Reflected cross-site scripting (XSS) In java-1.6.0-openjdk
Description
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to cross-site scripting (XSS) in the sun.rmi.transport.proxy CGIHandler class that does not properly handle error messages in a (1) command or (2) port number.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 rpm rhel6 | 1:1.6.0.0-1.54.1.11.6.el6_3 | ||
rpm rhel5 | - | - | |
rpm rhel5 | 1:1.6.0.0-1.33.1.11.6.el5_9 | ||
rpm rhel6 | 1:1.7.0.9-2.3.5.3.el6_3 | ||
rpm rhel5 | 1:1.7.0.9-2.3.5.3.el5_9 |
Aliases