Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2011-9541.NASL
HistoryJul 25, 2011 - 12:00 a.m.

Fedora 15 : icedtea-web-1.0.4-1.fc15 (2011-9541)

2011-07-2500:00:00
This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.6%

JSON

This security fix that addresses the following issues :

  • RH718164: Home directory path disclosure to untrusted applications

    • RH718170: Java Web Start security warning dialog manipulation

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2011-9541.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(55663);
  script_version("1.12");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2011-2513", "CVE-2011-2514");
  script_bugtraq_id(48829);
  script_xref(name:"FEDORA", value:"2011-9541");

  script_name(english:"Fedora 15 : icedtea-web-1.0.4-1.fc15 (2011-9541)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This security fix that addresses the following issues :

  - RH718164: Home directory path disclosure to untrusted
    applications

    - RH718170: Java Web Start security warning dialog
      manipulation

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=718164"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=718170"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2011-July/062852.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?b664113b"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected icedtea-web package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:icedtea-web");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:15");

  script_set_attribute(attribute:"patch_publication_date", value:"2011/07/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/07/25");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^15([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 15.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC15", reference:"icedtea-web-1.0.4-1.fc15")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "icedtea-web");
}
VendorProductVersionCPE
fedoraprojectfedoraicedtea-webp-cpe:/a:fedoraproject:fedora:icedtea-web
fedoraprojectfedora15cpe:/o:fedoraproject:fedora:15

Related

oraclelinux 1
redhat 1
nessus 7
openvas 11
fedora 3
ubuntu 1
veracode 2
ubuntucve 2
prion 2
cvelist 2
debiancve 2
cve 2
nvd 2
oraclelinux
oraclelinux
icedtea-web security update
2011-07-27 00:00:00
redhat
redhat
(RHSA-2011:1100) Moderate: icedtea-web security update
2011-07-27 00:00:00
nessus
nessus
Oracle Linux 6 : icedtea-web (ELSA-2011-1100)
2013-07-12 00:00:00
openSUSE Security Update : icedtea-web (openSUSE-SU-2011:0829-1)
2014-06-13 00:00:00
Ubuntu 10.04 LTS / 10.10 / 11.04 : icedtea-web, openjdk-6, openjdk-6b18 vulnerabilities (USN-1178-1)
2011-07-28 00:00:00
openvas
openvas
Ubuntu Update for icedtea-web USN-1178-1
2011-08-02 00:00:00
Fedora Update for icedtea-web FEDORA-2011-9541
2011-07-27 00:00:00
Ubuntu: Security Advisory (USN-1178-1)
2011-08-02 00:00:00
fedora
fedora
[SECURITY] Fedora 15 Update: icedtea-web-1.0.4-1.fc15
2011-07-22 19:33:36
[SECURITY] Fedora 14 Update: java-1.6.0-openjdk-1.6.0.0-54.1.9.9.fc14
2011-08-02 01:56:23
[SECURITY] Fedora 14 Update: java-1.6.0-openjdk-1.6.0.0-55.1.9.10.fc14
2011-10-20 09:53:34
ubuntu
ubuntu
IcedTea-Web, OpenJDK 6 vulnerabilities
2011-07-27 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 01:01:24
Information Disclosure
2020-04-10 01:01:24
ubuntucve
ubuntucve
CVE-2011-2514
2011-07-20 00:00:00
CVE-2011-2513
2011-07-20 00:00:00
prion
prion
Design/Logic Flaw
2014-05-14 00:55:00
Design/Logic Flaw
2014-05-14 00:55:00
cvelist
cvelist
CVE-2011-2514
2014-05-14 00:00:00
CVE-2011-2513
2014-05-14 00:00:00
debiancve
debiancve
CVE-2011-2514
2014-05-14 00:55:04
CVE-2011-2513
2014-05-14 00:55:04
cve
cve
CVE-2011-2514
2014-05-14 00:55:04
CVE-2011-2513
2014-05-14 00:55:04
nvd
nvd
CVE-2011-2514
2014-05-14 00:55:04
CVE-2011-2513
2014-05-14 00:55:04

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.6%

JSON
Related for FEDORA_2011-9541.NASL
oraclelinux1redhat1nessus7openvas11fedora3ubuntu1veracode2ubuntucve2prion2cvelist2debiancve2cve2nvd2