Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.AL2_ALAS-2020-1421.NASL
HistoryMay 07, 2020 - 12:00 a.m.

Amazon Linux 2 : java-1.8.0-openjdk (ALAS-2020-1421)

2020-05-0700:00:00
This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
75
JSON

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241.
Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2756)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.
Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
(CVE-2020-2755)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.
Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
(CVE-2020-2830)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241.
Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
(CVE-2020-2803)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.
Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
(CVE-2020-2754)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
(CVE-2020-2781)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded:
8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note:
This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service.
CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241.
Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2773)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241.
Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2773)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241.
Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2757)

A flaw was found in the way the readObject() method of the MethodType class in the Libraries component of OpenJDK checked argument types.
This flaw allows an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2020-2805)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1421.
#

include('compat.inc');

if (description)
{
  script_id(136364);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/05/13");

  script_cve_id(
    "CVE-2020-2754",
    "CVE-2020-2755",
    "CVE-2020-2756",
    "CVE-2020-2757",
    "CVE-2020-2773",
    "CVE-2020-2781",
    "CVE-2020-2800",
    "CVE-2020-2803",
    "CVE-2020-2805",
    "CVE-2020-2830"
  );
  script_xref(name:"ALAS", value:"2020-1421");

  script_name(english:"Amazon Linux 2 : java-1.8.0-openjdk (ALAS-2020-1421)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2 host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java
SE (component: Serialization). Supported versions that are affected
are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241.
Difficult to exploit vulnerability allows unauthenticated attacker
with network access via multiple protocols to compromise Java SE, Java
SE Embedded. Successful attacks of this vulnerability can result in
unauthorized ability to cause a partial denial of service (partial
DOS) of Java SE, Java SE Embedded. Note: Applies to client and server
deployment of Java. This vulnerability can be exploited through
sandboxed Java Web Start applications and sandboxed Java applets. It
can also be exploited by supplying data to APIs in the specified
Component without using sandboxed Java Web Start applications or
sandboxed Java applets, such as through a web service. CVSS 3.0 Base
Score 3.7 (Availability impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2756)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java
SE (component: Scripting). Supported versions that are affected are
Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to
exploit vulnerability allows unauthenticated attacker with network
access via multiple protocols to compromise Java SE, Java SE Embedded.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a partial denial of service (partial DOS) of Java SE,
Java SE Embedded. Note: Applies to client and server deployment of
Java. This vulnerability can be exploited through sandboxed Java Web
Start applications and sandboxed Java applets. It can also be
exploited by supplying data to APIs in the specified Component without
using sandboxed Java Web Start applications or sandboxed Java applets,
such as through a web service. CVSS 3.0 Base Score 3.7 (Availability
impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
(CVE-2020-2755)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java
SE (component: Concurrency). Supported versions that are affected are
Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily
exploitable vulnerability allows unauthenticated attacker with network
access via multiple protocols to compromise Java SE, Java SE Embedded.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a partial denial of service (partial DOS) of Java SE,
Java SE Embedded. Note: Applies to client and server deployment of
Java. This vulnerability can be exploited through sandboxed Java Web
Start applications and sandboxed Java applets. It can also be
exploited by supplying data to APIs in the specified Component without
using sandboxed Java Web Start applications or sandboxed Java applets,
such as through a web service. CVSS 3.0 Base Score 5.3 (Availability
impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
(CVE-2020-2830)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java
SE (component: Libraries). Supported versions that are affected are
Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241.
Difficult to exploit vulnerability allows unauthenticated attacker
with network access via multiple protocols to compromise Java SE, Java
SE Embedded. Successful attacks require human interaction from a
person other than the attacker and while the vulnerability is in Java
SE, Java SE Embedded, attacks may significantly impact additional
products. Successful attacks of this vulnerability can result in
takeover of Java SE, Java SE Embedded. Note: This vulnerability
applies to Java deployments, typically in clients running sandboxed
Java Web Start applications or sandboxed Java applets, that load and
run untrusted code (e.g., code that comes from the internet) and rely
on the Java sandbox for security. This vulnerability does not apply to
Java deployments, typically in servers, that load and run only trusted
code (e.g., code installed by an administrator). CVSS 3.0 Base Score
8.3 (Confidentiality, Integrity and Availability impacts). CVSS
Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
(CVE-2020-2803)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java
SE (component: Scripting). Supported versions that are affected are
Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to
exploit vulnerability allows unauthenticated attacker with network
access via multiple protocols to compromise Java SE, Java SE Embedded.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a partial denial of service (partial DOS) of Java SE,
Java SE Embedded. Note: Applies to client and server deployment of
Java. This vulnerability can be exploited through sandboxed Java Web
Start applications and sandboxed Java applets. It can also be
exploited by supplying data to APIs in the specified Component without
using sandboxed Java Web Start applications or sandboxed Java applets,
such as through a web service. CVSS 3.0 Base Score 3.7 (Availability
impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
(CVE-2020-2754)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java
SE (component: JSSE). Supported versions that are affected are Java
SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily
exploitable vulnerability allows unauthenticated attacker with network
access via HTTPS to compromise Java SE, Java SE Embedded. Successful
attacks of this vulnerability can result in unauthorized ability to
cause a partial denial of service (partial DOS) of Java SE, Java SE
Embedded. Note: Applies to client and server deployment of Java. This
vulnerability can be exploited through sandboxed Java Web Start
applications and sandboxed Java applets. It can also be exploited by
supplying data to APIs in the specified Component without using
sandboxed Java Web Start applications or sandboxed Java applets, such
as through a web service. CVSS 3.0 Base Score 5.3 (Availability
impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
(CVE-2020-2781)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java
SE (component: Lightweight HTTP Server). Supported versions that are
affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded:
8u241. Difficult to exploit vulnerability allows unauthenticated
attacker with network access via multiple protocols to compromise Java
SE, Java SE Embedded. Successful attacks of this vulnerability can
result in unauthorized update, insert or delete access to some of Java
SE, Java SE Embedded accessible data as well as unauthorized read
access to a subset of Java SE, Java SE Embedded accessible data. Note:
This vulnerability can only be exploited by supplying data to APIs in
the specified Component without using Untrusted Java Web Start
applications or Untrusted Java applets, such as through a web service.
CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS
Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java
SE (component: Security). Supported versions that are affected are
Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241.
Difficult to exploit vulnerability allows unauthenticated attacker
with network access via multiple protocols to compromise Java SE, Java
SE Embedded. Successful attacks of this vulnerability can result in
unauthorized ability to cause a partial denial of service (partial
DOS) of Java SE, Java SE Embedded. Note: Applies to client and server
deployment of Java. This vulnerability can be exploited through
sandboxed Java Web Start applications and sandboxed Java applets. It
can also be exploited by supplying data to APIs in the specified
Component without using sandboxed Java Web Start applications or
sandboxed Java applets, such as through a web service. CVSS 3.0 Base
Score 3.7 (Availability impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2773)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java
SE (component: Serialization). Supported versions that are affected
are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241.
Difficult to exploit vulnerability allows unauthenticated attacker
with network access via multiple protocols to compromise Java SE, Java
SE Embedded. Successful attacks of this vulnerability can result in
unauthorized ability to cause a partial denial of service (partial
DOS) of Java SE, Java SE Embedded. Note: Applies to client and server
deployment of Java. This vulnerability can be exploited through
sandboxed Java Web Start applications and sandboxed Java applets. It
can also be exploited by supplying data to APIs in the specified
Component without using sandboxed Java Web Start applications or
sandboxed Java applets, such as through a web service. CVSS 3.0 Base
Score 3.7 (Availability impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2773)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java
SE (component: Serialization). Supported versions that are affected
are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241.
Difficult to exploit vulnerability allows unauthenticated attacker
with network access via multiple protocols to compromise Java SE, Java
SE Embedded. Successful attacks of this vulnerability can result in
unauthorized ability to cause a partial denial of service (partial
DOS) of Java SE, Java SE Embedded. Note: Applies to client and server
deployment of Java. This vulnerability can be exploited through
sandboxed Java Web Start applications and sandboxed Java applets. It
can also be exploited by supplying data to APIs in the specified
Component without using sandboxed Java Web Start applications or
sandboxed Java applets, such as through a web service. CVSS 3.0 Base
Score 3.7 (Availability impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2757)

A flaw was found in the way the readObject() method of the MethodType
class in the Libraries component of OpenJDK checked argument types.
This flaw allows an untrusted Java application or applet to bypass
Java sandbox restrictions. (CVE-2020-2805)");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALAS-2020-1421.html");
  script_set_attribute(attribute:"solution", value:
"Run 'yum update java-1.8.0-openjdk' to update your system.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-2800");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2020-2805");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/05/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/07");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.8.0-openjdk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-accessibility");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-accessibility-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-demo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-demo-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-devel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-headless");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-headless-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc-zip");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc-zip-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-src");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-src-debug");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "2")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"AL2", reference:"java-1.8.0-openjdk-1.8.0.252.b09-2.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"java-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"java-1.8.0-openjdk-accessibility-debug-1.8.0.252.b09-2.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"java-1.8.0-openjdk-debug-1.8.0.252.b09-2.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"java-1.8.0-openjdk-demo-1.8.0.252.b09-2.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"java-1.8.0-openjdk-demo-debug-1.8.0.252.b09-2.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"java-1.8.0-openjdk-devel-1.8.0.252.b09-2.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"java-1.8.0-openjdk-devel-debug-1.8.0.252.b09-2.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"java-1.8.0-openjdk-headless-1.8.0.252.b09-2.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"java-1.8.0-openjdk-headless-debug-1.8.0.252.b09-2.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"java-1.8.0-openjdk-javadoc-1.8.0.252.b09-2.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"java-1.8.0-openjdk-javadoc-debug-1.8.0.252.b09-2.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"java-1.8.0-openjdk-javadoc-zip-1.8.0.252.b09-2.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.252.b09-2.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"java-1.8.0-openjdk-src-1.8.0.252.b09-2.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"java-1.8.0-openjdk-src-debug-1.8.0.252.b09-2.amzn2.0.1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.8.0-openjdk / java-1.8.0-openjdk-accessibility / etc");
}
VendorProductVersionCPE
amazonlinuxjava-1.8.0-openjdkp-cpe:/a:amazon:linux:java-1.8.0-openjdk
amazonlinuxjava-1.8.0-openjdk-accessibilityp-cpe:/a:amazon:linux:java-1.8.0-openjdk-accessibility
amazonlinuxjava-1.8.0-openjdk-accessibility-debugp-cpe:/a:amazon:linux:java-1.8.0-openjdk-accessibility-debug
amazonlinuxjava-1.8.0-openjdk-debugp-cpe:/a:amazon:linux:java-1.8.0-openjdk-debug
amazonlinuxjava-1.8.0-openjdk-debuginfop-cpe:/a:amazon:linux:java-1.8.0-openjdk-debuginfo
amazonlinuxjava-1.8.0-openjdk-demop-cpe:/a:amazon:linux:java-1.8.0-openjdk-demo
amazonlinuxjava-1.8.0-openjdk-demo-debugp-cpe:/a:amazon:linux:java-1.8.0-openjdk-demo-debug
amazonlinuxjava-1.8.0-openjdk-develp-cpe:/a:amazon:linux:java-1.8.0-openjdk-devel
amazonlinuxjava-1.8.0-openjdk-devel-debugp-cpe:/a:amazon:linux:java-1.8.0-openjdk-devel-debug
amazonlinuxjava-1.8.0-openjdk-headlessp-cpe:/a:amazon:linux:java-1.8.0-openjdk-headless
Rows per page:
1-10 of 181

Related

oraclelinux 7
nessus 64
openvas 31
centos 5
ibm 55
suse 3
osv 3
redhat 16
amazon 5
mageia 1
debian 3
fedora 3
gentoo 1
aix 1
ubuntu 1
oraclelinux
oraclelinux
java-1.8.0-openjdk security update
2020-04-22 00:00:00
java-1.8.0-openjdk security update
2020-04-22 00:00:00
java-1.8.0-openjdk security update
2020-04-21 00:00:00
nessus
nessus
RHEL 7 : java-1.8.0-openjdk (RHSA-2020:1512)
2020-04-21 00:00:00
IBM Java 7.0 < 7.0.10.65 / 7.1 < 7.1.4.65 / 8.0 < 8.0.6.25 Multiple Vulnerabilities
2022-04-29 00:00:00
Oracle Linux 8 : java-1.8.0-openjdk (ELSA-2020-1515)
2020-04-24 00:00:00
openvas
openvas
Fedora: Security Advisory for java-1.8.0-openjdk (FEDORA-2020-5386fe3bbb)
2020-05-11 00:00:00
Mageia: Security Advisory (MGASA-2020-0182)
2022-01-28 00:00:00
Fedora: Security Advisory for java-1.8.0-openjdk (FEDORA-2020-a60ad9d4ec)
2020-05-29 00:00:00
centos
centos
java security update
2020-04-30 19:53:37
java security update
2020-04-28 00:26:13
java security update
2020-04-28 00:24:04
ibm
ibm
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2020 - Includes Oracle Apr 2020 CPU minus CVE-2020-2773 affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time
2021-02-01 09:03:14
Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects IBM Performance Management products
2020-07-10 07:26:57
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2020 - Includes Oracle Apr 2020 CPU minus CVE-2020-2773 affects Liberty for Java for IBM Cloud
2022-10-07 16:01:56
suse
suse
Security update for java-1_8_0-openj9 (important)
2020-06-24 00:00:00
Security update for java-1_8_0-openjdk (important)
2020-06-13 00:00:00
Security update for java-11-openjdk (important)
2020-06-02 00:00:00
osv
osv
openjdk-8 - security update
2020-04-28 00:00:00
openjdk-7 - security update
2020-04-28 00:00:00
openjdk-11 - security update
2020-04-24 00:00:00
redhat
redhat
(RHSA-2020:1516) Important: java-1.8.0-openjdk security update
2020-04-22 08:56:47
(RHSA-2020:1512) Important: java-1.8.0-openjdk security update
2020-04-21 09:11:34
(RHSA-2020:1506) Important: java-1.8.0-openjdk security update
2020-04-21 09:12:34
amazon
amazon
Important: java-1.8.0-openjdk
2020-05-05 01:18:00
Important: java-1.8.0-openjdk
2023-08-21 12:14:00
Important: java-1.7.0-openjdk
2020-05-08 20:10:00
mageia
mageia
Updated java-1.8.0-openjdk packages fix security vulnerabilities
2020-04-24 20:03:35
debian
debian
[SECURITY] [DSA 4668-1] openjdk-8 security update
2020-04-28 19:35:17
[SECURITY] [DLA 2193-1] openjdk-7 security update
2020-04-29 00:48:53
[SECURITY] [DSA 4662-1] openjdk-11 security update
2020-04-24 12:55:19
fedora
fedora
[SECURITY] Fedora 31 Update: java-1.8.0-openjdk-1.8.0.252.b09-0.fc31
2020-05-18 03:23:13
[SECURITY] Fedora 32 Update: java-1.8.0-openjdk-1.8.0.252.b09-0.fc32
2020-05-07 03:11:08
[SECURITY] Fedora 30 Update: java-1.8.0-openjdk-1.8.0.252.b09-0.fc30
2020-05-13 03:36:38
gentoo
gentoo
OpenJDK, IcedTea: Multiple vulnerabilities
2020-06-15 00:00:00
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2020-07-31 09:56:48
ubuntu
ubuntu
OpenJDK vulnerabilities
2020-04-22 00:00:00
JSON
Related for AL2_ALAS-2020-1421.NASL
oraclelinux7nessus64openvas31centos5ibm55suse3osv3redhat16amazon5mageia1debian3fedora3gentoo1aix1ubuntu1