This host is installed with Sun Java JDK/JRE and is prone to multiple vulnerabilities.

Successful exploitation allows remote attacker to execute arbitrary code, gain escalated privileges, bypass security restrictions and cause denial of service attacks inside the context of the affected system. Impact Level: System/Application.

Upgrade to JDK/JRE version 6 Update 17 or later, http://java.sun.com/javase/downloads/index.jsp OR Upgrade to JDK/JRE version 5 Update 22 http://java.sun.com/javase/downloads/index_jdk5.jsp OR Upgrade to JDK/JRE version 1.4.2_24 http://java.sun.com/j2se/1.4.2/download.html OR Upgrade to JDK/JRE version 1.3.1_27 http://java.sun.com/j2se/1.3/download.html

Multiple flaws occur due to, - Error when decoding 'DER' encoded data and parsing HTTP headers. - Error when verifying 'HMAC' digests. - Interger overflow error in the 'JPEG JFIF' Decoder while processing malicious image files. - A buffer overflow error in the 'setDiffICM()' and 'setBytePixels()' functions in the Abstract Window Toolkit (AWT). - Unspecified error due to improper parsing of color profiles of images. - A buffer overflow error due to improper implementation of the 'HsbParser.getSoundBank()' function. - Three unspecified errors when processing audio or image files.

Sun Java JDK/JRE 6 prior to 6 Update 17 Sun Java JDK/JRE 5 prior to 5 Update 22 Sun Java JDK/JRE 1.4.x prior to 1.4.2_24 Sun Java JDK/JRE 1.3.x prior to 1.3.1_27 on Linux.

• http://java.sun.com/javase/6/webnotes/6u17.html
• http://secunia.com/advisories/37231
• http://www.vupen.com/english/advisories/2009/3131

---

Updated on 2015-03-25