Lucene search
This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.FEDORA_2012-14370.NASLHistorySep 26, 2012 - 12:00 a.m.
Fedora 18 : icedtea-web-1.3-1.fc18 (2012-14370)
2012-09-2600:00:00
This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.
www.tenable.com
10
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.109 Low
EPSS
Percentile
95.1%
This update brings IcedTea-Web 1.3 to Fedora. From Red Hat Bugzilla, it fixes rhbz#720836. Additionally, it provides numerous other bug fixes and enhancements, many of which are listed here :
https://dbhole.wordpress.com/2012/09/05/icedtea-web-1-3-released/
-
Updated to 1.2.1
-
Resolves: RH840592/CVE-2012-3422
-
Resolves: RH841345/CVE-2012-3423
-
Updated to 1.2.1
-
Resolves: RH840592/CVE-2012-3422
-
Resolves: RH841345/CVE-2012-3423
-
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2012-14370.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(62296);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2012-3422", "CVE-2012-3423");
script_bugtraq_id(54762);
script_xref(name:"FEDORA", value:"2012-14370");
script_name(english:"Fedora 18 : icedtea-web-1.3-1.fc18 (2012-14370)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This update brings IcedTea-Web 1.3 to Fedora. From Red Hat Bugzilla,
it fixes rhbz#720836. Additionally, it provides numerous other bug
fixes and enhancements, many of which are listed here :
https://dbhole.wordpress.com/2012/09/05/icedtea-web-1-3-released/
- Updated to 1.2.1
- Resolves: RH840592/CVE-2012-3422
- Resolves: RH841345/CVE-2012-3423
- Updated to 1.2.1
- Resolves: RH840592/CVE-2012-3422
- Resolves: RH841345/CVE-2012-3423
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=840592"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=841345"
);
script_set_attribute(
attribute:"see_also",
value:"https://dbhole.wordpress.com/2012/09/05/icedtea-web-1-3-released/"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2012-September/088090.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?f111f589"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected icedtea-web package."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:icedtea-web");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:18");
script_set_attribute(attribute:"patch_publication_date", value:"2012/09/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/26");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^18([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 18.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC18", reference:"icedtea-web-1.3-1.fc18")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "icedtea-web");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fedoraproject | fedora | icedtea-web | p-cpe:/a:fedoraproject:fedora:icedtea-web |
| fedoraproject | fedora | 18 | cpe:/o:fedoraproject:fedora:18 |
Related
nessus
nessus
Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : icedtea-web vulnerabilities (USN-1521-1)
2012-08-01 00:00:00
openSUSE Security Update : icedtea-web (openSUSE-SU-2012:0982-1)
2014-06-13 00:00:00
Mandriva Linux Security Advisory : icedtea-web (MDVSA-2012:122)
2012-09-06 00:00:00
openvas
openvas
RedHat Update for icedtea-web RHSA-2012:1132-01
2012-08-03 00:00:00
Fedora Update for icedtea-web FEDORA-2012-14316
2012-09-22 00:00:00
Fedora Update for icedtea-web FEDORA-2012-14316
2012-09-22 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: icedtea-web-1.3-1.fc18
2012-09-25 06:19:09
[SECURITY] Fedora 17 Update: icedtea-web-1.3-1.fc17
2012-09-21 23:53:11
[SECURITY] Fedora 16 Update: icedtea-web-1.3-2.fc16
2012-09-21 23:56:26
suse
suse
update for icedtea-web (important)
2012-08-13 09:08:35
Security update for icedtea-web (important)
2012-08-09 20:08:29
icedtea-web: Update to 1.2.1 (bnc#) (important)
2012-08-10 21:08:31
ubuntu
ubuntu
IcedTea-Web vulnerabilities
2012-07-31 00:00:00
freebsd
freebsd
Several vulnerabilities found in IcedTea-Web
2012-07-31 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 04:42:39
Denial Of Service (Dos)
2019-01-15 08:55:12
centos
centos
icedtea security update
2012-07-31 23:18:48
oraclelinux
oraclelinux
icedtea-web security update
2012-07-31 00:00:00
redhat
redhat
(RHSA-2012:1132) Important: icedtea-web security update
2012-07-31 00:00:00
cvelist
cvelist
CVE-2012-3423
2012-08-07 21:00:00
CVE-2012-3422
2012-08-07 21:00:00
cve
cve
CVE-2012-3423
2012-08-07 21:55:01
CVE-2012-3422
2012-08-07 21:55:01
ubuntucve
ubuntucve
CVE-2012-3423
2012-07-31 00:00:00
CVE-2012-3422
2012-07-31 00:00:00
nvd
nvd
CVE-2012-3423
2012-08-07 21:55:01
CVE-2012-3422
2012-08-07 21:55:01
debiancve
debiancve
CVE-2012-3423
2012-08-07 21:55:01
CVE-2012-3422
2012-08-07 21:55:01
prion
prion
Code injection
2012-08-07 21:55:00
Memory corruption
2012-08-07 21:55:00
gentoo
gentoo
IcedTea JDK: Multiple vulnerabilities
2014-06-29 00:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.109 Low
EPSS
Percentile
95.1%
Related for FEDORA_2012-14370.NASL