows Production Re
Oracle Sun JDK Sun JDK (Windows Production Re
Oracle Sun JDK Sun JDK (Windows Production Re
Oracle Sun JDK Sun JDK (Windows Production Re
Oracle Sun JDK Sun JDK (Windows Production Re
Oracle Sun JDK Sun JDK (Solaris Production Re
Oracle Sun JDK Sun JDK (Solaris Production Re
Oracle Sun JDK Sun JDK (Solaris Production Re
Oracle Sun JDK Sun JDK (Solaris Production Re
Oracle Sun JDK Sun JDK (Solaris Production Re
Oracle Sun JDK Sun JDK (Solaris Production Re
Oracle Sun JDK Sun JDK (Solaris Production Re
Oracle Sun JDK Sun JDK (Solaris Production Re
Oracle Sun JDK Sun JDK (Solaris Production Re
Oracle Sun JDK Sun JDK (Solaris Production Re
Oracle Sun JDK Sun JDK (Solaris Production Re
Oracle Sun JDK Sun JDK (Solaris Production Re
Oracle Sun JDK Sun JDK (Linux Production Rele
Oracle Sun JDK Sun JDK (Linux Production Rele
Oracle Sun JDK Sun JDK (Linux Production Rele
Oracle Sun JDK Sun JDK (Linux Production Rele
Oracle Sun JDK Sun JDK (Linux Production Rele
Oracle Sun JDK Sun JDK (Linux Production Rele
Oracle Sun JDK Sun JDK (Linux Production Rele
Oracle Sun JDK Sun JDK (Linux Production Rele
Oracle Sun JDK Sun JDK (Linux Production Rele
Oracle Sun JDK Sun JDK (Linux Production Rele
Oracle Sun JDK Sun JDK (Linux Production Rele
Oracle Sun JDK Sun JDK (Linux Production Rele

不受影响系统：

Oracle Sun JRE Sun JRE (Windows Production Re
Oracle Sun JRE Sun JRE (Solaris Production Re
Oracle Sun JRE Sun JRE (Linux Production Rele
Oracle Sun JDK Sun JDK (Windows Production Re
Oracle Sun JDK Sun JDK (Solaris Production Re
Oracle Sun JDK Sun JDK (Linux Production Rele

描述：

BUGTRAQ  ID: 46395,46393,46387,46410,46391,46411,46386,46394,46409,46407,46405,46404,46403,46402,46401,46400,46399,46398,46397
CVE ID: CVE-2010-4467,CVE-2010-4468,CVE-2010-4470,CVE-2010-4475,CVE-2010-4466,CVE-2010-4463,CVE-2010-4462,CVE-2010-4447,CVE-2010-4474,CVE-2010-4451,CVE-2010-4472,CVE-2010-4473,CVE-2010-4422,CVE-2010-4476,CVE-2010-4469,CVE-2010-4471,CVE-2010-4448,CVE-2010-4450

Oracle Java SE是标准版的Java平台是一个Java2的平台，为用户提供一个程序开发环境。这个程序开发环境提供了开发与运行Java软件的编译器等开发工具、软件库及Java虚拟机。它也是Java2平台、企业版本和Java网页服务的基础。Java for Business是一套自定义的Java SE改版，企业可通过它快速访问关键修复，特点是长期支持和企业级定位。

Oracle Java SE和Java for Business在实现上存在远程JAVA运行时环境漏洞，此漏洞可影响“Deployment”子部件，攻击者可利用这些漏洞获取用户的NTLM验证信息，可通过多个协议利用此漏洞。

<*来源：Sami Koivu
        Oracle
  *>

建议：

厂商补丁：

Oracle
------
目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：

http://www.oracle.com

浏览次数：3075
严重程度：0（网友投票）

关于我们: 公司介绍; 公司荣誉; 公司新闻

联系我们: 公司总部; 分支机构; 海外机构

快速链接: 绿盟云; 绿盟威胁情报中心NTI; 技术博客