Redhat Enterprise Linux Server Aus vulnerabilities

CVE-2016-6797 [HIGH] CWE-863 CVE-2016-6797: The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0. The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resour

CVE-2016-0762 [MEDIUM] CWE-203 CVE-2016-0762: The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm

CVE-2016-6794 [MEDIUM] CVE-2016-6794: When a SecurityManager is configured, a web application's ability to read system properties should b When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to byp

CVE-2017-10107 [CRITICAL] CVE-2017-10107: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supp Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful at

CVE-2017-10087 [CRITICAL] CVE-2017-10087: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries) Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Success

CVE-2017-10090 [CRITICAL] CVE-2017-10090: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries) Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful att

CVE-2017-10110 [CRITICAL] CVE-2017-10110: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions tha Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the

CVE-2017-10089 [CRITICAL] CVE-2017-10089: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than

CVE-2017-10096 [CRITICAL] CVE-2017-10096: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Sup Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful a

CVE-2017-10102 [CRITICAL] CVE-2017-10102: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supp Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the v

CVE-2017-10111 [CRITICAL] CVE-2017-10111: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries) Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks requ

CVE-2017-10101 [CRITICAL] CVE-2017-10101: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Sup Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful a

CVE-2017-10078 [HIGH] CVE-2017-10078: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported ve Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or

CVE-2017-10115 [HIGH] CVE-2017-10115: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: J Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE

CVE-2017-10116 [HIGH] CVE-2017-10116: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: S Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE,

CVE-2017-10074 [HIGH] CVE-2017-10074: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful a

CVE-2017-10067 [HIGH] CVE-2017-10067: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported version Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than t

CVE-2017-3636 [MEDIUM] CVE-2017-3636: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Support Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vuln

CVE-2017-10108 [MEDIUM] CVE-2017-10108: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: S Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java

CVE-2017-3641 [MEDIUM] CVE-2017-3641: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported v Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulne