Docker azul/zulu-openjdk-debian:6u73-6.10.0.3

Vulnerabilities

6 via 6 paths

Dependencies

100

Source

Group 6 Copy Created with Sketch. Docker

Target OS

debian:7
Test your Docker Hub image against our market leading vulnerability database Sign up for free
Severity
  • 2
  • 3
  • 1
Status
  • 6
  • 0
  • 0
OS binaries
  • 0
  • 6

high severity

CVE-2011-3548

  • Vulnerable module: openjdk-jre
  • Introduced through: openjdk-jre@1.6.0-73-b73

Detailed paths

  • Introduced through: docker-image|azul/zulu-openjdk-debian@6u73-6.10.0.3 openjdk-jre@1.6.0-73-b73

Overview

openjdk-jre is a free and open-source implementation of the Java Platform, Standard Edition (Java SE).

Affected versions of this package are vulnerable to CVE-2011-3548. It allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT.

Remediation

Upgrade openjdk-jre to version 7.0.1 or higher.

References

high severity
new

Sandbox Bypass

  • Vulnerable module: openjdk-jre
  • Introduced through: openjdk-jre@1.6.0-73-b73

Detailed paths

  • Introduced through: docker-image|azul/zulu-openjdk-debian@6u73-6.10.0.3 openjdk-jre@1.6.0-73-b73

Overview

openjdk-jre is a free and open-source implementation of the Java Platform, Standard Edition (Java SE).

Affected versions of this package are vulnerable to Sandbox Bypass. A flaw was found in the way the Hotspot component of OpenJDK performed range check elimination. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.

Remediation

Upgrade openjdk-jre to version 8.0.301, 11.0.12, 16.0.2 or higher.

References

medium severity

CVE-2014-2422

  • Vulnerable module: openjdk-jre
  • Introduced through: openjdk-jre@1.6.0-73-b73

Detailed paths

  • Introduced through: docker-image|azul/zulu-openjdk-debian@6u73-6.10.0.3 openjdk-jre@1.6.0-73-b73

Overview

openjdk-jre is a free and open-source implementation of the Java Platform, Standard Edition (Java SE).

Affected versions of this package are vulnerable to CVE-2014-2422. It allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

Remediation

Upgrade openjdk-jre to version 7.0.55, 8.0.5 or higher.

References

medium severity
new

Improper Validation

  • Vulnerable module: openjdk-jre
  • Introduced through: openjdk-jre@1.6.0-73-b73

Detailed paths

  • Introduced through: docker-image|azul/zulu-openjdk-debian@6u73-6.10.0.3 openjdk-jre@1.6.0-73-b73

Overview

openjdk-jre is a free and open-source implementation of the Java Platform, Standard Edition (Java SE).

Affected versions of this package are vulnerable to Improper Validation. A flaw was found in the way the FtpClient implementation in the Networking component of OpenJDK handled responses to the FTP PASV command. A malicious FTP server could cause a Java application using FtpClient to connect to a host and port that is not accessible from the FTP server and perform port scanning or banner extraction.

Remediation

Upgrade openjdk-jre to version 7.0.311, 8.0.301, 11.0.12, 16.0.2 or higher.

References

medium severity
new

Signature Validation Bypass

  • Vulnerable module: openjdk-jre
  • Introduced through: openjdk-jre@1.6.0-73-b73

Detailed paths

  • Introduced through: docker-image|azul/zulu-openjdk-debian@6u73-6.10.0.3 openjdk-jre@1.6.0-73-b73

Overview

openjdk-jre is a free and open-source implementation of the Java Platform, Standard Edition (Java SE).

Affected versions of this package are vulnerable to Signature Validation Bypass. A flaw was found in the way the Library component of OpenJDK handled JAR files containing multiple MANIFEST.MF files. Such JAR files could cause signature verification process to return an incorrect result, possibly allowing tampering with signed JAR files.

Remediation

Upgrade openjdk-jre to version 7.0.311, 8.0.301, 11.0.12, 16.0.2 or higher.

References

low severity

Timing Attack

  • Vulnerable module: openjdk-jre
  • Introduced through: openjdk-jre@1.6.0-73-b73

Detailed paths

  • Introduced through: docker-image|azul/zulu-openjdk-debian@6u73-6.10.0.3 openjdk-jre@1.6.0-73-b73

Overview

openjdk-jre is a free and open-source implementation of the Java Platform, Standard Edition (Java SE).

Affected versions of this package are vulnerable to Timing Attack. Timing attacks are possible in implementations of ECDSA/EdDSA in cryptographic software libraries which allows for practical recovery of the long-term private key. This is possible in implementations which leak the bit-length of the scalar during scalar multiplication on an elliptic curve. This leakage might seem minuscule as the bit-length presents a very small amount of information present in the scalar. However, in the case of ECDSA/EdDSA signature generation, the leaked bit-length of the random nonce is enough for full recovery of the private key used after observing a few hundreds to a few thousands of signatures on known messages, due to the application of lattice techniques.

Remediation

Upgrade openjdk-jre to version 8.0.232, 11.0.5 or higher.

References