ID GENTOO_GLSA-201401-30.NASL Type nessus Reporter Tenable Modified 2018-01-03T00:00:00
Description
The remote host is affected by the vulnerability described in GLSA-201401-30 (Oracle JRE/JDK: Multiple vulnerabilities)
Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below for details.
Impact :
An unauthenticated, remote attacker could exploit these vulnerabilities to execute arbitrary code.
Furthermore, a local or remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code.
Workaround :
There is no known workaround at this time.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 201401-30.
#
# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#
include("compat.inc");
if (description)
{
script_id(72139);
script_version("$Revision: 1.15 $");
script_cvs_date("$Date: 2018/01/03 14:35:37 $");
script_cve_id("CVE-2011-3563", "CVE-2011-5035", "CVE-2012-0497", "CVE-2012-0498", "CVE-2012-0499", "CVE-2012-0500", "CVE-2012-0501", "CVE-2012-0502", "CVE-2012-0503", "CVE-2012-0504", "CVE-2012-0505", "CVE-2012-0506", "CVE-2012-0507", "CVE-2012-0547", "CVE-2012-1531", "CVE-2012-1532", "CVE-2012-1533", "CVE-2012-1541", "CVE-2012-1682", "CVE-2012-1711", "CVE-2012-1713", "CVE-2012-1716", "CVE-2012-1717", "CVE-2012-1718", "CVE-2012-1719", "CVE-2012-1721", "CVE-2012-1722", "CVE-2012-1723", "CVE-2012-1724", "CVE-2012-1725", "CVE-2012-1726", "CVE-2012-3136", "CVE-2012-3143", "CVE-2012-3159", "CVE-2012-3174", "CVE-2012-3213", "CVE-2012-3216", "CVE-2012-3342", "CVE-2012-4416", "CVE-2012-4681", "CVE-2012-5067", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5070", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5074", "CVE-2012-5075", "CVE-2012-5076", "CVE-2012-5077", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5083", "CVE-2012-5084", "CVE-2012-5085", "CVE-2012-5086", "CVE-2012-5087", "CVE-2012-5088", "CVE-2012-5089", "CVE-2013-0169", "CVE-2013-0351", "CVE-2013-0401", "CVE-2013-0402", "CVE-2013-0409", "CVE-2013-0419", "CVE-2013-0422", "CVE-2013-0423", "CVE-2013-0430", "CVE-2013-0437", "CVE-2013-0438", "CVE-2013-0445", "CVE-2013-0446", "CVE-2013-0448", "CVE-2013-0449", "CVE-2013-0809", "CVE-2013-1473", "CVE-2013-1479", "CVE-2013-1481", "CVE-2013-1484", "CVE-2013-1485", "CVE-2013-1486", "CVE-2013-1487", "CVE-2013-1488", "CVE-2013-1491", "CVE-2013-1493", "CVE-2013-1500", "CVE-2013-1518", "CVE-2013-1537", "CVE-2013-1540", "CVE-2013-1557", "CVE-2013-1558", "CVE-2013-1561", "CVE-2013-1563", "CVE-2013-1564", "CVE-2013-1569", "CVE-2013-1571", "CVE-2013-2383", "CVE-2013-2384", "CVE-2013-2394", "CVE-2013-2400", "CVE-2013-2407", "CVE-2013-2412", "CVE-2013-2414", "CVE-2013-2415", "CVE-2013-2416", "CVE-2013-2417", "CVE-2013-2418", "CVE-2013-2419", "CVE-2013-2420", "CVE-2013-2421", "CVE-2013-2422", "CVE-2013-2423", "CVE-2013-2424", "CVE-2013-2425", "CVE-2013-2426", "CVE-2013-2427", "CVE-2013-2428", "CVE-2013-2429", "CVE-2013-2430", "CVE-2013-2431", "CVE-2013-2432", "CVE-2013-2433", "CVE-2013-2434", "CVE-2013-2435", "CVE-2013-2436", "CVE-2013-2437", "CVE-2013-2438", "CVE-2013-2439", "CVE-2013-2440", "CVE-2013-2442", "CVE-2013-2443", "CVE-2013-2444", "CVE-2013-2445", "CVE-2013-2446", "CVE-2013-2447", "CVE-2013-2448", "CVE-2013-2449", "CVE-2013-2450", "CVE-2013-2451", "CVE-2013-2452", "CVE-2013-2453", "CVE-2013-2454", "CVE-2013-2455", "CVE-2013-2456", "CVE-2013-2457", "CVE-2013-2458", "CVE-2013-2459", "CVE-2013-2460", "CVE-2013-2461", "CVE-2013-2462", "CVE-2013-2463", "CVE-2013-2464", "CVE-2013-2465", "CVE-2013-2466", "CVE-2013-2467", "CVE-2013-2468", "CVE-2013-2469", "CVE-2013-2470", "CVE-2013-2471", "CVE-2013-2472", "CVE-2013-2473", "CVE-2013-3743", "CVE-2013-3744", "CVE-2013-3829", "CVE-2013-5772", "CVE-2013-5774", "CVE-2013-5775", "CVE-2013-5776", "CVE-2013-5777", "CVE-2013-5778", "CVE-2013-5780", "CVE-2013-5782", "CVE-2013-5783", "CVE-2013-5784", "CVE-2013-5787", "CVE-2013-5788", "CVE-2013-5789", "CVE-2013-5790", "CVE-2013-5797", "CVE-2013-5800", "CVE-2013-5801", "CVE-2013-5802", "CVE-2013-5803", "CVE-2013-5804", "CVE-2013-5805", "CVE-2013-5806", "CVE-2013-5809", "CVE-2013-5810", "CVE-2013-5812", "CVE-2013-5814", "CVE-2013-5817", "CVE-2013-5818", "CVE-2013-5819", "CVE-2013-5820", "CVE-2013-5823", "CVE-2013-5824", "CVE-2013-5825", "CVE-2013-5829", "CVE-2013-5830", "CVE-2013-5831", "CVE-2013-5832", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5842", "CVE-2013-5843", "CVE-2013-5844", "CVE-2013-5846", "CVE-2013-5848", "CVE-2013-5849", "CVE-2013-5850", "CVE-2013-5851", "CVE-2013-5852", "CVE-2013-5854", "CVE-2013-5870", "CVE-2013-5878", "CVE-2013-5887", "CVE-2013-5888", "CVE-2013-5889", "CVE-2013-5893", "CVE-2013-5895", "CVE-2013-5896", "CVE-2013-5898", "CVE-2013-5899", "CVE-2013-5902", "CVE-2013-5904", "CVE-2013-5905", "CVE-2013-5906", "CVE-2013-5907", "CVE-2013-5910", "CVE-2014-0368", "CVE-2014-0373", "CVE-2014-0375", "CVE-2014-0376", "CVE-2014-0382", "CVE-2014-0385", "CVE-2014-0387", "CVE-2014-0403", "CVE-2014-0408", "CVE-2014-0410", "CVE-2014-0411", "CVE-2014-0415", "CVE-2014-0416", "CVE-2014-0417", "CVE-2014-0418", "CVE-2014-0422", "CVE-2014-0423", "CVE-2014-0424", "CVE-2014-0428");
script_bugtraq_id(51194, 52009, 52011, 52012, 52013, 52014, 52015, 52016, 52017, 52018, 52019, 52020, 52161, 53946, 53947, 53948, 53949, 53950, 53951, 53952, 53953, 53954, 53958, 53959, 53960, 55213, 55336, 55337, 55339, 55501, 56025, 56033, 56039, 56043, 56046, 56051, 56054, 56055, 56056, 56057, 56058, 56059, 56061, 56063, 56065, 56067, 56070, 56071, 56072, 56075, 56076, 56079, 56080, 56081, 56082, 56083, 57246, 57312, 57681, 57689, 57697, 57699, 57700, 57704, 57706, 57708, 57714, 57716, 57717, 57718, 57720, 57722, 57723, 57728, 57731, 57778, 58027, 58028, 58029, 58031, 58238, 58296, 58397, 58493, 58504, 58507, 59088, 59089, 59124, 59128, 59131, 59137, 59141, 59145, 59149, 59153, 59154, 59159, 59162, 59165, 59166, 59167, 59170, 59172, 59175, 59178, 59179, 59184, 59185, 59187, 59190, 59191, 59194, 59195, 59203, 59206, 59208, 59212, 59213, 59219, 59220, 59228, 59234, 59243, 60617, 60618, 60619, 60620, 60621, 60622, 60623, 60624, 60625, 60626, 60627, 60629, 60630, 60631, 60632, 60633, 60634, 60635, 60636, 60637, 60638, 60639, 60640, 60641, 60643, 60644, 60645, 60646, 60647, 60649, 60650, 60651, 60652, 60653, 60654, 60655, 60656, 60657, 60658, 60659, 63079, 63082, 63089, 63095, 63098, 63101, 63102, 63103, 63106, 63110, 63111, 63112, 63115, 63118, 63120, 63121, 63122, 63124, 63126, 63127, 63128, 63129, 63130, 63131, 63132, 63133, 63134, 63135, 63136, 63137, 63139, 63140, 63141, 63142, 63143, 63144, 63145, 63146, 63147, 63148, 63149, 63150, 63151, 63152, 63153, 63154, 63155, 63156, 63157, 63158, 64863, 64875, 64882, 64890, 64894, 64899, 64901, 64903, 64906, 64907, 64910, 64912, 64914, 64915, 64916, 64917, 64918, 64919, 64920, 64921, 64922, 64923, 64925, 64926, 64927, 64928, 64929, 64930, 64931, 64932, 64933, 64934, 64935, 64936, 64937);
script_xref(name:"GLSA", value:"201401-30");
script_name(english:"GLSA-201401-30 : Oracle JRE/JDK: Multiple vulnerabilities (ROBOT)");
script_summary(english:"Checks for updated package(s) in /var/db/pkg");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Gentoo host is missing one or more security-related
patches."
);
script_set_attribute(
attribute:"description",
value:
"The remote host is affected by the vulnerability described in GLSA-201401-30
(Oracle JRE/JDK: Multiple vulnerabilities)
Multiple vulnerabilities have been reported in the Oracle Java
implementation. Please review the CVE identifiers referenced below for
details.
Impact :
An unauthenticated, remote attacker could exploit these vulnerabilities
to execute arbitrary code.
Furthermore, a local or remote attacker could exploit these
vulnerabilities to cause unspecified impact, possibly including remote
execution of arbitrary code.
Workaround :
There is no known workaround at this time."
);
script_set_attribute(
attribute:"see_also",
value:"https://security.gentoo.org/glsa/201401-30"
);
script_set_attribute(
attribute:"solution",
value:
"All Oracle JDK 1.7 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
'>=dev-java/oracle-jdk-bin-1.7.0.51'
All Oracle JRE 1.7 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
'>=dev-java/oracle-jre-bin-1.7.0.51'
All users of the precompiled 32-bit Oracle JRE should upgrade to the
latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
'>=app-emulation/emul-linux-x86-java-1.7.0.51'
All Sun Microsystems JDK/JRE 1.6 users are suggested to upgrade to one
of the newer Oracle packages like dev-java/oracle-jdk-bin or
dev-java/oracle-jre-bin or choose another alternative we provide; eg. the
IBM JDK/JRE or the open source IcedTea.
NOTE: As Oracle has revoked the DLJ license for its Java implementation,
the packages can no longer be updated automatically."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Java storeImageArray() Invalid Array Indexing Vulnerability');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:'CANVAS');
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:emul-linux-x86-java");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:oracle-jdk-bin");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:oracle-jre-bin");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:sun-jdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:sun-jre-bin");
script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
script_set_attribute(attribute:"patch_publication_date", value:"2014/01/27");
script_set_attribute(attribute:"in_the_news", value:"true");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/27");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");
script_family(english:"Gentoo Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (qpkg_check(package:"dev-java/sun-jre-bin", unaffected:make_list(), vulnerable:make_list("le 1.6.0.45"))) flag++;
if (qpkg_check(package:"app-emulation/emul-linux-x86-java", unaffected:make_list("ge 1.7.0.51"), vulnerable:make_list("lt 1.7.0.51"))) flag++;
if (qpkg_check(package:"dev-java/sun-jdk", unaffected:make_list(), vulnerable:make_list("le 1.6.0.45"))) flag++;
if (qpkg_check(package:"dev-java/oracle-jre-bin", unaffected:make_list("ge 1.7.0.51"), vulnerable:make_list("lt 1.7.0.51"))) flag++;
if (qpkg_check(package:"dev-java/oracle-jdk-bin", unaffected:make_list("ge 1.7.0.51"), vulnerable:make_list("lt 1.7.0.51"))) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = qpkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Oracle JRE/JDK");
}
{"kaspersky": [{"lastseen": "2019-02-19T17:02:44", "bulletinFamily": "info", "description": "### *Detect date*:\n10/16/2013\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Oracle products. By exploiting these vulnerabilities malicious users can affect integrity, confidentiality and availability. These vulnerabilities can be exploited remotely via an unknwn vectors related to CORBA, JNDI, BEANS, AWT, JAX-WS, Security, JGSS, Javadoc, SCRIPTING, JavaFX, Swing, Libraries, jhat, Deployment, 2D, JAXP and other unknown vectors.\n\n### *Affected products*:\nOracle Java SE 7 versions 7.40 and earlier \nOracle Java SE 6 versions 6.60 and earlier \nOracle Java SE 5 versions 5.51 and earlier \nOracle JRockit R28 versions 28.2.8 and earlier \nOracle JRockit R27 versions 27.7.6 and earlier\n\n### *Solution*:\nUpdate to latest version! \n[Java SE download page](<http://www.oracle.com/technetwork/java/javase/downloads/index.html>)\n\n### *Original advisories*:\n[Oracle bulletin](<http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html>) \n\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[Sun Java JRE](<https://threats.kaspersky.com/en/product/Sun-Java-JRE/>)\n\n### *CVE-IDS*:\n[CVE-2013-5787](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5787>) \n[CVE-2013-5783](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5783>) \n[CVE-2013-5800](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5800>) \n[CVE-2013-5810](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5810>) \n[CVE-2013-5803](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5803>) \n[CVE-2013-5838](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5838>) \n[CVE-2013-5852](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5852>) \n[CVE-2013-5790](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5790>) \n[CVE-2013-3829](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3829>) \n[CVE-2013-5854](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5854>) \n[CVE-2013-5848](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5848>) \n[CVE-2013-5806](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5806>) \n[CVE-2013-5829](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5829>) \n[CVE-2013-5849](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5849>) \n[CVE-2013-5797](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5797>) \n[CVE-2013-4002](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002>) \n[CVE-2013-5844](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5844>) \n[CVE-2013-5784](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5784>) \n[CVE-2013-5846](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5846>) \n[CVE-2013-5805](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5805>) \n[CVE-2013-5804](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5804>) \n[CVE-2013-5775](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5775>) \n[CVE-2013-5825](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5825>) \n[CVE-2013-5843](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5843>) \n[CVE-2013-5812](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5812>) \n[CVE-2013-5842](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5842>) \n[CVE-2013-5778](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5778>) \n[CVE-2013-5823](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5823>) \n[CVE-2013-5772](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5772>) \n[CVE-2013-5774](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5774>) \n[CVE-2013-5840](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5840>) \n[CVE-2013-5789](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5789>) \n[CVE-2013-5782](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5782>) \n[CVE-2013-5780](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5780>) \n[CVE-2013-5809](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5809>) \n[CVE-2013-5824](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5824>) \n[CVE-2013-5777](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5777>) \n[CVE-2013-5819](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5819>) \n[CVE-2013-5818](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5818>) \n[CVE-2013-5814](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5814>) \n[CVE-2013-5817](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5817>) \n[CVE-2013-5801](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5801>) \n[CVE-2013-5776](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5776>) \n[CVE-2013-5832](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5832>) \n[CVE-2013-5831](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5831>) \n[CVE-2013-5830](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5830>) \n[CVE-2013-5788](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5788>) \n[CVE-2013-5820](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5820>) \n[CVE-2013-5802](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5802>) \n[CVE-2013-5851](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5851>) \n[CVE-2013-5850](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5850>)", "modified": "2019-02-15T00:00:00", "published": "2013-10-16T00:00:00", "id": "KLA10492", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10492", "title": "\r KLA10492Multiple vulnerabilities in Oracle products ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-19T17:02:15", "bulletinFamily": "info", "description": "### *Detect date*:\n01/15/2014\n\n### *Severity*:\nCritical\n\n### *Description*:\nAn unspecified vulnerabilities were found in Oracle products. By exploiting this vulnerability malicious users can affect integrity, confidentiality and availability. This vulnerability can be exploited remotely via an unknown vectors related to 2D, Beans, CORBA, Deployment, Hotspot, Install, JAAS, JavaFX, JAXP, JNDI, JSSE, Libraries, Networking, Security and Serviceability.\n\n### *Affected products*:\nOracle Java SE versions 5u55, 6u65, 7u45 \nOracle JRockit R27.7.7, R28.2.9\n\n### *Solution*:\nUpdate to the latest version\n\n### *Original advisories*:\n[Oracle advisory](<http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html#AppendixJAVA>) \n\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[Sun Java JRE](<https://threats.kaspersky.com/en/product/Sun-Java-JRE/>)\n\n### *CVE-IDS*:\n[CVE-2013-5870](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5870>) \n[CVE-2014-0428](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0428>) \n[CVE-2014-0423](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0423>) \n[CVE-2013-5895](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5895>) \n[CVE-2013-5878](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5878>) \n[CVE-2014-0422](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0422>) \n[CVE-2014-0424](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0424>) \n[CVE-2013-5910](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5910>) \n[CVE-2014-0382](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0382>) \n[CVE-2014-0385](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0385>) \n[CVE-2013-5899](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5899>) \n[CVE-2014-0416](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0416>) \n[CVE-2014-0415](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0415>) \n[CVE-2013-5907](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5907>) \n[CVE-2014-0418](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0418>) \n[CVE-2014-0387](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0387>) \n[CVE-2013-5906](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5906>) \n[CVE-2013-5905](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5905>) \n[CVE-2013-5904](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5904>) \n[CVE-2014-0368](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0368>) \n[CVE-2013-5896](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5896>) \n[CVE-2013-5889](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5889>) \n[CVE-2013-5888](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5888>) \n[CVE-2013-5884](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5884>) \n[CVE-2013-5887](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5887>) \n[CVE-2014-0411](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0411>) \n[CVE-2013-5902](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5902>) \n[CVE-2014-0417](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0417>) \n[CVE-2014-0410](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0410>) \n[CVE-2014-0376](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0376>) \n[CVE-2013-5893](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5893>) \n[CVE-2014-0373](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0373>) \n[CVE-2013-5898](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5898>) \n[CVE-2014-0403](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0403>) \n[CVE-2014-0408](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0408>) \n[CVE-2014-0375](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0375>)", "modified": "2019-02-15T00:00:00", "published": "2014-01-15T00:00:00", "id": "KLA10511", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10511", "title": "\r KLA10511Multiple vulnerabilities in Oracle products ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-02-21T01:20:10", "bulletinFamily": "scanner", "description": "The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 45, 6 Update 65, or 5 Update 55. It is, therefore, potentially affected by security issues in the following components :\n\n - 2D\n - AWT\n - BEANS\n - CORBA\n - Deployment\n - JAX-WS\n - JAXP\n - JGSS\n - jhat\n - JNDI\n - JavaFX\n - Javadoc\n - Libraries\n - SCRIPTING\n - Security\n - Swing", "modified": "2018-11-15T00:00:00", "id": "ORACLE_JAVA_CPU_OCT_2013.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=70472", "published": "2013-10-17T00:00:00", "title": "Oracle Java SE Multiple Vulnerabilities (October 2013 CPU)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70472);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/15 20:50:28\");\n\n script_cve_id(\n \"CVE-2013-3829\",\n \"CVE-2013-4002\",\n \"CVE-2013-5772\",\n \"CVE-2013-5774\",\n \"CVE-2013-5775\",\n \"CVE-2013-5776\",\n \"CVE-2013-5777\",\n \"CVE-2013-5778\",\n \"CVE-2013-5780\",\n \"CVE-2013-5782\",\n \"CVE-2013-5783\",\n \"CVE-2013-5784\",\n \"CVE-2013-5787\",\n \"CVE-2013-5788\",\n \"CVE-2013-5789\",\n \"CVE-2013-5790\",\n \"CVE-2013-5797\",\n \"CVE-2013-5800\",\n \"CVE-2013-5801\",\n \"CVE-2013-5802\",\n \"CVE-2013-5803\",\n \"CVE-2013-5804\",\n \"CVE-2013-5805\",\n \"CVE-2013-5806\",\n \"CVE-2013-5809\",\n \"CVE-2013-5810\",\n \"CVE-2013-5812\",\n \"CVE-2013-5814\",\n \"CVE-2013-5817\",\n \"CVE-2013-5818\",\n \"CVE-2013-5819\",\n \"CVE-2013-5820\",\n \"CVE-2013-5823\",\n \"CVE-2013-5824\",\n \"CVE-2013-5825\",\n \"CVE-2013-5829\",\n \"CVE-2013-5830\",\n \"CVE-2013-5831\",\n \"CVE-2013-5832\",\n \"CVE-2013-5838\",\n \"CVE-2013-5840\",\n \"CVE-2013-5842\",\n \"CVE-2013-5843\",\n \"CVE-2013-5844\",\n \"CVE-2013-5846\",\n \"CVE-2013-5848\",\n \"CVE-2013-5849\",\n \"CVE-2013-5850\",\n \"CVE-2013-5851\",\n \"CVE-2013-5852\",\n \"CVE-2013-5854\"\n );\n script_bugtraq_id(\n 58507,\n 59141,\n 59153,\n 59165,\n 59167,\n 59170,\n 59184,\n 59187,\n 59194,\n 59206,\n 59212,\n 59213,\n 59219,\n 59228,\n 59243,\n 60617,\n 60618,\n 60619,\n 60620,\n 60621,\n 60622,\n 60623,\n 60624,\n 60625,\n 60626,\n 60627,\n 60629,\n 60630,\n 60631,\n 60632,\n 60633,\n 60634,\n 60635,\n 60637,\n 60638,\n 60639,\n 60640,\n 60641,\n 60643,\n 60644,\n 60645,\n 60646,\n 60647,\n 60649,\n 60650,\n 60651,\n 60652,\n 60653,\n 60654,\n 60655,\n 60656,\n 60657,\n 60658,\n 60659,\n 61310,\n 63079,\n 63082,\n 63089,\n 63095,\n 63098,\n 63101,\n 63102,\n 63103,\n 63106,\n 63110,\n 63111,\n 63112,\n 63115,\n 63118,\n 63120,\n 63121,\n 63122,\n 63124,\n 63126,\n 63127,\n 63128,\n 63129,\n 63130,\n 63131,\n 63132,\n 63133,\n 63134,\n 63135,\n 63136,\n 63137,\n 63139,\n 63140,\n 63141,\n 63142,\n 63143,\n 63144,\n 63145,\n 63146,\n 63147,\n 63148,\n 63149,\n 63150,\n 63151,\n 63152,\n 63153,\n 63154,\n 63155,\n 63156,\n 63157,\n 63158\n );\n\n script_name(english:\"Oracle Java SE Multiple Vulnerabilities (October 2013 CPU)\");\n script_summary(english:\"Checks version of the JRE\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a programming platform that is\npotentially affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle (formerly Sun) Java SE or Java for Business\ninstalled on the remote host is earlier than 7 Update 45, 6 Update 65,\nor 5 Update 55. It is, therefore, potentially affected by security\nissues in the following components :\n\n - 2D\n - AWT\n - BEANS\n - CORBA\n - Deployment\n - JAX-WS\n - JAXP\n - JGSS\n - jhat\n - JNDI\n - JavaFX\n - Javadoc\n - Libraries\n - SCRIPTING\n - Security\n - Swing\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-13-244/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-13-245/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-13-246/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-13-247/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-13-248/\");\n # https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html#AppendixJAVA\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?94fd7b37\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.oracle.com/technetwork/java/eol-135779.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update to JDK / JRE 7 Update 45, 6 Update 65, or 5 Update 55 or later\nand, if necessary, remove any affected versions.\n\nNote that an Extended Support contract with Oracle is needed to obtain\nJDK / JRE 5 Update 55 or later or 6 Update 65 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jre\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jdk\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"sun_java_jre_installed.nasl\");\n script_require_keys(\"SMB/Java/JRE/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Check each installed JRE.\ninstalls = get_kb_list_or_exit(\"SMB/Java/JRE/*\");\n\ninfo = \"\";\nvuln = 0;\ninstalled_versions = \"\";\n\nforeach install (list_uniq(keys(installs)))\n{\n ver = install - \"SMB/Java/JRE/\";\n if (ver !~ \"^[0-9.]+\") continue;\n\n installed_versions = installed_versions + \" & \" + ver;\n\n if (\n ver =~ '^1\\\\.5\\\\.0_([0-9]|[0-4][0-9]|5[0-4])([^0-9]|$)' ||\n ver =~ '^1\\\\.6\\\\.0_([0-9]|[0-5][0-9]|6[0-4])([^0-9]|$)' ||\n ver =~ '^1\\\\.7\\\\.0_([0-9]|[0-3][0-9]|4[0-4])([^0-9]|$)'\n )\n {\n dirs = make_list(get_kb_list(install));\n vuln += max_index(dirs);\n\n foreach dir (dirs)\n info += '\\n Path : ' + dir;\n\n info += '\\n Installed version : ' + ver;\n info += '\\n Fixed version : 1.5.0_55 / 1.6.0_65 / 1.7.0_45\\n';\n }\n}\n\n# Report if any were found to be vulnerable.\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n if (vuln > 1) s = \"s of Java are\";\n else s = \" of Java is\";\n\n report =\n '\\n' +\n 'The following vulnerable instance'+s+' installed on the\\n' +\n 'remote host :\\n' +\n info;\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse\n{\n installed_versions = substr(installed_versions, 3);\n if (\" & \" >< installed_versions)\n exit(0, \"The Java \"+installed_versions+\" installs on the remote host are not affected.\");\n else\n audit(AUDIT_INST_VER_NOT_VULN, \"Java\", installed_versions);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:20:10", "bulletinFamily": "scanner", "description": "The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 45, 6 Update 65, or 5 Update 55. It is, therefore, potentially affected by security issues in the following components :\n\n - 2D\n - AWT\n - BEANS\n - CORBA\n - Deployment\n - JAX-WS\n - JAXP\n - JGSS\n - jhat\n - JNDI\n - JavaFX\n - Javadoc\n - Libraries\n - SCRIPTING\n - Security\n - Swing", "modified": "2018-11-15T00:00:00", "id": "ORACLE_JAVA_CPU_OCT_2013_UNIX.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=70473", "published": "2013-10-17T00:00:00", "title": "Oracle Java SE Multiple Vulnerabilities (October 2013 CPU) (Unix)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70473);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/11/15 20:50:23\");\n\n script_cve_id(\n \"CVE-2013-3829\",\n \"CVE-2013-4002\",\n \"CVE-2013-5772\",\n \"CVE-2013-5774\",\n \"CVE-2013-5775\",\n \"CVE-2013-5776\",\n \"CVE-2013-5777\",\n \"CVE-2013-5778\",\n \"CVE-2013-5780\",\n \"CVE-2013-5782\",\n \"CVE-2013-5783\",\n \"CVE-2013-5784\",\n \"CVE-2013-5787\",\n \"CVE-2013-5788\",\n \"CVE-2013-5789\",\n \"CVE-2013-5790\",\n \"CVE-2013-5797\",\n \"CVE-2013-5800\",\n \"CVE-2013-5801\",\n \"CVE-2013-5802\",\n \"CVE-2013-5803\",\n \"CVE-2013-5804\",\n \"CVE-2013-5805\",\n \"CVE-2013-5806\",\n \"CVE-2013-5809\",\n \"CVE-2013-5810\",\n \"CVE-2013-5812\",\n \"CVE-2013-5814\",\n \"CVE-2013-5817\",\n \"CVE-2013-5818\",\n \"CVE-2013-5819\",\n \"CVE-2013-5820\",\n \"CVE-2013-5823\",\n \"CVE-2013-5824\",\n \"CVE-2013-5825\",\n \"CVE-2013-5829\",\n \"CVE-2013-5830\",\n \"CVE-2013-5831\",\n \"CVE-2013-5832\",\n \"CVE-2013-5838\",\n \"CVE-2013-5840\",\n \"CVE-2013-5842\",\n \"CVE-2013-5843\",\n \"CVE-2013-5844\",\n \"CVE-2013-5846\",\n \"CVE-2013-5848\",\n \"CVE-2013-5849\",\n \"CVE-2013-5850\",\n \"CVE-2013-5851\",\n \"CVE-2013-5852\",\n \"CVE-2013-5854\"\n );\n script_bugtraq_id(\n 58507,\n 59141,\n 59153,\n 59165,\n 59167,\n 59170,\n 59184,\n 59187,\n 59194,\n 59206,\n 59212,\n 59213,\n 59219,\n 59228,\n 59243,\n 60617,\n 60618,\n 60619,\n 60620,\n 60621,\n 60622,\n 60623,\n 60624,\n 60625,\n 60626,\n 60627,\n 60629,\n 60630,\n 60631,\n 60632,\n 60633,\n 60634,\n 60635,\n 60637,\n 60638,\n 60639,\n 60640,\n 60641,\n 60643,\n 60644,\n 60645,\n 60646,\n 60647,\n 60649,\n 60650,\n 60651,\n 60652,\n 60653,\n 60654,\n 60655,\n 60656,\n 60657,\n 60658,\n 60659,\n 61310,\n 63079,\n 63082,\n 63089,\n 63095,\n 63098,\n 63101,\n 63102,\n 63103,\n 63106,\n 63110,\n 63111,\n 63112,\n 63115,\n 63118,\n 63120,\n 63121,\n 63122,\n 63124,\n 63126,\n 63127,\n 63128,\n 63129,\n 63130,\n 63131,\n 63132,\n 63133,\n 63134,\n 63135,\n 63136,\n 63137,\n 63139,\n 63140,\n 63141,\n 63142,\n 63143,\n 63144,\n 63145,\n 63146,\n 63147,\n 63148,\n 63149,\n 63150,\n 63151,\n 63152,\n 63153,\n 63154,\n 63155,\n 63156,\n 63157,\n 63158\n );\n\n script_name(english:\"Oracle Java SE Multiple Vulnerabilities (October 2013 CPU) (Unix)\");\n script_summary(english:\"Checks version of the JRE\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Unix host contains a programming platform that is\npotentially affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle (formerly Sun) Java SE or Java for Business\ninstalled on the remote host is earlier than 7 Update 45, 6 Update 65,\nor 5 Update 55. It is, therefore, potentially affected by security\nissues in the following components :\n\n - 2D\n - AWT\n - BEANS\n - CORBA\n - Deployment\n - JAX-WS\n - JAXP\n - JGSS\n - jhat\n - JNDI\n - JavaFX\n - Javadoc\n - Libraries\n - SCRIPTING\n - Security\n - Swing\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-13-244/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-13-245/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-13-246/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-13-247/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-13-248/\");\n # https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html#AppendixJAVA\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?94fd7b37\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.oracle.com/technetwork/java/eol-135779.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update to JDK / JRE 7 Update 45, 6 Update 65, or 5 Update 55 or later\nand, if necessary, remove any affected versions.\n\nNote that an Extended Support contract with Oracle is needed to obtain\nJDK / JRE 5 Update 55 or later or 6 Update 65 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jre\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jdk\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"sun_java_jre_installed_unix.nasl\");\n script_require_keys(\"Host/Java/JRE/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Check each installed JRE.\ninstalls = get_kb_list_or_exit(\"Host/Java/JRE/Unmanaged/*\");\n\ninfo = \"\";\nvuln = 0;\nvuln2 = 0;\ninstalled_versions = \"\";\ngranular = \"\";\n\nforeach install (list_uniq(keys(installs)))\n{\n ver = install - \"Host/Java/JRE/Unmanaged/\";\n if (ver !~ \"^[0-9.]+\") continue;\n\n installed_versions = installed_versions + \" & \" + ver;\n\n if (\n ver =~ '^1\\\\.5\\\\.0_([0-9]|[0-4][0-9]|5[0-4])([^0-9]|$)' ||\n ver =~ '^1\\\\.6\\\\.0_([0-9]|[0-5][0-9]|6[0-4])([^0-9]|$)' ||\n ver =~ '^1\\\\.7\\\\.0_([0-9]|[0-3][0-9]|4[0-4])([^0-9]|$)'\n )\n {\n dirs = make_list(get_kb_list(install));\n vuln += max_index(dirs);\n\n foreach dir (dirs)\n info += '\\n Path : ' + dir;\n\n info += '\\n Installed version : ' + ver;\n info += '\\n Fixed version : 1.5.0_55 / 1.6.0_65 / 1.7.0_45\\n';\n }\n else if (ver =~ \"^[\\d\\.]+$\")\n {\n dirs = make_list(get_kb_list(install));\n foreach dir (dirs)\n granular += \"The Oracle Java version \"+ver+\" at \"+dir+\" is not granular enough to make a determination.\"+'\\n';\n }\n else\n {\n dirs = make_list(get_kb_list(install));\n vuln2 += max_index(dirs);\n }\n\n}\n\n# Report if any were found to be vulnerable.\nif (info)\n{\n if (report_verbosity > 0)\n {\n if (vuln > 1) s = \"s of Java are\";\n else s = \" of Java is\";\n\n report =\n '\\n' +\n 'The following vulnerable instance'+s+' installed on the\\n' +\n 'remote host :\\n' +\n info;\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n if (granular) exit(0, granular);\n}\nelse\n{\n if (granular) exit(0, granular);\n\n installed_versions = substr(installed_versions, 3);\n if (vuln2 > 1)\n exit(0, \"The Java \"+installed_versions+\" installs on the remote host are not affected.\");\n else\n exit(0, \"The Java \"+installed_versions+\" install on the remote host is not affected.\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:20:37", "bulletinFamily": "scanner", "description": "The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 51, 6 Update 71, or 5 Update 61. It is, therefore, potentially affected by security issues in the following components :\n\n - 2D\n - Beans\n - CORBA\n - Deployment\n - Hotspot\n - Install\n - JAAS\n - JavaFX\n - JAXP\n - JNDI\n - JSSE\n - Libraries\n - Networking\n - Security\n - Serviceability", "modified": "2018-11-15T00:00:00", "id": "ORACLE_JAVA_CPU_JAN_2014_UNIX.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=71967", "published": "2014-01-15T00:00:00", "title": "Oracle Java SE Multiple Vulnerabilities (January 2014 CPU) (Unix)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71967);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/11/15 20:50:23\");\n\n script_cve_id(\n \"CVE-2013-5870\",\n \"CVE-2013-5878\",\n \"CVE-2013-5884\",\n \"CVE-2013-5887\",\n \"CVE-2013-5888\",\n \"CVE-2013-5889\",\n \"CVE-2013-5893\",\n \"CVE-2013-5895\",\n \"CVE-2013-5896\",\n \"CVE-2013-5898\",\n \"CVE-2013-5899\",\n \"CVE-2013-5902\",\n \"CVE-2013-5904\",\n \"CVE-2013-5905\",\n \"CVE-2013-5906\",\n \"CVE-2013-5907\",\n \"CVE-2013-5910\",\n \"CVE-2014-0368\",\n \"CVE-2014-0373\",\n \"CVE-2014-0375\",\n \"CVE-2014-0376\",\n \"CVE-2014-0382\",\n \"CVE-2014-0385\",\n \"CVE-2014-0387\",\n \"CVE-2014-0403\",\n \"CVE-2014-0408\",\n \"CVE-2014-0410\",\n \"CVE-2014-0411\",\n \"CVE-2014-0415\",\n \"CVE-2014-0416\",\n \"CVE-2014-0417\",\n \"CVE-2014-0418\",\n \"CVE-2014-0422\",\n \"CVE-2014-0423\",\n \"CVE-2014-0424\",\n \"CVE-2014-0428\"\n );\n script_bugtraq_id(\n 64863,\n 64875,\n 64882,\n 64890,\n 64894,\n 64899,\n 64901,\n 64903,\n 64906,\n 64907,\n 64910,\n 64912,\n 64914,\n 64915,\n 64916,\n 64917,\n 64918,\n 64919,\n 64920,\n 64921,\n 64922,\n 64923,\n 64924,\n 64925,\n 64926,\n 64927,\n 64928,\n 64929,\n 64930,\n 64931,\n 64932,\n 64933,\n 64934,\n 64935,\n 64936,\n 64937\n );\n\n script_name(english:\"Oracle Java SE Multiple Vulnerabilities (January 2014 CPU) (Unix)\");\n script_summary(english:\"Checks version of the JRE\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Unix host contains a programming platform that is\npotentially affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle (formerly Sun) Java SE or Java for Business\ninstalled on the remote host is earlier than 7 Update 51, 6 Update 71,\nor 5 Update 61. It is, therefore, potentially affected by security\nissues in the following components :\n\n - 2D\n - Beans\n - CORBA\n - Deployment\n - Hotspot\n - Install\n - JAAS\n - JavaFX\n - JAXP\n - JNDI\n - JSSE\n - Libraries\n - Networking\n - Security\n - Serviceability\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-14-013/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-14-038/\");\n # https://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html#AppendixJAVA\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?924160cd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update to JDK / JRE 7 Update 51, 6 Update 71 or 5 Update 61 or later\nand, if necessary, remove any affected versions.\n\nNote that an Extended Support contract with Oracle is needed to obtain\nJDK / JRE 5 Update 61 or later or 6 Update 71 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/01/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jre\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jdk\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"sun_java_jre_installed_unix.nasl\");\n script_require_keys(\"Host/Java/JRE/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Check each installed JRE.\ninstalls = get_kb_list_or_exit(\"Host/Java/JRE/Unmanaged/*\");\n\ninfo = \"\";\nvuln = 0;\nvuln2 = 0;\ninstalled_versions = \"\";\ngranular = \"\";\n\nforeach install (list_uniq(keys(installs)))\n{\n ver = install - \"Host/Java/JRE/Unmanaged/\";\n if (ver !~ \"^[0-9.]+\") continue;\n\n installed_versions = installed_versions + \" & \" + ver;\n\n if (\n ver =~ '^1\\\\.5\\\\.0_([0-9]|[0-5][0-9]|60)([^0-9]|$)' ||\n ver =~ '^1\\\\.6\\\\.0_([0-9]|[0-6][0-9]|70)([^0-9]|$)' ||\n ver =~ '^1\\\\.7\\\\.0_([0-9]|[0-4][0-9]|50)([^0-9]|$)'\n )\n {\n dirs = make_list(get_kb_list(install));\n vuln += max_index(dirs);\n\n foreach dir (dirs)\n info += '\\n Path : ' + dir;\n\n info += '\\n Installed version : ' + ver;\n info += '\\n Fixed version : 1.5.0_61 / 1.6.0_71 / 1.7.0_51\\n';\n }\n else if (ver =~ \"^[\\d\\.]+$\")\n {\n dirs = make_list(get_kb_list(install));\n foreach dir (dirs)\n granular += \"The Oracle Java version \"+ver+\" at \"+dir+\" is not granular enough to make a determination.\"+'\\n';\n }\n else\n {\n dirs = make_list(get_kb_list(install));\n vuln2 += max_index(dirs);\n }\n\n}\n\n# Report if any were found to be vulnerable.\nif (info)\n{\n if (report_verbosity > 0)\n {\n if (vuln > 1) s = \"s of Java are\";\n else s = \" of Java is\";\n\n report =\n '\\n' +\n 'The following vulnerable instance'+s+' installed on the\\n' +\n 'remote host :\\n' +\n info;\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n if (granular) exit(0, granular);\n}\nelse\n{\n if (granular) exit(0, granular);\n\n installed_versions = substr(installed_versions, 3);\n if (vuln2 > 1)\n exit(0, \"The Java \"+installed_versions+\" installs on the remote host are not affected.\");\n else\n exit(0, \"The Java \"+installed_versions+\" install on the remote host is not affected.\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:17:52", "bulletinFamily": "scanner", "description": "Several information disclosure vulnerabilities were discovered in the OpenJDK JRE. (CVE-2012-3216, CVE-2012-5069, CVE-2012-5072, CVE-2012-5075, CVE-2012-5077, CVE-2012-5085)\n\nVulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. (CVE-2012-4416, CVE-2012-5071)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to cause a denial of service. (CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-3143, CVE-2012-3159, CVE-2012-5068, CVE-2012-5083, CVE-2012-5084, CVE-2012-5086, CVE-2012-5089)\n\nInformation disclosure vulnerabilities were discovered in the OpenJDK JRE. These issues only affected Ubuntu 12.10. (CVE-2012-5067, CVE-2012-5070)\n\nVulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2012-5073, CVE-2012-5079)\n\nA vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. This issue only affected Ubuntu 12.10. (CVE-2012-5074)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to cause a denial of service. These issues only affected Ubuntu 12.10. (CVE-2012-5076, CVE-2012-5087, CVE-2012-5088)\n\nA denial of service vulnerability was found in OpenJDK.\n(CVE-2012-5081)\n\nPlease see the following for more information:\nhttp://www.oracle.com/technetwork/topics/security/javacpuoct2012-15159 24.html.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-1619-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=62709", "published": "2012-10-26T00:00:00", "title": "Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS / 12.10 : openjdk-6, openjdk-7 vulnerabilities (USN-1619-1) (ROBOT)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1619-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62709);\n script_version(\"1.21\");\n script_cvs_date(\"Date: 2018/12/01 13:19:07\");\n\n script_cve_id(\"CVE-2012-1531\", \"CVE-2012-1532\", \"CVE-2012-1533\", \"CVE-2012-3143\", \"CVE-2012-3159\", \"CVE-2012-3216\", \"CVE-2012-4416\", \"CVE-2012-5067\", \"CVE-2012-5068\", \"CVE-2012-5069\", \"CVE-2012-5070\", \"CVE-2012-5071\", \"CVE-2012-5072\", \"CVE-2012-5073\", \"CVE-2012-5074\", \"CVE-2012-5075\", \"CVE-2012-5076\", \"CVE-2012-5077\", \"CVE-2012-5079\", \"CVE-2012-5081\", \"CVE-2012-5083\", \"CVE-2012-5084\", \"CVE-2012-5085\", \"CVE-2012-5086\", \"CVE-2012-5087\", \"CVE-2012-5088\", \"CVE-2012-5089\");\n script_bugtraq_id(55501, 56025, 56033, 56039, 56046, 56051, 56055, 56056, 56058, 56059, 56061, 56065, 56067, 56070, 56072, 56075, 56076, 56079, 56080, 56081, 56082, 56083);\n script_xref(name:\"USN\", value:\"1619-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS / 12.10 : openjdk-6, openjdk-7 vulnerabilities (USN-1619-1) (ROBOT)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several information disclosure vulnerabilities were discovered in the\nOpenJDK JRE. (CVE-2012-3216, CVE-2012-5069, CVE-2012-5072,\nCVE-2012-5075, CVE-2012-5077, CVE-2012-5085)\n\nVulnerabilities were discovered in the OpenJDK JRE related to\ninformation disclosure and data integrity. (CVE-2012-4416,\nCVE-2012-5071)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to\ninformation disclosure and data integrity. An attacker could exploit\nthese to cause a denial of service. (CVE-2012-1531, CVE-2012-1532,\nCVE-2012-1533, CVE-2012-3143, CVE-2012-3159, CVE-2012-5068,\nCVE-2012-5083, CVE-2012-5084, CVE-2012-5086, CVE-2012-5089)\n\nInformation disclosure vulnerabilities were discovered in the OpenJDK\nJRE. These issues only affected Ubuntu 12.10. (CVE-2012-5067,\nCVE-2012-5070)\n\nVulnerabilities were discovered in the OpenJDK JRE related to data\nintegrity. (CVE-2012-5073, CVE-2012-5079)\n\nA vulnerability was discovered in the OpenJDK JRE related to\ninformation disclosure and data integrity. This issue only affected\nUbuntu 12.10. (CVE-2012-5074)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to\ninformation disclosure and data integrity. An attacker could exploit\nthese to cause a denial of service. These issues only affected Ubuntu\n12.10. (CVE-2012-5076, CVE-2012-5087, CVE-2012-5088)\n\nA denial of service vulnerability was found in OpenJDK.\n(CVE-2012-5081)\n\nPlease see the following for more information:\nhttp://www.oracle.com/technetwork/topics/security/javacpuoct2012-15159\n24.html.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1619-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java Applet Method Handle Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-cacao\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-jamvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea-7-jre-cacao\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea-7-jre-jamvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-zero\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-zero\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/26\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(10\\.04|11\\.04|11\\.10|12\\.04|12\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 11.04 / 11.10 / 12.04 / 12.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"icedtea-6-jre-cacao\", pkgver:\"6b24-1.11.5-0ubuntu1~10.04.2\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre\", pkgver:\"6b24-1.11.5-0ubuntu1~10.04.2\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b24-1.11.5-0ubuntu1~10.04.2\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre-lib\", pkgver:\"6b24-1.11.5-0ubuntu1~10.04.2\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre-zero\", pkgver:\"6b24-1.11.5-0ubuntu1~10.04.2\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"icedtea-6-jre-cacao\", pkgver:\"6b24-1.11.5-0ubuntu1~11.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"icedtea-6-jre-jamvm\", pkgver:\"6b24-1.11.5-0ubuntu1~11.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"openjdk-6-jre\", pkgver:\"6b24-1.11.5-0ubuntu1~11.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b24-1.11.5-0ubuntu1~11.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"openjdk-6-jre-lib\", pkgver:\"6b24-1.11.5-0ubuntu1~11.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"openjdk-6-jre-zero\", pkgver:\"6b24-1.11.5-0ubuntu1~11.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"icedtea-6-jre-cacao\", pkgver:\"6b24-1.11.5-0ubuntu1~11.10.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"icedtea-6-jre-jamvm\", pkgver:\"6b24-1.11.5-0ubuntu1~11.10.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"openjdk-6-jre\", pkgver:\"6b24-1.11.5-0ubuntu1~11.10.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b24-1.11.5-0ubuntu1~11.10.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"openjdk-6-jre-lib\", pkgver:\"6b24-1.11.5-0ubuntu1~11.10.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"openjdk-6-jre-zero\", pkgver:\"6b24-1.11.5-0ubuntu1~11.10.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"icedtea-6-jre-cacao\", pkgver:\"6b24-1.11.5-0ubuntu1~12.04.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"icedtea-6-jre-jamvm\", pkgver:\"6b24-1.11.5-0ubuntu1~12.04.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"openjdk-6-jre\", pkgver:\"6b24-1.11.5-0ubuntu1~12.04.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b24-1.11.5-0ubuntu1~12.04.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"openjdk-6-jre-lib\", pkgver:\"6b24-1.11.5-0ubuntu1~12.04.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"openjdk-6-jre-zero\", pkgver:\"6b24-1.11.5-0ubuntu1~12.04.1\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"icedtea-7-jre-cacao\", pkgver:\"7u9-2.3.3-0ubuntu1~12.10.1\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"icedtea-7-jre-jamvm\", pkgver:\"7u9-2.3.3-0ubuntu1~12.10.1\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"openjdk-7-jre\", pkgver:\"7u9-2.3.3-0ubuntu1~12.10.1\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"openjdk-7-jre-headless\", pkgver:\"7u9-2.3.3-0ubuntu1~12.10.1\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"openjdk-7-jre-lib\", pkgver:\"7u9-2.3.3-0ubuntu1~12.10.1\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"openjdk-7-jre-zero\", pkgver:\"7u9-2.3.3-0ubuntu1~12.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-6-jre-cacao / icedtea-6-jre-jamvm / icedtea-7-jre-cacao / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:20:10", "bulletinFamily": "scanner", "description": "Updated java-1.7.0-oracle packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section.\n(CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774, CVE-2013-5775, CVE-2013-5776, CVE-2013-5777, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5788, CVE-2013-5789, CVE-2013-5790, CVE-2013-5797, CVE-2013-5800, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5810, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832, CVE-2013-5838, CVE-2013-5840, CVE-2013-5842, CVE-2013-5843, CVE-2013-5844, CVE-2013-5846, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850, CVE-2013-5851, CVE-2013-5852, CVE-2013-5854)\n\nAll users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 45 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.", "modified": "2018-07-26T00:00:00", "id": "REDHAT-RHSA-2013-1440.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=70488", "published": "2013-10-18T00:00:00", "title": "RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2013:1440)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1440. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70488);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/26 18:45:28\");\n\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5775\", \"CVE-2013-5776\", \"CVE-2013-5777\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5787\", \"CVE-2013-5788\", \"CVE-2013-5789\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5800\", \"CVE-2013-5801\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5810\", \"CVE-2013-5812\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5818\", \"CVE-2013-5819\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5824\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5831\", \"CVE-2013-5832\", \"CVE-2013-5838\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5843\", \"CVE-2013-5844\", \"CVE-2013-5846\", \"CVE-2013-5848\", \"CVE-2013-5849\", \"CVE-2013-5850\", \"CVE-2013-5851\", \"CVE-2013-5852\", \"CVE-2013-5854\");\n script_bugtraq_id(61310, 63079, 63082, 63089, 63095, 63098, 63101, 63102, 63103, 63106, 63110, 63111, 63115, 63118, 63120, 63121, 63124, 63126, 63127, 63128, 63129, 63131, 63132, 63133, 63134, 63135, 63136, 63137, 63139, 63140, 63141, 63142, 63143, 63144, 63145, 63146, 63147, 63148, 63149, 63150, 63151, 63152, 63153, 63154, 63155, 63156, 63157, 63158);\n script_xref(name:\"RHSA\", value:\"2013:1440\");\n\n script_name(english:\"RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2013:1440)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.7.0-oracle packages that fix several security issues\nare now available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nOracle Java SE version 7 includes the Oracle Java Runtime Environment\nand the Oracle Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the Oracle Java Runtime\nEnvironment and the Oracle Java Software Development Kit. Further\ninformation about these flaws can be found on the Oracle Java SE\nCritical Patch Update Advisory page, listed in the References section.\n(CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774,\nCVE-2013-5775, CVE-2013-5776, CVE-2013-5777, CVE-2013-5778,\nCVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784,\nCVE-2013-5787, CVE-2013-5788, CVE-2013-5789, CVE-2013-5790,\nCVE-2013-5797, CVE-2013-5800, CVE-2013-5801, CVE-2013-5802,\nCVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5810,\nCVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818,\nCVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824,\nCVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831,\nCVE-2013-5832, CVE-2013-5838, CVE-2013-5840, CVE-2013-5842,\nCVE-2013-5843, CVE-2013-5844, CVE-2013-5846, CVE-2013-5848,\nCVE-2013-5849, CVE-2013-5850, CVE-2013-5851, CVE-2013-5852,\nCVE-2013-5854)\n\nAll users of java-1.7.0-oracle are advised to upgrade to these updated\npackages, which provide Oracle Java 7 Update 45 and resolve these\nissues. All running instances of Oracle Java must be restarted for the\nupdate to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-3829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4002.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5772.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5774.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5775.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5776.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5777.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5778.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5780.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5782.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5783.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5784.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5787.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5788.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5789.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5790.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5797.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5800.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5801.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5802.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5803.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5804.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5809.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5810.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5812.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5814.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5817.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5818.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5819.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5820.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5823.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5824.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5825.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5830.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5831.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5832.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5838.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5840.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5842.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5843.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5844.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5846.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5848.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5849.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5850.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5851.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5852.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5854.html\"\n );\n # http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ac29c174\"\n );\n # http://www.oracle.com/technetwork/java/javase/7u45-relnotes-2016950.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7c8fe88a\"\n );\n # http://www.oracle.com/technetwork/java/javase/7u40-relnotes-2004172.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8f6e7bee\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-1440.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-javafx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-oracle-1.7.0.45-1jpp.1.el5_10\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-1.7.0.45-1jpp.1.el5_10\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-oracle-devel-1.7.0.45-1jpp.1.el5_10\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-devel-1.7.0.45-1jpp.1.el5_10\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-oracle-javafx-1.7.0.45-1jpp.1.el5_10\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-javafx-1.7.0.45-1jpp.1.el5_10\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-oracle-jdbc-1.7.0.45-1jpp.1.el5_10\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-jdbc-1.7.0.45-1jpp.1.el5_10\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-oracle-plugin-1.7.0.45-1jpp.1.el5_10\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-plugin-1.7.0.45-1jpp.1.el5_10\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-oracle-src-1.7.0.45-1jpp.1.el5_10\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-src-1.7.0.45-1jpp.1.el5_10\")) flag++;\n\n\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-1.7.0.45-1jpp.2.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-1.7.0.45-1jpp.2.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-devel-1.7.0.45-1jpp.2.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-devel-1.7.0.45-1jpp.2.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-javafx-1.7.0.45-1jpp.2.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-javafx-1.7.0.45-1jpp.2.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-jdbc-1.7.0.45-1jpp.2.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-jdbc-1.7.0.45-1jpp.2.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-plugin-1.7.0.45-1jpp.2.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-plugin-1.7.0.45-1jpp.2.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-src-1.7.0.45-1jpp.2.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-src-1.7.0.45-1jpp.2.el6_4\")) flag++;\n\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-oracle / java-1.7.0-oracle-devel / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:17:50", "bulletinFamily": "scanner", "description": "Updated java-1.7.0-oracle packages that fix several security issues are now available for Red Hat Enterprise Linux 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section.\n(CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-3143, CVE-2012-3159, CVE-2012-3216, CVE-2012-4416, CVE-2012-5067, CVE-2012-5068, CVE-2012-5069, CVE-2012-5070, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5074, CVE-2012-5075, CVE-2012-5076, CVE-2012-5077, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5085, CVE-2012-5086, CVE-2012-5087, CVE-2012-5088, CVE-2012-5089)\n\nAll users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 9. All running instances of Oracle Java must be restarted for the update to take effect.", "modified": "2018-07-25T00:00:00", "id": "REDHAT-RHSA-2012-1391.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=62635", "published": "2012-10-19T00:00:00", "title": "RHEL 6 : java-1.7.0-oracle (RHSA-2012:1391)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1391. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62635);\n script_version (\"1.22\");\n script_cvs_date(\"Date: 2018/07/25 18:58:06\");\n\n script_cve_id(\"CVE-2012-1531\", \"CVE-2012-1532\", \"CVE-2012-1533\", \"CVE-2012-3143\", \"CVE-2012-3159\", \"CVE-2012-3216\", \"CVE-2012-4416\", \"CVE-2012-5067\", \"CVE-2012-5068\", \"CVE-2012-5069\", \"CVE-2012-5070\", \"CVE-2012-5071\", \"CVE-2012-5072\", \"CVE-2012-5073\", \"CVE-2012-5074\", \"CVE-2012-5075\", \"CVE-2012-5076\", \"CVE-2012-5077\", \"CVE-2012-5079\", \"CVE-2012-5081\", \"CVE-2012-5083\", \"CVE-2012-5084\", \"CVE-2012-5085\", \"CVE-2012-5086\", \"CVE-2012-5087\", \"CVE-2012-5088\", \"CVE-2012-5089\");\n script_xref(name:\"RHSA\", value:\"2012:1391\");\n\n script_name(english:\"RHEL 6 : java-1.7.0-oracle (RHSA-2012:1391)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.7.0-oracle packages that fix several security issues\nare now available for Red Hat Enterprise Linux 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nOracle Java SE version 7 includes the Oracle Java Runtime Environment\nand the Oracle Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the Oracle Java Runtime\nEnvironment and the Oracle Java Software Development Kit. Further\ninformation about these flaws can be found on the Oracle Java SE\nCritical Patch Update Advisory page, listed in the References section.\n(CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-3143,\nCVE-2012-3159, CVE-2012-3216, CVE-2012-4416, CVE-2012-5067,\nCVE-2012-5068, CVE-2012-5069, CVE-2012-5070, CVE-2012-5071,\nCVE-2012-5072, CVE-2012-5073, CVE-2012-5074, CVE-2012-5075,\nCVE-2012-5076, CVE-2012-5077, CVE-2012-5079, CVE-2012-5081,\nCVE-2012-5083, CVE-2012-5084, CVE-2012-5085, CVE-2012-5086,\nCVE-2012-5087, CVE-2012-5088, CVE-2012-5089)\n\nAll users of java-1.7.0-oracle are advised to upgrade to these updated\npackages, which provide Oracle Java 7 Update 9. All running instances\nof Oracle Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-1531.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-1532.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-1533.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-3143.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-3159.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-3216.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-4416.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-5067.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-5068.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-5069.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-5070.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-5071.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-5072.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-5073.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-5074.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-5075.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-5076.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-5077.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-5079.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-5081.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-5083.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-5084.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-5085.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-5086.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-5087.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-5088.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-5089.html\"\n );\n # http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b0eb44d4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2012-1391.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java Applet Method Handle Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-javafx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-1.7.0.9-1jpp.3.el6_3\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-1.7.0.9-1jpp.3.el6_3\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-devel-1.7.0.9-1jpp.3.el6_3\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-devel-1.7.0.9-1jpp.3.el6_3\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-javafx-1.7.0.9-1jpp.3.el6_3\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-javafx-1.7.0.9-1jpp.3.el6_3\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-jdbc-1.7.0.9-1jpp.3.el6_3\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-jdbc-1.7.0.9-1jpp.3.el6_3\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-plugin-1.7.0.9-1jpp.3.el6_3\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-plugin-1.7.0.9-1jpp.3.el6_3\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-src-1.7.0.9-1jpp.3.el6_3\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-src-1.7.0.9-1jpp.3.el6_3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:21:10", "bulletinFamily": "scanner", "description": "The remote host has a version of IBM Domino (formerly Lotus Domino) 8.0.x / 8.5.x / 9.0.x that is bundled with an IBM Java version prior to 1.6 SR15 FP1. It is, therefore, affected by the vulnerabilities mentioned in the Oracle Java Critical Patch Update advisories for October 2013 and January 2014.", "modified": "2018-07-14T00:00:00", "id": "LOTUS_DOMINO_9_0_1_FP1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73969", "published": "2014-05-12T00:00:00", "title": "IBM Domino 8.0.x / 8.5.x / 9.0.x with IBM Java < 1.6 SR15 FP1 Multiple Vulnerabilities (credentialed check)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73969);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/07/14 1:59:37\");\n\n script_cve_id(\n \"CVE-2013-0408\",\n \"CVE-2013-3829\",\n \"CVE-2013-4002\",\n \"CVE-2013-4041\",\n \"CVE-2013-5372\",\n \"CVE-2013-5375\",\n \"CVE-2013-5456\",\n \"CVE-2013-5457\",\n \"CVE-2013-5458\",\n \"CVE-2013-5772\",\n \"CVE-2013-5774\",\n \"CVE-2013-5776\",\n \"CVE-2013-5778\",\n \"CVE-2013-5780\",\n \"CVE-2013-5782\",\n \"CVE-2013-5783\",\n \"CVE-2013-5784\",\n \"CVE-2013-5787\",\n \"CVE-2013-5788\",\n \"CVE-2013-5789\",\n \"CVE-2013-5790\",\n \"CVE-2013-5797\",\n \"CVE-2013-5800\",\n \"CVE-2013-5801\",\n \"CVE-2013-5802\",\n \"CVE-2013-5803\",\n \"CVE-2013-5804\",\n \"CVE-2013-5805\",\n \"CVE-2013-5806\",\n \"CVE-2013-5809\",\n \"CVE-2013-5812\",\n \"CVE-2013-5814\",\n \"CVE-2013-5817\",\n \"CVE-2013-5818\",\n \"CVE-2013-5819\",\n \"CVE-2013-5820\",\n \"CVE-2013-5823\",\n \"CVE-2013-5824\",\n \"CVE-2013-5825\",\n \"CVE-2013-5829\",\n \"CVE-2013-5830\",\n \"CVE-2013-5831\",\n \"CVE-2013-5832\",\n \"CVE-2013-5838\",\n \"CVE-2013-5840\",\n \"CVE-2013-5842\",\n \"CVE-2013-5843\",\n \"CVE-2013-5848\",\n \"CVE-2013-5849\",\n \"CVE-2013-5850\",\n \"CVE-2013-5851\",\n \"CVE-2013-5878\",\n \"CVE-2013-5884\",\n \"CVE-2013-5887\",\n \"CVE-2013-5888\",\n \"CVE-2013-5889\",\n \"CVE-2013-5893\",\n \"CVE-2013-5896\",\n \"CVE-2013-5898\",\n \"CVE-2013-5899\",\n \"CVE-2013-5902\",\n \"CVE-2013-5904\",\n \"CVE-2013-5907\",\n \"CVE-2013-5910\",\n \"CVE-2014-0368\",\n \"CVE-2014-0373\",\n \"CVE-2014-0375\",\n \"CVE-2014-0376\",\n \"CVE-2014-0387\",\n \"CVE-2014-0403\",\n \"CVE-2014-0410\",\n \"CVE-2014-0411\",\n \"CVE-2014-0415\",\n \"CVE-2014-0416\",\n \"CVE-2014-0417\",\n \"CVE-2014-0418\",\n \"CVE-2014-0422\",\n \"CVE-2014-0423\",\n \"CVE-2014-0424\",\n \"CVE-2014-0428\"\n );\n script_bugtraq_id(\n 61310,\n 63082,\n 63089,\n 63095,\n 63098,\n 63101,\n 63102,\n 63103,\n 63106,\n 63110,\n 63111,\n 63112,\n 63115,\n 63118,\n 63120,\n 63121,\n 63122,\n 63124,\n 63126,\n 63128,\n 63129,\n 63131,\n 63133,\n 63134,\n 63135,\n 63137,\n 63139,\n 63141,\n 63142,\n 63143,\n 63145,\n 63146,\n 63147,\n 63148,\n 63149,\n 63150,\n 63151,\n 63152,\n 63153,\n 63154,\n 63155,\n 63156,\n 63157,\n 63158,\n 63224,\n 63618,\n 63619,\n 63620,\n 63621,\n 63622,\n 64863,\n 64875,\n 64882,\n 64890,\n 64894,\n 64899,\n 64907,\n 64912,\n 64914,\n 64915,\n 64916,\n 64917,\n 64918,\n 64919,\n 64920,\n 64921,\n 64922,\n 64923,\n 64924,\n 64925,\n 64926,\n 64927,\n 64928,\n 64930,\n 64931,\n 64932,\n 64933,\n 64935,\n 64937\n );\n\n script_name(english:\"IBM Domino 8.0.x / 8.5.x / 9.0.x with IBM Java < 1.6 SR15 FP1 Multiple Vulnerabilities (credentialed check)\");\n script_summary(english:\"Checks the bundled Java version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has software installed that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host has a version of IBM Domino (formerly Lotus Domino)\n8.0.x / 8.5.x / 9.0.x that is bundled with an IBM Java version prior\nto 1.6 SR15 FP1. It is, therefore, affected by the vulnerabilities\nmentioned in the Oracle Java Critical Patch Update advisories for\nOctober 2013 and January 2014.\");\n # Advisory\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21670264\");\n # 9.0.1 Fix Pack 1 release notes\n # http://www-10.lotus.com/ldd/fixlist.nsf/8d1c0550e6242b69852570c900549a74/ef748be11ac2e99285257ca8006fc091?OpenDocument\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?77cf0990\");\n # PSIRT blog post\n # https://www.ibm.com/blogs/psirt/bm-security-bulletin-ibm-notes-domino-fixes-for-multiple-vulnerabilities-cve-2014-0892-and-oracle-java-critical-patch-updates-for-oct-2013-jan-2014/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ffc42f0b\");\n # http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ac29c174\");\n # http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?17c46362\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to IBM Domino 9.0.1 FP 1 or later. Alternatively, apply the\nJVM patch per the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:lotus_domino\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:java\");\n\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"lotus_domino_installed.nasl\");\n script_require_keys(\"SMB/Domino/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nappname = \"IBM Domino\";\nkb_base = \"SMB/Domino/\";\n\nport = get_kb_item('SMB/transport');\nif (isnull(port)) port = 445;\n\ndomino_ver = get_kb_item_or_exit(kb_base + 'Version');\njava_ver = get_kb_item_or_exit(kb_base + 'Java_Version');\npath = get_kb_item_or_exit(kb_base + 'Path');\n\n# Fixed jvm.dll version for 1.6 SR15 FP1\njava_fix = '2.4.2.49584';\nreport_fix = NULL;\n\n# Versions 8.0.x / 8.5.x / 9.0.x affected\nif (domino_ver =~ \"^8\\.[05]($|[^0-9])\") report_fix = '1.6 SR15 FP1 ('+java_fix+')';\nelse if (domino_ver =~ \"^9\\.0($|[^0-9])\") report_fix = '1.6 SR15 FP1 ('+java_fix+') included in Domino 9.0.1 FP1)';\nelse audit(AUDIT_INST_PATH_NOT_VULN, appname, domino_ver, path);\n\nif (ver_compare(ver:java_ver, fix:java_fix, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Domino installed version : ' + domino_ver +\n '\\n JVM installed version : ' + java_ver +\n '\\n JVM fixed version : ' + report_fix +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"IBM Domino's Java Virtual Machine\", java_ver, path);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:20:37", "bulletinFamily": "scanner", "description": "The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 51, 6 Update 71, or 5 Update 61. It is, therefore, potentially affected by security issues in the following components :\n\n - 2D\n - Beans\n - CORBA\n - Deployment\n - Hotspot\n - Install\n - JAAS\n - JavaFX\n - JAXP\n - JNDI\n - JSSE\n - Libraries\n - Networking\n - Security\n - Serviceability", "modified": "2018-11-15T00:00:00", "id": "ORACLE_JAVA_CPU_JAN_2014.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=71966", "published": "2014-01-15T00:00:00", "title": "Oracle Java SE Multiple Vulnerabilities (January 2014 CPU)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71966);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/11/15 20:50:28\");\n\n script_cve_id(\n \"CVE-2013-5870\",\n \"CVE-2013-5878\",\n \"CVE-2013-5884\",\n \"CVE-2013-5887\",\n# \"CVE-2013-5888\", << GNOME on *nix only\n \"CVE-2013-5889\",\n \"CVE-2013-5893\",\n \"CVE-2013-5895\",\n \"CVE-2013-5896\",\n \"CVE-2013-5898\",\n \"CVE-2013-5899\",\n \"CVE-2013-5902\",\n \"CVE-2013-5904\",\n \"CVE-2013-5905\",\n \"CVE-2013-5906\",\n \"CVE-2013-5907\",\n \"CVE-2013-5910\",\n \"CVE-2014-0368\",\n \"CVE-2014-0373\",\n \"CVE-2014-0375\",\n \"CVE-2014-0376\",\n \"CVE-2014-0382\",\n \"CVE-2014-0385\",\n \"CVE-2014-0387\",\n \"CVE-2014-0403\",\n \"CVE-2014-0408\",\n \"CVE-2014-0410\",\n \"CVE-2014-0411\",\n \"CVE-2014-0415\",\n \"CVE-2014-0416\",\n \"CVE-2014-0417\",\n \"CVE-2014-0418\",\n \"CVE-2014-0422\",\n \"CVE-2014-0423\",\n \"CVE-2014-0424\",\n \"CVE-2014-0428\"\n );\n script_bugtraq_id(\n 64863,\n 64875,\n 64882,\n 64890,\n 64894,\n 64899,\n 64901,\n 64903,\n 64906,\n 64907,\n 64910,\n 64912,\n 64914,\n 64915,\n 64916,\n 64917,\n 64918,\n 64919,\n 64920,\n 64921,\n 64922,\n 64923,\n 64924,\n 64926,\n 64927,\n 64928,\n 64929,\n 64930,\n 64931,\n 64932,\n 64933,\n 64934,\n 64935,\n 64936,\n 64937\n );\n\n script_name(english:\"Oracle Java SE Multiple Vulnerabilities (January 2014 CPU)\");\n script_summary(english:\"Checks version of the JRE\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a programming platform that is\npotentially affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle (formerly Sun) Java SE or Java for Business\ninstalled on the remote host is earlier than 7 Update 51, 6 Update 71,\nor 5 Update 61. It is, therefore, potentially affected by security\nissues in the following components :\n\n - 2D\n - Beans\n - CORBA\n - Deployment\n - Hotspot\n - Install\n - JAAS\n - JavaFX\n - JAXP\n - JNDI\n - JSSE\n - Libraries\n - Networking\n - Security\n - Serviceability\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-14-013/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-14-038/\");\n # https://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html#AppendixJAVA\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?924160cd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update to JDK / JRE 7 Update 51, 6 Update 71 or 5 Update 61 or later\nand, if necessary, remove any affected versions.\n\nNote that an Extended Support contract with Oracle is needed to obtain\nJDK / JRE 5 Update 61 or later or 6 Update 71 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/01/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jre\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jdk\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"sun_java_jre_installed.nasl\");\n script_require_keys(\"SMB/Java/JRE/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Check each installed JRE.\ninstalls = get_kb_list_or_exit(\"SMB/Java/JRE/*\");\n\ninfo = \"\";\nvuln = 0;\ninstalled_versions = \"\";\n\nforeach install (list_uniq(keys(installs)))\n{\n ver = install - \"SMB/Java/JRE/\";\n if (ver !~ \"^[0-9.]+\") continue;\n\n installed_versions = installed_versions + \" & \" + ver;\n\n if (\n ver =~ '^1\\\\.5\\\\.0_([0-9]|[0-5][0-9]|60)([^0-9]|$)' ||\n ver =~ '^1\\\\.6\\\\.0_([0-9]|[0-6][0-9]|70)([^0-9]|$)' ||\n ver =~ '^1\\\\.7\\\\.0_([0-9]|[0-4][0-9]|50)([^0-9]|$)'\n )\n {\n dirs = make_list(get_kb_list(install));\n vuln += max_index(dirs);\n\n foreach dir (dirs)\n info += '\\n Path : ' + dir;\n\n info += '\\n Installed version : ' + ver;\n info += '\\n Fixed version : 1.5.0_61 / 1.6.0_71 / 1.7.0_51\\n';\n }\n}\n\n# Report if any were found to be vulnerable.\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n if (vuln > 1) s = \"s of Java are\";\n else s = \" of Java is\";\n\n report =\n '\\n' +\n 'The following vulnerable instance'+s+' installed on the\\n' +\n 'remote host :\\n' +\n info;\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse\n{\n installed_versions = substr(installed_versions, 3);\n if (\" & \" >< installed_versions)\n exit(0, \"The Java \"+installed_versions+\" installs on the remote host are not affected.\");\n else\n audit(AUDIT_INST_VER_NOT_VULN, \"Java\", installed_versions);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:21:09", "bulletinFamily": "scanner", "description": "According to its version, the IBM Domino (formerly IBM Lotus Domino) on the remote host is 9.x prior to 9.0.1 Fix Pack 1 (FP1). It is, therefore, affected by the following vulnerabilities :\n\n - A stack overflow issue exists due to the insecure '-z execstack' flag being used during compilation, which could aid remote attackers in executing arbitrary code.\n Note that this issue only affects installs on 32-bit hosts running Linux. (CVE-2014-0892)\n\n - Note that the fixes in the Oracle Java CPUs for October 2013 and January 2014 are included in the fixed IBM Java release, which is included in the fixed IBM Domino release. (CVE-2013-0408, CVE-2013-3829, CVE-2013-4002, CVE-2013-4041, CVE-2013-5372, CVE-2013-5375, CVE-2013-5456, CVE-2013-5457, CVE-2013-5458, CVE-2013-5772, CVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5788, CVE-2013-5789, CVE-2013-5790, CVE-2013-5797, CVE-2013-5800, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5805, CVE-2013-5806, CVE-2013-5809, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832, CVE-2013-5838, CVE-2013-5840, CVE-2013-5842, CVE-2013-5843, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850, CVE-2013-5851, CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5893, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899, CVE-2013-5902, CVE-2013-5904, CVE-2013-5907, CVE-2013-5910, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375, CVE-2014-0376, CVE-2014-0387, CVE-2014-0403, CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0418, CVE-2014-0422, CVE-2014-0423, CVE-2014-0424, CVE-2014-0428, CVE-2014-0892)", "modified": "2018-07-10T00:00:00", "id": "DOMINO_9_0_1_FP1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73968", "published": "2014-05-12T00:00:00", "title": "IBM Domino 9.x < 9.0.1 Fix Pack 1 Multiple Vulnerabilities (uncredentialed check)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73968);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/10 14:27:33\");\n\n script_cve_id(\n \"CVE-2013-0408\",\n \"CVE-2013-3829\",\n \"CVE-2013-4002\",\n \"CVE-2013-4041\",\n \"CVE-2013-5372\",\n \"CVE-2013-5375\",\n \"CVE-2013-5456\",\n \"CVE-2013-5457\",\n \"CVE-2013-5458\",\n \"CVE-2013-5772\",\n \"CVE-2013-5774\",\n \"CVE-2013-5776\",\n \"CVE-2013-5778\",\n \"CVE-2013-5780\",\n \"CVE-2013-5782\",\n \"CVE-2013-5783\",\n \"CVE-2013-5784\",\n \"CVE-2013-5787\",\n \"CVE-2013-5788\",\n \"CVE-2013-5789\",\n \"CVE-2013-5790\",\n \"CVE-2013-5797\",\n \"CVE-2013-5800\",\n \"CVE-2013-5801\",\n \"CVE-2013-5802\",\n \"CVE-2013-5803\",\n \"CVE-2013-5804\",\n \"CVE-2013-5805\",\n \"CVE-2013-5806\",\n \"CVE-2013-5809\",\n \"CVE-2013-5812\",\n \"CVE-2013-5814\",\n \"CVE-2013-5817\",\n \"CVE-2013-5818\",\n \"CVE-2013-5819\",\n \"CVE-2013-5820\",\n \"CVE-2013-5823\",\n \"CVE-2013-5824\",\n \"CVE-2013-5825\",\n \"CVE-2013-5829\",\n \"CVE-2013-5830\",\n \"CVE-2013-5831\",\n \"CVE-2013-5832\",\n \"CVE-2013-5838\",\n \"CVE-2013-5840\",\n \"CVE-2013-5842\",\n \"CVE-2013-5843\",\n \"CVE-2013-5848\",\n \"CVE-2013-5849\",\n \"CVE-2013-5850\",\n \"CVE-2013-5851\",\n \"CVE-2013-5878\",\n \"CVE-2013-5884\",\n \"CVE-2013-5887\",\n \"CVE-2013-5888\",\n \"CVE-2013-5889\",\n \"CVE-2013-5893\",\n \"CVE-2013-5896\",\n \"CVE-2013-5898\",\n \"CVE-2013-5899\",\n \"CVE-2013-5902\",\n \"CVE-2013-5904\",\n \"CVE-2013-5907\",\n \"CVE-2013-5910\",\n \"CVE-2014-0368\",\n \"CVE-2014-0373\",\n \"CVE-2014-0375\",\n \"CVE-2014-0376\",\n \"CVE-2014-0387\",\n \"CVE-2014-0403\",\n \"CVE-2014-0410\",\n \"CVE-2014-0411\",\n \"CVE-2014-0415\",\n \"CVE-2014-0416\",\n \"CVE-2014-0417\",\n \"CVE-2014-0418\",\n \"CVE-2014-0422\",\n \"CVE-2014-0423\",\n \"CVE-2014-0424\",\n \"CVE-2014-0428\",\n \"CVE-2014-0892\"\n );\n script_bugtraq_id(\n 59204,\n 61310,\n 63082,\n 63089,\n 63095,\n 63098,\n 63101,\n 63102,\n 63103,\n 63106,\n 63110,\n 63111,\n 63112,\n 63115,\n 63118,\n 63120,\n 63121,\n 63122,\n 63124,\n 63126,\n 63128,\n 63129,\n 63131,\n 63133,\n 63134,\n 63135,\n 63137,\n 63139,\n 63141,\n 63142,\n 63143,\n 63145,\n 63146,\n 63147,\n 63148,\n 63149,\n 63150,\n 63151,\n 63152,\n 63153,\n 63154,\n 63155,\n 63156,\n 63157,\n 63158,\n 63224,\n 63618,\n 63619,\n 63620,\n 63621,\n 63622,\n 64863,\n 64875,\n 64882,\n 64890,\n 64894,\n 64899,\n 64907,\n 64912,\n 64914,\n 64915,\n 64916,\n 64917,\n 64918,\n 64919,\n 64920,\n 64921,\n 64922,\n 64923,\n 64924,\n 64925,\n 64926,\n 64927,\n 64928,\n 64930,\n 64931,\n 64932,\n 64933,\n 64935,\n 64937,\n 67014\n );\n script_xref(name:\"CERT\", value:\"350089\");\n\n script_name(english:\"IBM Domino 9.x < 9.0.1 Fix Pack 1 Multiple Vulnerabilities (uncredentialed check)\");\n script_summary(english:\"Checks version of IBM Domino\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the IBM Domino (formerly IBM Lotus Domino)\non the remote host is 9.x prior to 9.0.1 Fix Pack 1 (FP1). It is,\ntherefore, affected by the following vulnerabilities :\n\n - A stack overflow issue exists due to the insecure\n '-z execstack' flag being used during compilation, which\n could aid remote attackers in executing arbitrary code.\n Note that this issue only affects installs on 32-bit\n hosts running Linux. (CVE-2014-0892)\n\n - Note that the fixes in the Oracle Java CPUs for\n October 2013 and January 2014 are included in the fixed\n IBM Java release, which is included in the fixed IBM\n Domino release. (CVE-2013-0408, CVE-2013-3829,\n CVE-2013-4002, CVE-2013-4041, CVE-2013-5372,\n CVE-2013-5375, CVE-2013-5456, CVE-2013-5457,\n CVE-2013-5458, CVE-2013-5772, CVE-2013-5774,\n CVE-2013-5776, CVE-2013-5778, CVE-2013-5780,\n CVE-2013-5782, CVE-2013-5783, CVE-2013-5784,\n CVE-2013-5787, CVE-2013-5788, CVE-2013-5789,\n CVE-2013-5790, CVE-2013-5797, CVE-2013-5800,\n CVE-2013-5801, CVE-2013-5802, CVE-2013-5803,\n CVE-2013-5804, CVE-2013-5805, CVE-2013-5806,\n CVE-2013-5809, CVE-2013-5812, CVE-2013-5814,\n CVE-2013-5817, CVE-2013-5818, CVE-2013-5819,\n CVE-2013-5820, CVE-2013-5823, CVE-2013-5824,\n CVE-2013-5825, CVE-2013-5829, CVE-2013-5830,\n CVE-2013-5831, CVE-2013-5832, CVE-2013-5838,\n CVE-2013-5840, CVE-2013-5842, CVE-2013-5843,\n CVE-2013-5848, CVE-2013-5849, CVE-2013-5850,\n CVE-2013-5851, CVE-2013-5878, CVE-2013-5884,\n CVE-2013-5887, CVE-2013-5888, CVE-2013-5889,\n CVE-2013-5893, CVE-2013-5896, CVE-2013-5898,\n CVE-2013-5899, CVE-2013-5902, CVE-2013-5904,\n CVE-2013-5907, CVE-2013-5910, CVE-2014-0368,\n CVE-2014-0373, CVE-2014-0375, CVE-2014-0376,\n CVE-2014-0387, CVE-2014-0403, CVE-2014-0410,\n CVE-2014-0411, CVE-2014-0415, CVE-2014-0416,\n CVE-2014-0417, CVE-2014-0418, CVE-2014-0422,\n CVE-2014-0423, CVE-2014-0424, CVE-2014-0428,\n CVE-2014-0892)\");\n\n # Advisory\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21670264\");\n # 9.0.1 Fix Pack 1 release notes\n # http://www-10.lotus.com/ldd/fixlist.nsf/8d1c0550e6242b69852570c900549a74/ef748be11ac2e99285257ca8006fc091?OpenDocument\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?77cf0990\");\n # PSIRT blog post\n # https://www.ibm.com/blogs/psirt/bm-security-bulletin-ibm-notes-domino-fixes-for-multiple-vulnerabilities-cve-2014-0892-and-oracle-java-critical-patch-updates-for-oct-2013-jan-2014/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ffc42f0b\");\n\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to IBM Domino 9.0.1 FP 1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:lotus_domino\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"domino_installed.nasl\");\n script_require_keys(\"Domino/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Check the version of Domino installed.\napp_name = \"IBM Domino\";\nver = get_kb_item_or_exit(\"Domino/Version\");\nport = get_kb_item(\"Domino/Version_provided_by_port\");\nif (!port) port = 0;\nversion = NULL;\nfix = NULL;\nfix_ver = NULL;\nfix_pack = NULL;\nhotfix = NULL;\n\n# Ensure sufficient granularity.\nif (ver !~ \"^(\\d+\\.){1,}\\d+.*$\") audit(AUDIT_VER_NOT_GRANULAR, app_name, port, ver);\n\n# Only check for 9.0.x\nif (ver =~ \"^9\\.0($|[^0-9])\")\n{\n fix = \"9.0.1 FP1\";\n fix_ver = \"9.0.1\";\n fix_pack = 1;\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, app_name, port, ver);\n\n# Breakdown the version into components.\nversion = eregmatch(string:ver, pattern:\"^((?:\\d+\\.){1,}\\d+)(?: FP(\\d+))?$\");\nif (isnull(version)) audit(AUDIT_UNKNOWN_APP_VER, app_name);\n\n# Use 0 if no FP number. Version number itself was\n# checked for in the granularity check.\nif (!version[2]) version[2] = 0;\nelse version[2] = int(version[2]);\n\n# Compare current to fix and report as needed.\nif (\n ver_compare(ver:version[1], fix:fix_ver, strict:FALSE) < 1 &&\n version[2] < fix_pack\n)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n' +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port:port);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, app_name, port, ver);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:17:49", "bulletinFamily": "scanner", "description": "The remote Mac OS X 10.7 or 10.8 host has a Java runtime that is missing the Java for OS X 2012-006 update, which updates the Java version to 1.6.0_37. It is, therefore, affected by several security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the privileges of the current user outside the Java sandbox.", "modified": "2018-07-14T00:00:00", "id": "MACOSX_JAVA_2012-006.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=62595", "published": "2012-10-17T00:00:00", "title": "Mac OS X : Java for OS X 2012-006", "type": "nessus", "sourceData": "#TRUSTED 125533e9d5f1af439850ff0f1567accd863deffaf85b1561295254b213a31a537998a79f12a50f74ad283ca5c4920aff351b319b2752511808ac5823e91cd39e2c2d534b142bfcd957d2de2bad24ae4f56a615d16efbb73792be59136a315f5f63033157cba588e476760594ad0ddf522c2e02e0b6b3cb12db6d23008be17d2107fbea6d81d90b8a4efcd762b638657ef1ad5737c22f8bd3b47c3d4b75bd8cd0a69f4cc8f7b377ded8471b0de1caa95f3679ce0e7245b38a8cdceffc9091d523f0065606c852cebe8f0de8f57b284c09a6f3679c0f0f500123ffcd81f6cfe6084d4755b41140ca3a2f467270190b7ba724b7c858b676347c7bad1063e4f7b1bdd8f61a1e3d9e70e948988b70328e1bcf741ba7a62a033be9af7f9f3ef4da1a6be0c0bb6479024c8b221eaf84890e0cf5e96d01534b401759e2b81a600e6abf555bff3505c09508c7a9ca09cf6c15840eaea2943c06982e1cb9cf6c2b2851b5cd189104c69d293e0d8f6a67c6f84e9dc9fc339a46b003bfa6bed130abd323fd260e6217a1db0f98a0518da4b8061631cc788e7a1ecd837394124f9d0b8f4ddfc3c576c3549cfb916b5a6d0806801235ced760e302d45c8f4fe942bfd38c104fb1074c1393d1e591941a0bf9044cf4cf64a55a84c75171a4d84498e53126518a9856357eea60a89847fb02563386bce1091910fa2edf5514a2ad479e3559073d41\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(62595);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2018/07/14\");\n\n script_cve_id(\n \"CVE-2012-1531\",\n \"CVE-2012-1532\",\n \"CVE-2012-1533\",\n \"CVE-2012-3143\",\n \"CVE-2012-3159\",\n \"CVE-2012-3216\",\n \"CVE-2012-4416\",\n \"CVE-2012-5068\",\n \"CVE-2012-5069\",\n \"CVE-2012-5071\",\n \"CVE-2012-5072\",\n \"CVE-2012-5073\",\n \"CVE-2012-5075\",\n \"CVE-2012-5077\",\n \"CVE-2012-5079\",\n \"CVE-2012-5081\",\n \"CVE-2012-5083\",\n \"CVE-2012-5084\",\n \"CVE-2012-5086\",\n \"CVE-2012-5089\"\n );\n script_bugtraq_id(\n 55501,\n 56025,\n 56033,\n 56039,\n 56046,\n 56051,\n 56055,\n 56058,\n 56059,\n 56061,\n 56063,\n 56065,\n 56071,\n 56072,\n 56075,\n 56076,\n 56080,\n 56081,\n 56083\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2012-10-16-1\");\n\n script_name(english:\"Mac OS X : Java for OS X 2012-006\");\n script_summary(english:\"Checks version of the JavaVM framework\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host has a version of Java that is affected by multiple\nvulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote Mac OS X 10.7 or 10.8 host has a Java runtime that is\nmissing the Java for OS X 2012-006 update, which updates the Java\nversion to 1.6.0_37. It is, therefore, affected by several security\nvulnerabilities, the most serious of which may allow an untrusted Java\napplet to execute arbitrary code with the privileges of the current user\noutside the Java sandbox.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT5549\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2012/Oct/msg00001.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/bugtraq/2012/Oct/88\");\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Apply the Java for OS X 2012-006 update, which includes version\n14.5.0 of the JavaVM Framework.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Web Start Double Quote Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:java_1.6\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"ssh_func.inc\");\ninclude(\"macosx_func.inc\");\n\n\n\nif(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)\n enable_ssh_wrappers();\nelse disable_ssh_wrappers();\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\nif (!ereg(pattern:\"Mac OS X 10\\.[78]([^0-9]|$)\", string:os)) \n audit(AUDIT_OS_NOT, \"Mac OS X 10.7 / 10.8\");\n\ncmd = 'ls /System/Library/Java';\nresults = exec_cmd(cmd:cmd);\nif (isnull(results)) exit(1, \"Unable to determine if the Java runtime is installed.\");\n\nif ('JavaVirtualMachines' >!< results) audit(AUDIT_NOT_INST, \"Java for OS X\");\n\n\nplist = \"/System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/version.plist\";\ncmd = \n 'plutil -convert xml1 -o - \\'' + plist + '\\' | ' +\n 'grep -A 1 CFBundleVersion | ' +\n 'tail -n 1 | ' +\n 'sed \\'s/.*string>\\\\(.*\\\\)<\\\\/string>.*/\\\\1/g\\'';\nversion = exec_cmd(cmd:cmd);\nif (!strlen(version)) exit(1, \"Failed to get the version of the JavaVM Framework.\");\n\nversion = chomp(version);\nif (!ereg(pattern:\"^[0-9]+\\.\", string:version)) exit(1, \"The JavaVM Framework version does not appear to be numeric (\"+version+\").\");\n\nfixed_version = \"14.5.0\";\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report = \n '\\n Framework : JavaVM' +\n '\\n Installed version : ' + version + \n '\\n Fixed version : ' + fixed_version + '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"JavaVM Framework\", version);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:08:19", "bulletinFamily": "unix", "description": "Several information disclosure vulnerabilities were discovered in the OpenJDK JRE. (CVE-2012-3216, CVE-2012-5069, CVE-2012-5072, CVE-2012-5075, CVE-2012-5077, CVE-2012-5085)\n\nVulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. (CVE-2012-4416, CVE-2012-5071)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to cause a denial of service. (CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-3143, CVE-2012-3159, CVE-2012-5068, CVE-2012-5083, CVE-2012-5084, CVE-2012-5086, CVE-2012-5089)\n\nInformation disclosure vulnerabilities were discovered in the OpenJDK JRE. These issues only affected Ubuntu 12.10. (CVE-2012-5067, CVE-2012-5070)\n\nVulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2012-5073, CVE-2012-5079)\n\nA vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. This issue only affected Ubuntu 12.10. (CVE-2012-5074)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to cause a denial of service. These issues only affected Ubuntu 12.10. (CVE-2012-5076, CVE-2012-5087, CVE-2012-5088)\n\nA denial of service vulnerability was found in OpenJDK. (CVE-2012-5081)\n\nPlease see the following for more information: <http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html>", "modified": "2012-10-26T00:00:00", "published": "2012-10-26T00:00:00", "id": "USN-1619-1", "href": "https://usn.ubuntu.com/1619-1/", "title": "OpenJDK vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:08:41", "bulletinFamily": "unix", "description": "Ben Murphy discovered a vulnerability in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to execute arbitrary code. (CVE-2013-0401)\n\nJames Forshaw discovered a vulnerability in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit this to execute arbitrary code. (CVE-2013-1488)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2013-1518, CVE-2013-1537, CVE-2013-1557, CVE-2013-1558, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2420, CVE-2013-2421, CVE-2013-2422, CVE-2013-2426, CVE-2013-2429, CVE-2013-2430, CVE-2013-2431, CVE-2013-2436)\n\nTwo vulnerabilities were discovered in the OpenJDK JRE related to confidentiality. An attacker could exploit these to expose sensitive data over the network. (CVE-2013-2415, CVE-2013-2424)\n\nTwo vulnerabilities were discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a denial of service. (CVE-2013-2417, CVE-2013-2419)", "modified": "2013-05-07T00:00:00", "published": "2013-05-07T00:00:00", "id": "USN-1819-1", "href": "https://usn.ubuntu.com/1819-1/", "title": "OpenJDK 6 vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:09:52", "bulletinFamily": "unix", "description": "Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. (CVE-2013-3829, CVE-2013-5783, CVE-2013-5804)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a denial of service. (CVE-2013-4002, CVE-2013-5803, CVE-2013-5823, CVE-2013-5825)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2013-5772, CVE-2013-5774, CVE-2013-5784, CVE-2013-5797, CVE-2013-5820)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2013-5778, CVE-2013-5780, CVE-2013-5790, CVE-2013-5840, CVE-2013-5849, CVE-2013-5851)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2013-5782, CVE-2013-5802, CVE-2013-5809, CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5830, CVE-2013-5842, CVE-2013-5850)", "modified": "2013-11-21T00:00:00", "published": "2013-11-21T00:00:00", "id": "USN-2033-1", "href": "https://usn.ubuntu.com/2033-1/", "title": "OpenJDK 6 vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "f5": [{"lastseen": "2019-02-20T21:07:42", "bulletinFamily": "software", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 \n11.4.0 - 11.6.0| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 \n11.3.0 - 11.6.0| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 \n11.0.0 - 11.6.0| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 \n11.3.0 - 11.6.0| Not vulnerable| None \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.0.0 - 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None\n\nNone\n\n * K9970: Subscribing to email notifications regarding F5 products\n * K9957: Creating a custom RSS feed to view new and updated documents\n * K4602: Overview of the F5 security vulnerability response policy\n * K4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2016-01-09T02:32:00", "published": "2015-12-31T04:57:00", "id": "F5:K53146535", "href": "https://support.f5.com/csp/article/K53146535", "title": "Multiple Sun Java vulnerabilities", "type": "f5", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-11-09T00:09:37", "bulletinFamily": "software", "description": "Vulnerability Recommended Actions\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2015-12-30T00:00:00", "published": "2015-12-30T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/k/53/sol53146535.html", "id": "SOL53146535", "title": "SOL53146535 - Multiple Sun Java vulnerabilities", "type": "f5", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-06-08T00:16:29", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 552323 (ARX) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.0 \n11.3.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.0| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| \nNone| 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.0 \n11.3.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nARX| 6.0.0 - 6.4.0| None| Low| Management GUI Java \nEnterprise Manager| None| 3.0.0 - 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 MobileSafe| None| 1.0.0| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 5.0.0 \n4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2017-03-14T00:49:00", "published": "2016-05-25T01:58:00", "href": "https://support.f5.com/csp/article/K95313044", "id": "F5:K95313044", "title": "Multiple Java vulnerabilities", "type": "f5", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-01-11T11:06:40", "bulletinFamily": "scanner", "description": "Check for the Version of java-1.7.0-openjdk", "modified": "2018-01-09T00:00:00", "published": "2012-10-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870853", "id": "OPENVAS:870853", "title": "RedHat Update for java-1.7.0-openjdk RHSA-2012:1386-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.7.0-openjdk RHSA-2012:1386-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 7 Java Runtime Environment and the\n OpenJDK 7 Software Development Kit.\n\n Multiple improper permission check issues were discovered in the Beans,\n Libraries, Swing, and JMX components in OpenJDK. An untrusted Java\n application or applet could use these flaws to bypass Java sandbox\n restrictions. (CVE-2012-5086, CVE-2012-5087, CVE-2012-5088, CVE-2012-5084,\n CVE-2012-5089)\n\n The default Java security properties configuration did not restrict access\n to certain com.sun.org.glassfish packages. An untrusted Java application\n or applet could use these flaws to bypass Java sandbox restrictions. This\n update lists those packages as restricted. (CVE-2012-5076, CVE-2012-5074)\n\n Multiple improper permission check issues were discovered in the Scripting,\n JMX, Concurrency, Libraries, and Security components in OpenJDK. An\n untrusted Java application or applet could use these flaws to bypass\n certain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071,\n CVE-2012-5069, CVE-2012-5073, CVE-2012-5072)\n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"java-1.7.0-openjdk on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-October/msg00027.html\");\n script_id(870853);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-19 09:49:34 +0530 (Fri, 19 Oct 2012)\");\n script_cve_id(\"CVE-2012-3216\", \"CVE-2012-4416\", \"CVE-2012-5068\", \"CVE-2012-5069\",\n \"CVE-2012-5070\", \"CVE-2012-5071\", \"CVE-2012-5072\", \"CVE-2012-5073\",\n \"CVE-2012-5074\", \"CVE-2012-5075\", \"CVE-2012-5076\", \"CVE-2012-5077\",\n \"CVE-2012-5079\", \"CVE-2012-5081\", \"CVE-2012-5084\", \"CVE-2012-5085\",\n \"CVE-2012-5086\", \"CVE-2012-5087\", \"CVE-2012-5088\", \"CVE-2012-5089\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2012:1386-01\");\n script_name(\"RedHat Update for java-1.7.0-openjdk RHSA-2012:1386-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of java-1.7.0-openjdk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.9~2.3.3.el6_3.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-debuginfo\", rpm:\"java-1.7.0-openjdk-debuginfo~1.7.0.9~2.3.3.el6_3.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:19:47", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1619-1", "modified": "2017-12-01T00:00:00", "published": "2012-10-29T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=841202", "id": "OPENVAS:841202", "title": "Ubuntu Update for openjdk-7 USN-1619-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1619_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for openjdk-7 USN-1619-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several information disclosure vulnerabilities were discovered in the\n OpenJDK JRE. (CVE-2012-3216, CVE-2012-5069, CVE-2012-5072, CVE-2012-5075,\n CVE-2012-5077, CVE-2012-5085)\n\n Vulnerabilities were discovered in the OpenJDK JRE related to information\n disclosure and data integrity. (CVE-2012-4416, CVE-2012-5071)\n \n Several vulnerabilities were discovered in the OpenJDK JRE related to\n information disclosure and data integrity. An attacker could exploit these\n to cause a denial of service. (CVE-2012-1531, CVE-2012-1532, CVE-2012-1533,\n CVE-2012-3143, CVE-2012-3159, CVE-2012-5068, CVE-2012-5083, CVE-2012-5084,\n CVE-2012-5086, CVE-2012-5089)\n \n Information disclosure vulnerabilities were discovered in the OpenJDK JRE.\n These issues only affected Ubuntu 12.10. (CVE-2012-5067, CVE-2012-5070)\n \n Vulnerabilities were discovered in the OpenJDK JRE related to data\n integrity. (CVE-2012-5073, CVE-2012-5079)\n \n A vulnerability was discovered in the OpenJDK JRE related to information\n disclosure and data integrity. This issue only affected Ubuntu 12.10.\n (CVE-2012-5074)\n \n Several vulnerabilities were discovered in the OpenJDK JRE related to\n information disclosure and data integrity. An attacker could exploit these\n to cause a denial of service. These issues only affected Ubuntu 12.10.\n (CVE-2012-5076, CVE-2012-5087, CVE-2012-5088)\n \n A denial of service vulnerability was found in OpenJDK. (CVE-2012-5081)\n \n Please see the following for more information:\n http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1619-1\";\ntag_affected = \"openjdk-7 on Ubuntu 12.04 LTS ,\n Ubuntu 11.10 ,\n Ubuntu 11.04 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1619-1/\");\n script_id(841202);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-29 11:03:54 +0530 (Mon, 29 Oct 2012)\");\n script_cve_id(\"CVE-2012-3216\", \"CVE-2012-5069\", \"CVE-2012-5072\", \"CVE-2012-5075\",\n \"CVE-2012-5077\", \"CVE-2012-5085\", \"CVE-2012-4416\", \"CVE-2012-5071\",\n \"CVE-2012-1531\", \"CVE-2012-1532\", \"CVE-2012-1533\", \"CVE-2012-3143\",\n \"CVE-2012-3159\", \"CVE-2012-5068\", \"CVE-2012-5083\", \"CVE-2012-5084\",\n \"CVE-2012-5086\", \"CVE-2012-5089\", \"CVE-2012-5067\", \"CVE-2012-5070\",\n \"CVE-2012-5073\", \"CVE-2012-5079\", \"CVE-2012-5074\", \"CVE-2012-5076\",\n \"CVE-2012-5087\", \"CVE-2012-5088\", \"CVE-2012-5081\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1619-1\");\n script_name(\"Ubuntu Update for openjdk-7 USN-1619-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b24-1.11.5-0ubuntu1~10.04.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b24-1.11.5-0ubuntu1~10.04.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b24-1.11.5-0ubuntu1~10.04.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b24-1.11.5-0ubuntu1~10.04.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b24-1.11.5-0ubuntu1~10.04.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b24-1.11.5-0ubuntu1~12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm\", ver:\"6b24-1.11.5-0ubuntu1~12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b24-1.11.5-0ubuntu1~12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b24-1.11.5-0ubuntu1~12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b24-1.11.5-0ubuntu1~12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b24-1.11.5-0ubuntu1~12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b24-1.11.5-0ubuntu1~11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm\", ver:\"6b24-1.11.5-0ubuntu1~11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b24-1.11.5-0ubuntu1~11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b24-1.11.5-0ubuntu1~11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b24-1.11.5-0ubuntu1~11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b24-1.11.5-0ubuntu1~11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b24-1.11.5-0ubuntu1~11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm\", ver:\"6b24-1.11.5-0ubuntu1~11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b24-1.11.5-0ubuntu1~11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b24-1.11.5-0ubuntu1~11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b24-1.11.5-0ubuntu1~11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b24-1.11.5-0ubuntu1~11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:01:46", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1619-1", "modified": "2018-08-17T00:00:00", "published": "2012-10-29T00:00:00", "id": "OPENVAS:1361412562310841202", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841202", "title": "Ubuntu Update for openjdk-7 USN-1619-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1619_1.nasl 11037 2018-08-17 11:51:16Z cfischer $\n#\n# Ubuntu Update for openjdk-7 USN-1619-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\n\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1619-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841202\");\n script_version(\"$Revision: 11037 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-17 13:51:16 +0200 (Fri, 17 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-29 11:03:54 +0530 (Mon, 29 Oct 2012)\");\n script_cve_id(\"CVE-2012-3216\", \"CVE-2012-5069\", \"CVE-2012-5072\", \"CVE-2012-5075\",\n \"CVE-2012-5077\", \"CVE-2012-5085\", \"CVE-2012-4416\", \"CVE-2012-5071\",\n \"CVE-2012-1531\", \"CVE-2012-1532\", \"CVE-2012-1533\", \"CVE-2012-3143\",\n \"CVE-2012-3159\", \"CVE-2012-5068\", \"CVE-2012-5083\", \"CVE-2012-5084\",\n \"CVE-2012-5086\", \"CVE-2012-5089\", \"CVE-2012-5067\", \"CVE-2012-5070\",\n \"CVE-2012-5073\", \"CVE-2012-5079\", \"CVE-2012-5074\", \"CVE-2012-5076\",\n \"CVE-2012-5087\", \"CVE-2012-5088\", \"CVE-2012-5081\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1619-1\");\n script_name(\"Ubuntu Update for openjdk-7 USN-1619-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.04 LTS|12\\.04 LTS|11\\.10|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1619-1\");\n script_tag(name:\"affected\", value:\"openjdk-7 on Ubuntu 12.04 LTS,\n Ubuntu 11.10,\n Ubuntu 11.04,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Several information disclosure vulnerabilities were discovered in the\n OpenJDK JRE. (CVE-2012-3216, CVE-2012-5069, CVE-2012-5072, CVE-2012-5075,\n CVE-2012-5077, CVE-2012-5085)\n\n Vulnerabilities were discovered in the OpenJDK JRE related to information\n disclosure and data integrity. (CVE-2012-4416, CVE-2012-5071)\n\n Several vulnerabilities were discovered in the OpenJDK JRE related to\n information disclosure and data integrity. An attacker could exploit these\n to cause a denial of service. (CVE-2012-1531, CVE-2012-1532, CVE-2012-1533,\n CVE-2012-3143, CVE-2012-3159, CVE-2012-5068, CVE-2012-5083, CVE-2012-5084,\n CVE-2012-5086, CVE-2012-5089)\n\n Information disclosure vulnerabilities were discovered in the OpenJDK JRE.\n These issues only affected Ubuntu 12.10. (CVE-2012-5067, CVE-2012-5070)\n\n Vulnerabilities were discovered in the OpenJDK JRE related to data\n integrity. (CVE-2012-5073, CVE-2012-5079)\n\n A vulnerability was discovered in the OpenJDK JRE related to information\n disclosure and data integrity. This issue only affected Ubuntu 12.10.\n (CVE-2012-5074)\n\n Several vulnerabilities were discovered in the OpenJDK JRE related to\n information disclosure and data integrity. An attacker could exploit these\n to cause a denial of service. These issues only affected Ubuntu 12.10.\n (CVE-2012-5076, CVE-2012-5087, CVE-2012-5088)\n\n A denial of service vulnerability was found in OpenJDK. (CVE-2012-5081)\n\n Please see the following for more information:\n http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b24-1.11.5-0ubuntu1~10.04.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b24-1.11.5-0ubuntu1~10.04.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b24-1.11.5-0ubuntu1~10.04.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b24-1.11.5-0ubuntu1~10.04.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b24-1.11.5-0ubuntu1~10.04.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b24-1.11.5-0ubuntu1~12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm\", ver:\"6b24-1.11.5-0ubuntu1~12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b24-1.11.5-0ubuntu1~12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b24-1.11.5-0ubuntu1~12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b24-1.11.5-0ubuntu1~12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b24-1.11.5-0ubuntu1~12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b24-1.11.5-0ubuntu1~11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm\", ver:\"6b24-1.11.5-0ubuntu1~11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b24-1.11.5-0ubuntu1~11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b24-1.11.5-0ubuntu1~11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b24-1.11.5-0ubuntu1~11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b24-1.11.5-0ubuntu1~11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b24-1.11.5-0ubuntu1~11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm\", ver:\"6b24-1.11.5-0ubuntu1~11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b24-1.11.5-0ubuntu1~11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b24-1.11.5-0ubuntu1~11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b24-1.11.5-0ubuntu1~11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b24-1.11.5-0ubuntu1~11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:58:22", "bulletinFamily": "scanner", "description": "Check for the Version of java", "modified": "2018-04-06T00:00:00", "published": "2012-10-19T00:00:00", "id": "OPENVAS:1361412562310881525", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881525", "title": "CentOS Update for java CESA-2012:1386 centos6 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2012:1386 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 7 Java Runtime Environment and the\n OpenJDK 7 Software Development Kit.\n\n Multiple improper permission check issues were discovered in the Beans,\n Libraries, Swing, and JMX components in OpenJDK. An untrusted Java\n application or applet could use these flaws to bypass Java sandbox\n restrictions. (CVE-2012-5086, CVE-2012-5087, CVE-2012-5088, CVE-2012-5084,\n CVE-2012-5089)\n \n The default Java security properties configuration did not restrict access\n to certain com.sun.org.glassfish packages. An untrusted Java application\n or applet could use these flaws to bypass Java sandbox restrictions. This\n update lists those packages as restricted. (CVE-2012-5076, CVE-2012-5074)\n \n Multiple improper permission check issues were discovered in the Scripting,\n JMX, Concurrency, Libraries, and Security components in OpenJDK. An\n untrusted Java application or applet could use these flaws to bypass\n certain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071,\n CVE-2012-5069, CVE-2012-5073, CVE-2012-5072)\n \n It was discovered that java.util.ServiceLoader could create an instance of\n an incompatible class while performing provider lookup. An untrusted Java\n application or applet could use this flaw to bypass certain Java sandbox\n restrictions. (CVE-2012-5079)\n \n It was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS\n implementation did not properly handle handshake records containing an\n overly large data length value. An unauthenticated, remote attacker could\n possibly use this flaw to cause an SSL/TLS server to terminate with an\n exception. (CVE-2012-5081)\n \n It was discovered that the JMX component in OpenJDK could perform certain\n actions in an insecure manner. An untrusted Java application or applet\n could possibly use these flaws to disclose sensitive information.\n (CVE-2012-5070, CVE-2012-5075)\n \n A bug in the Java HotSpot Virtual Machine optimization code could cause it\n to not perform array initialization in certain cases. An untrusted Java\n application or applet could use this flaw to disclose portions of the\n virtual machine's memory. (CVE-2012-4416)\n \n It was discovered that the SecureRandom class did not properly protect\n against the creation of multiple seeders. An untrusted Java application or\n applet could possibly use this flaw to disclose sensitive information.\n (CVE-2012-5077)\n \n It was discovered that the java.io.FilePermission class exposed the hash\n code of the canonicalized path name. An untrusted Java application or\n applet could possibly use this flaw to determine certain system paths, suc ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"java on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-October/018947.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881525\");\n script_version(\"$Revision: 9352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-19 10:20:49 +0530 (Fri, 19 Oct 2012)\");\n script_cve_id(\"CVE-2012-3216\", \"CVE-2012-4416\", \"CVE-2012-5068\", \"CVE-2012-5069\",\n \"CVE-2012-5070\", \"CVE-2012-5071\", \"CVE-2012-5072\", \"CVE-2012-5073\",\n \"CVE-2012-5074\", \"CVE-2012-5075\", \"CVE-2012-5076\", \"CVE-2012-5077\",\n \"CVE-2012-5079\", \"CVE-2012-5081\", \"CVE-2012-5084\", \"CVE-2012-5085\",\n \"CVE-2012-5086\", \"CVE-2012-5087\", \"CVE-2012-5088\", \"CVE-2012-5089\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2012:1386\");\n script_name(\"CentOS Update for java CESA-2012:1386 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.9~2.3.3.el6_3.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.9~2.3.3.el6_3.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.9~2.3.3.el6_3.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.9~2.3.3.el6_3.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.9~2.3.3.el6_3.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-28T18:23:40", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2012-1386", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123795", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123795", "title": "Oracle Linux Local Check: ELSA-2012-1386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-1386.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123795\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:08:39 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-1386\");\n script_tag(name:\"insight\", value:\"ELSA-2012-1386 - java-1.7.0-openjdk security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-1386\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-1386.html\");\n script_cve_id(\"CVE-2012-3216\", \"CVE-2012-4416\", \"CVE-2012-5068\", \"CVE-2012-5069\", \"CVE-2012-5071\", \"CVE-2012-5072\", \"CVE-2012-5073\", \"CVE-2012-5075\", \"CVE-2012-5077\", \"CVE-2012-5079\", \"CVE-2012-5081\", \"CVE-2012-5084\", \"CVE-2012-5085\", \"CVE-2012-5086\", \"CVE-2012-5089\", \"CVE-2012-5070\", \"CVE-2012-5074\", \"CVE-2012-5076\", \"CVE-2012-5087\", \"CVE-2012-5088\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.9~2.3.3.0.1.el6_3.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.9~2.3.3.0.1.el6_3.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.9~2.3.3.0.1.el6_3.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.9~2.3.3.0.1.el6_3.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.9~2.3.3.0.1.el6_3.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-11T11:05:58", "bulletinFamily": "scanner", "description": "Check for the Version of java", "modified": "2018-01-10T00:00:00", "published": "2012-10-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881525", "id": "OPENVAS:881525", "title": "CentOS Update for java CESA-2012:1386 centos6 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2012:1386 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 7 Java Runtime Environment and the\n OpenJDK 7 Software Development Kit.\n\n Multiple improper permission check issues were discovered in the Beans,\n Libraries, Swing, and JMX components in OpenJDK. An untrusted Java\n application or applet could use these flaws to bypass Java sandbox\n restrictions. (CVE-2012-5086, CVE-2012-5087, CVE-2012-5088, CVE-2012-5084,\n CVE-2012-5089)\n \n The default Java security properties configuration did not restrict access\n to certain com.sun.org.glassfish packages. An untrusted Java application\n or applet could use these flaws to bypass Java sandbox restrictions. This\n update lists those packages as restricted. (CVE-2012-5076, CVE-2012-5074)\n \n Multiple improper permission check issues were discovered in the Scripting,\n JMX, Concurrency, Libraries, and Security components in OpenJDK. An\n untrusted Java application or applet could use these flaws to bypass\n certain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071,\n CVE-2012-5069, CVE-2012-5073, CVE-2012-5072)\n \n It was discovered that java.util.ServiceLoader could create an instance of\n an incompatible class while performing provider lookup. An untrusted Java\n application or applet could use this flaw to bypass certain Java sandbox\n restrictions. (CVE-2012-5079)\n \n It was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS\n implementation did not properly handle handshake records containing an\n overly large data length value. An unauthenticated, remote attacker could\n possibly use this flaw to cause an SSL/TLS server to terminate with an\n exception. (CVE-2012-5081)\n \n It was discovered that the JMX component in OpenJDK could perform certain\n actions in an insecure manner. An untrusted Java application or applet\n could possibly use these flaws to disclose sensitive information.\n (CVE-2012-5070, CVE-2012-5075)\n \n A bug in the Java HotSpot Virtual Machine optimization code could cause it\n to not perform array initialization in certain cases. An untrusted Java\n application or applet could use this flaw to disclose portions of the\n virtual machine's memory. (CVE-2012-4416)\n \n It was discovered that the SecureRandom class did not properly protect\n against the creation of multiple seeders. An untrusted Java application or\n applet could possibly use this flaw to disclose sensitive information.\n (CVE-2012-5077)\n \n It was discovered that the java.io.FilePermission class exposed the hash\n code of the canonicalized path name. An untrusted Java application or\n applet could possibly use this flaw to determine certain system paths, suc ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"java on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-October/018947.html\");\n script_id(881525);\n script_version(\"$Revision: 8352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-10 08:01:57 +0100 (Wed, 10 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-19 10:20:49 +0530 (Fri, 19 Oct 2012)\");\n script_cve_id(\"CVE-2012-3216\", \"CVE-2012-4416\", \"CVE-2012-5068\", \"CVE-2012-5069\",\n \"CVE-2012-5070\", \"CVE-2012-5071\", \"CVE-2012-5072\", \"CVE-2012-5073\",\n \"CVE-2012-5074\", \"CVE-2012-5075\", \"CVE-2012-5076\", \"CVE-2012-5077\",\n \"CVE-2012-5079\", \"CVE-2012-5081\", \"CVE-2012-5084\", \"CVE-2012-5085\",\n \"CVE-2012-5086\", \"CVE-2012-5087\", \"CVE-2012-5088\", \"CVE-2012-5089\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2012:1386\");\n script_name(\"CentOS Update for java CESA-2012:1386 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.9~2.3.3.el6_3.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.9~2.3.3.el6_3.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.9~2.3.3.el6_3.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.9~2.3.3.el6_3.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.9~2.3.3.el6_3.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-24T11:09:19", "bulletinFamily": "scanner", "description": "Check for the Version of java-1_7_0-openjdk", "modified": "2018-01-24T00:00:00", "published": "2013-03-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=850421", "id": "OPENVAS:850421", "title": "SuSE Update for java-1_7_0-openjdk openSUSE-SU-2012:1419-1 (java-1_7_0-openjdk)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2012_1419_1.nasl 8509 2018-01-24 06:57:46Z teissa $\n#\n# SuSE Update for java-1_7_0-openjdk openSUSE-SU-2012:1419-1 (java-1_7_0-openjdk)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"java-1_7_0-openjdk on openSUSE 12.2\";\ntag_insight = \"java-1_7_0-opendjk was updated to icedtea-2.3.3 (bnc#785814)\n * Security fixes\n - S6631398, CVE-2012-3216: FilePermission improved path\n checking\n - S7093490: adjust package access in rmiregistry\n - S7143535, CVE-2012-5068: ScriptEngine corrected\n permissions\n - S7158796, CVE-2012-5070: Tighten properties checking in\n EnvHelp\n - S7158807: Revise stack management with volatile call\n sites\n - S7163198, CVE-2012-5076: Tightened package accessibility\n - S7167656, CVE-2012-5077: Multiple Seeders are being\n created\n - S7169884, CVE-2012-5073: LogManager checks do not work\n correctly for sub-types\n - S7169887, CVE-2012-5074: Tightened package accessibility\n - S7169888, CVE-2012-5075: Narrowing resource definitions\n in JMX RMI connector\n - S7172522, CVE-2012-5072: Improve DomainCombiner checking\n - S7186286, CVE-2012-5081: TLS implementation to better\n adhere to RFC\n - S7189103, CVE-2012-5069: Executors needs to maintain\n state\n - S7189490: More improvements to DomainCombiner checking\n - S7189567, CVE-2012-5085: java net obselete protocol\n - S7192975, CVE-2012-5071: Issue with JMX reflection\n - S7195194, CVE-2012-5084: Better data validation for\n Swing\n - S7195549, CVE-2012-5087: Better bean object persistence\n - S7195917, CVE-2012-5086: XMLDecoder parsing at\n close-time should be improved\n - S7195919, CVE-2012-5079: (sl) ServiceLoader can throw\n CCE without needing to create instance\n - S7196190, CVE-2012-5088: Improve method of handling\n MethodHandles\n - S7198296, CVE-2012-5089: Refactor classloader usage\n - S7158800: Improve storage of symbol tables\n - S7158801: Improve VM CompileOnly option\n - S7158804: Improve config file parsing\n - S7198606, CVE-2012-4416: Improve VM optimization\n * Bug fixes\n - Remove merge artefact.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00020.html\");\n script_id(850421);\n script_version(\"$Revision: 8509 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 07:57:46 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-11 18:29:55 +0530 (Mon, 11 Mar 2013)\");\n script_cve_id(\"CVE-2012-3216\", \"CVE-2012-4416\", \"CVE-2012-5068\", \"CVE-2012-5069\",\n \"CVE-2012-5070\", \"CVE-2012-5071\", \"CVE-2012-5073\", \"CVE-2012-5074\",\n \"CVE-2012-5075\", \"CVE-2012-5076\", \"CVE-2012-5077\", \"CVE-2012-5084\",\n \"CVE-2012-5085\", \"CVE-2012-5086\", \"CVE-2012-5087\", \"CVE-2012-5088\",\n \"CVE-2012-5089\", \"CVE-2012-5072\", \"CVE-2012-5081\", \"CVE-2012-5079\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"openSUSE-SU\", value: \"2012:1419_1\");\n script_name(\"SuSE Update for java-1_7_0-openjdk openSUSE-SU-2012:1419-1 (java-1_7_0-openjdk)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of java-1_7_0-openjdk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE12.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk\", rpm:\"java-1_7_0-openjdk~1.7.0.6~3.16.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-debuginfo\", rpm:\"java-1_7_0-openjdk-debuginfo~1.7.0.6~3.16.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-debugsource\", rpm:\"java-1_7_0-openjdk-debugsource~1.7.0.6~3.16.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-demo\", rpm:\"java-1_7_0-openjdk-demo~1.7.0.6~3.16.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-demo-debuginfo\", rpm:\"java-1_7_0-openjdk-demo-debuginfo~1.7.0.6~3.16.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-devel\", rpm:\"java-1_7_0-openjdk-devel~1.7.0.6~3.16.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-devel-debuginfo\", rpm:\"java-1_7_0-openjdk-devel-debuginfo~1.7.0.6~3.16.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-javadoc\", rpm:\"java-1_7_0-openjdk-javadoc~1.7.0.6~3.16.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-src\", rpm:\"java-1_7_0-openjdk-src~1.7.0.6~3.16.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-28T18:25:41", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2013-1505", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123534", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123534", "title": "Oracle Linux Local Check: ELSA-2013-1505", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2013-1505.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123534\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:05:11 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-1505\");\n script_tag(name:\"insight\", value:\"ELSA-2013-1505 - java-1.6.0-openjdk security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-1505\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-1505.html\");\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5849\", \"CVE-2013-5850\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.42.1.11.14.0.1.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.42.1.11.14.0.1.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.42.1.11.14.0.1.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.42.1.11.14.0.1.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.42.1.11.14.0.1.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T13:04:16", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2013-05-09T00:00:00", "id": "OPENVAS:1361412562310841421", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841421", "title": "Ubuntu Update for openjdk-6 USN-1819-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1819_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# Ubuntu Update for openjdk-6 USN-1819-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841421\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-05-09 10:26:30 +0530 (Thu, 09 May 2013)\");\n script_cve_id(\"CVE-2013-0401\", \"CVE-2013-1488\", \"CVE-2013-1518\", \"CVE-2013-1537\",\n \"CVE-2013-1557\", \"CVE-2013-1558\", \"CVE-2013-1569\", \"CVE-2013-2383\",\n \"CVE-2013-2384\", \"CVE-2013-2420\", \"CVE-2013-2421\", \"CVE-2013-2422\",\n \"CVE-2013-2426\", \"CVE-2013-2429\", \"CVE-2013-2430\", \"CVE-2013-2431\",\n \"CVE-2013-2436\", \"CVE-2013-2415\", \"CVE-2013-2424\", \"CVE-2013-2417\",\n \"CVE-2013-2419\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for openjdk-6 USN-1819-1\");\n\n script_xref(name:\"USN\", value:\"1819-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1819-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openjdk-6'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(12\\.04 LTS|11\\.10|10\\.04 LTS)\");\n script_tag(name:\"affected\", value:\"openjdk-6 on Ubuntu 12.04 LTS,\n Ubuntu 11.10,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Ben Murphy discovered a vulnerability in the OpenJDK JRE related to\n information disclosure and data integrity. An attacker could exploit this\n to execute arbitrary code. (CVE-2013-0401)\n\n James Forshaw discovered a vulnerability in the OpenJDK JRE related to\n information disclosure, data integrity and availability. An attacker could\n exploit this to execute arbitrary code. (CVE-2013-1488)\n\n Several vulnerabilities were discovered in the OpenJDK JRE related to\n information disclosure, data integrity and availability. An attacker could\n exploit these to cause a denial of service or expose sensitive data over\n the network. (CVE-2013-1518, CVE-2013-1537, CVE-2013-1557, CVE-2013-1558,\n CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2420, CVE-2013-2421,\n CVE-2013-2422, CVE-2013-2426, CVE-2013-2429, CVE-2013-2430, CVE-2013-2431,\n CVE-2013-2436)\n\n Two vulnerabilities were discovered in the OpenJDK JRE related to\n confidentiality. An attacker could exploit these to expose sensitive data\n over the network. (CVE-2013-2415, CVE-2013-2424)\n\n Two vulnerabilities were discovered in the OpenJDK JRE related to\n availability. An attacker could exploit these to cause a denial of service.\n (CVE-2013-2417, CVE-2013-2419)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b27-1.12.5-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm\", ver:\"6b27-1.12.5-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b27-1.12.5-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b27-1.12.5-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b27-1.12.5-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b27-1.12.5-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b27-1.12.5-0ubuntu0.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm\", ver:\"6b27-1.12.5-0ubuntu0.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b27-1.12.5-0ubuntu0.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b27-1.12.5-0ubuntu0.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b27-1.12.5-0ubuntu0.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b27-1.12.5-0ubuntu0.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b27-1.12.5-0ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b27-1.12.5-0ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b27-1.12.5-0ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b27-1.12.5-0ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b27-1.12.5-0ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-23T15:15:39", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2013-11-08T00:00:00", "id": "OPENVAS:1361412562310871062", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871062", "title": "RedHat Update for java-1.6.0-openjdk RHSA-2013:1505-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.6.0-openjdk RHSA-2013:1505-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871062\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-08 10:38:16 +0530 (Fri, 08 Nov 2013)\");\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\",\n \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\",\n \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5802\",\n \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\",\n \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\",\n \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5840\", \"CVE-2013-5842\",\n \"CVE-2013-5849\", \"CVE-2013-5850\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Update for java-1.6.0-openjdk RHSA-2013:1505-01\");\n\n\n script_tag(name:\"affected\", value:\"java-1.6.0-openjdk on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"insight\", value:\"The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime\nEnvironment and the OpenJDK 6 Java Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image\nparsing code. A specially crafted image file could trigger a Java Virtual\nMachine memory corruption and, possibly, lead to arbitrary code execution\nwith the privileges of the user running the Java Virtual Machine.\n(CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public\nproxy classes. A remote attacker could possibly use this flaw to execute\narbitrary code with the privileges of the user running the Java Virtual\nMachine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA,\nJNDI, and Libraries components in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850)\n\nMultiple input checking flaws were discovered in the JPEG image reading and\nwriting code in the 2D component. An untrusted Java application or applet\ncould use these flaws to corrupt the Java Virtual Machine memory and bypass\nJava sandbox restrictions. (CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use this\nflaw to supply a crafted XML that would be processed without the intended\nsecurity restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components\nprocesses XML inputs. A remote attacker could create a crafted XML that\nwould cause a Java application to use an excessive amount of CPU and memory\nwhen processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries,\nSwing, JAX-WS, JGSS, AWT, Beans, and Scripting components in OpenJDK. An\nuntrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2013-3829, CVE-2013-5840,\nCVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5849, CVE-2013-5790,\nCVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the Java\nVirtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2013:1505-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2013-November/msg00001.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1.6.0-openjdk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(6|5)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-12-11T19:42:39", "bulletinFamily": "unix", "description": "IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts page,\nlisted in the References section. (CVE-2013-1500, CVE-2013-1571,\nCVE-2013-2400, CVE-2013-2407, CVE-2013-2412, CVE-2013-2437, CVE-2013-2442,\nCVE-2013-2444, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2449,\nCVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454,\nCVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2458, CVE-2013-2459,\nCVE-2013-2460, CVE-2013-2462, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465,\nCVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471,\nCVE-2013-2472, CVE-2013-2473, CVE-2013-3744)\n\nRed Hat would like to thank Tim Brown for reporting CVE-2013-1500, and\nUS-CERT for reporting CVE-2013-1571. US-CERT acknowledges Oracle as the\noriginal reporter of CVE-2013-1571.\n\nAll users of java-1.7.0-ibm are advised to upgrade to these updated\npackages, containing the IBM Java SE 7 SR5 release. All running\ninstances of IBM Java must be restarted for the update to take effect.\n", "modified": "2018-06-07T09:04:24", "published": "2013-07-15T04:00:00", "id": "RHSA-2013:1060", "href": "https://access.redhat.com/errata/RHSA-2013:1060", "type": "redhat", "title": "(RHSA-2013:1060) Critical: java-1.7.0-ibm security update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-06-07T05:57:46", "bulletinFamily": "unix", "description": "Oracle Java SE version 7 includes the Oracle Java Runtime Environment and\nthe Oracle Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the Oracle Java Runtime\nEnvironment and the Oracle Java Software Development Kit. Further\ninformation about these flaws can be found on the Oracle Java SE Critical\nPatch Update Advisory page, listed in the References section.\n(CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-3143, CVE-2012-3159,\nCVE-2012-3216, CVE-2012-4416, CVE-2012-5067, CVE-2012-5068, CVE-2012-5069,\nCVE-2012-5070, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5074,\nCVE-2012-5075, CVE-2012-5076, CVE-2012-5077, CVE-2012-5079, CVE-2012-5081,\nCVE-2012-5083, CVE-2012-5084, CVE-2012-5085, CVE-2012-5086, CVE-2012-5087,\nCVE-2012-5088, CVE-2012-5089)\n\nAll users of java-1.7.0-oracle are advised to upgrade to these updated\npackages, which provide Oracle Java 7 Update 9. All running instances of\nOracle Java must be restarted for the update to take effect.\n", "modified": "2018-06-07T09:04:20", "published": "2012-10-18T04:00:00", "id": "RHSA-2012:1391", "href": "https://access.redhat.com/errata/RHSA-2012:1391", "type": "redhat", "title": "(RHSA-2012:1391) Critical: java-1.7.0-oracle security update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:42:47", "bulletinFamily": "unix", "description": "Oracle Java SE version 7 includes the Oracle Java Runtime Environment and\nthe Oracle Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the Oracle Java Runtime\nEnvironment and the Oracle Java Software Development Kit. Further\ninformation about these flaws can be found on the Oracle Java SE Critical\nPatch Update Advisory page, listed in the References section.\n(CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774, CVE-2013-5775,\nCVE-2013-5776, CVE-2013-5777, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782,\nCVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5788, CVE-2013-5789,\nCVE-2013-5790, CVE-2013-5797, CVE-2013-5800, CVE-2013-5801, CVE-2013-5802,\nCVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5810, CVE-2013-5812,\nCVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820,\nCVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830,\nCVE-2013-5831, CVE-2013-5832, CVE-2013-5838, CVE-2013-5840, CVE-2013-5842,\nCVE-2013-5843, CVE-2013-5844, CVE-2013-5846, CVE-2013-5848, CVE-2013-5849,\nCVE-2013-5850, CVE-2013-5851, CVE-2013-5852, CVE-2013-5854)\n\nAll users of java-1.7.0-oracle are advised to upgrade to these updated\npackages, which provide Oracle Java 7 Update 45 and resolve these issues.\nAll running instances of Oracle Java must be restarted for the update to\ntake effect.\n", "modified": "2018-06-07T09:04:29", "published": "2013-10-17T04:00:00", "id": "RHSA-2013:1440", "href": "https://access.redhat.com/errata/RHSA-2013:1440", "type": "redhat", "title": "(RHSA-2013:1440) Critical: java-1.7.0-oracle security update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:42:58", "bulletinFamily": "unix", "description": "Oracle Java SE version 7 includes the Oracle Java Runtime Environment and\nthe Oracle Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the Oracle Java Runtime\nEnvironment and the Oracle Java Software Development Kit. Further\ninformation about these flaws can be found on the Oracle Java SE Critical\nPatch Update Advisory page, listed in the References section.\n(CVE-2013-5870, CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888,\nCVE-2013-5889, CVE-2013-5893, CVE-2013-5895, CVE-2013-5896, CVE-2013-5898,\nCVE-2013-5899, CVE-2013-5902, CVE-2013-5904, CVE-2013-5905, CVE-2013-5906,\nCVE-2013-5907, CVE-2013-5910, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375,\nCVE-2014-0376, CVE-2014-0382, CVE-2014-0387, CVE-2014-0403, CVE-2014-0410,\nCVE-2014-0411, CVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0418,\nCVE-2014-0422, CVE-2014-0423, CVE-2014-0424, CVE-2014-0428)\n\nAll users of java-1.7.0-oracle are advised to upgrade to these updated\npackages, which provide Oracle Java 7 Update 51 and resolve these issues.\nAll running instances of Oracle Java must be restarted for the update to\ntake effect.\n", "modified": "2018-06-07T09:04:32", "published": "2014-01-15T05:00:00", "id": "RHSA-2014:0030", "href": "https://access.redhat.com/errata/RHSA-2014:0030", "type": "redhat", "title": "(RHSA-2014:0030) Critical: java-1.7.0-oracle security update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:42:33", "bulletinFamily": "unix", "description": "The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime\nEnvironment and the OpenJDK 6 Java Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image\nparsing code. A specially crafted image file could trigger a Java Virtual\nMachine memory corruption and, possibly, lead to arbitrary code execution\nwith the privileges of the user running the Java Virtual Machine.\n(CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public\nproxy classes. A remote attacker could possibly use this flaw to execute\narbitrary code with the privileges of the user running the Java Virtual\nMachine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA,\nJNDI, and Libraries components in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850)\n\nMultiple input checking flaws were discovered in the JPEG image reading and\nwriting code in the 2D component. An untrusted Java application or applet\ncould use these flaws to corrupt the Java Virtual Machine memory and bypass\nJava sandbox restrictions. (CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use this\nflaw to supply a crafted XML that would be processed without the intended\nsecurity restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components\nprocesses XML inputs. A remote attacker could create a crafted XML that\nwould cause a Java application to use an excessive amount of CPU and memory\nwhen processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries,\nSwing, JAX-WS, JGSS, AWT, Beans, and Scripting components in OpenJDK. An\nuntrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2013-3829, CVE-2013-5840,\nCVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5849, CVE-2013-5790,\nCVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the Java\nVirtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc\ndocumentation was generated from an untrusted Java source code and hosted\non a domain not controlled by the code author, these issues could make it\neasier to perform cross-site scripting attacks. (CVE-2013-5804,\nCVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings returned by\ntoString() methods. These flaws could possibly lead to an unexpected\nexposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added\ninto the HTML pages it generated. Crafted content in the memory of a Java\nprogram analyzed using jhat could possibly be used to conduct cross-site\nscripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using JGSS to\nexit. (CVE-2013-5803)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "modified": "2018-06-06T20:24:34", "published": "2013-11-05T05:00:00", "id": "RHSA-2013:1505", "href": "https://access.redhat.com/errata/RHSA-2013:1505", "type": "redhat", "title": "(RHSA-2013:1505) Important: java-1.6.0-openjdk security update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:42:32", "bulletinFamily": "unix", "description": "IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts page,\nlisted in the References section. (CVE-2013-0169, CVE-2013-0401,\nCVE-2013-1488, CVE-2013-1491, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557,\nCVE-2013-1558, CVE-2013-1563, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384,\nCVE-2013-2394, CVE-2013-2415, CVE-2013-2416, CVE-2013-2417, CVE-2013-2418,\nCVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2423, CVE-2013-2424,\nCVE-2013-2426, CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433,\nCVE-2013-2434, CVE-2013-2435, CVE-2013-2436, CVE-2013-2438, CVE-2013-2440)\n\nAll users of java-1.7.0-ibm are advised to upgrade to these updated\npackages, containing the IBM Java SE 7 SR4-FP2 release. All running\ninstances of IBM Java must be restarted for the update to take effect.\n", "modified": "2018-06-07T09:04:18", "published": "2013-05-14T04:00:00", "id": "RHSA-2013:0822", "href": "https://access.redhat.com/errata/RHSA-2013:0822", "type": "redhat", "title": "(RHSA-2013:0822) Critical: java-1.7.0-ibm security update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:43:09", "bulletinFamily": "unix", "description": "These packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the Beans,\nLibraries, Swing, and JMX components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2012-5086, CVE-2012-5087, CVE-2012-5088, CVE-2012-5084,\nCVE-2012-5089)\n\nThe default Java security properties configuration did not restrict access\nto certain com.sun.org.glassfish packages. An untrusted Java application\nor applet could use these flaws to bypass Java sandbox restrictions. This\nupdate lists those packages as restricted. (CVE-2012-5076, CVE-2012-5074)\n\nMultiple improper permission check issues were discovered in the Scripting,\nJMX, Concurrency, Libraries, and Security components in OpenJDK. An\nuntrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071,\nCVE-2012-5069, CVE-2012-5073, CVE-2012-5072)\n\nIt was discovered that java.util.ServiceLoader could create an instance of\nan incompatible class while performing provider lookup. An untrusted Java\napplication or applet could use this flaw to bypass certain Java sandbox\nrestrictions. (CVE-2012-5079)\n\nIt was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS\nimplementation did not properly handle handshake records containing an\noverly large data length value. An unauthenticated, remote attacker could\npossibly use this flaw to cause an SSL/TLS server to terminate with an\nexception. (CVE-2012-5081)\n\nIt was discovered that the JMX component in OpenJDK could perform certain\nactions in an insecure manner. An untrusted Java application or applet\ncould possibly use these flaws to disclose sensitive information.\n(CVE-2012-5070, CVE-2012-5075)\n\nA bug in the Java HotSpot Virtual Machine optimization code could cause it\nto not perform array initialization in certain cases. An untrusted Java\napplication or applet could use this flaw to disclose portions of the\nvirtual machine's memory. (CVE-2012-4416)\n\nIt was discovered that the SecureRandom class did not properly protect\nagainst the creation of multiple seeders. An untrusted Java application or\napplet could possibly use this flaw to disclose sensitive information.\n(CVE-2012-5077)\n\nIt was discovered that the java.io.FilePermission class exposed the hash\ncode of the canonicalized path name. An untrusted Java application or\napplet could possibly use this flaw to determine certain system paths, such\nas the current working directory. (CVE-2012-3216)\n\nThis update disables Gopher protocol support in the java.net package by\ndefault. Gopher support can be enabled by setting the newly introduced\nproperty, \"jdk.net.registerGopherProtocol\", to true. (CVE-2012-5085)\n\nThis erratum also upgrades the OpenJDK package to IcedTea7 2.3.3. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "modified": "2018-06-06T20:24:12", "published": "2012-10-17T04:00:00", "id": "RHSA-2012:1386", "href": "https://access.redhat.com/errata/RHSA-2012:1386", "type": "redhat", "title": "(RHSA-2012:1386) Important: java-1.7.0-openjdk security update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:43:03", "bulletinFamily": "unix", "description": "These packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple flaws were discovered in the font layout engine in the 2D\ncomponent. An untrusted Java application or applet could possibly use these\nflaws to trigger Java Virtual Machine memory corruption. (CVE-2013-1569,\nCVE-2013-2383, CVE-2013-2384)\n\nMultiple improper permission check issues were discovered in the Beans,\nLibraries, JAXP, and RMI components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-1558, CVE-2013-2422, CVE-2013-1518, CVE-2013-1557)\n\nThe previous default value of the java.rmi.server.useCodebaseOnly property\npermitted the RMI implementation to automatically load classes from\nremotely specified locations. An attacker able to connect to an application\nusing RMI could use this flaw to make the application execute arbitrary\ncode. (CVE-2013-1537)\n\nNote: The fix for CVE-2013-1537 changes the default value of the property\nto true, restricting class loading to the local CLASSPATH and locations\nspecified in the java.rmi.server.codebase property. Refer to Red Hat\nBugzilla bug 952387 for additional details.\n\nThe 2D component did not properly process certain images. An untrusted Java\napplication or applet could possibly use this flaw to trigger Java Virtual\nMachine memory corruption. (CVE-2013-2420)\n\nIt was discovered that the Hotspot component did not properly handle\ncertain intrinsic frames, and did not correctly perform MethodHandle\nlookups. An untrusted Java application or applet could use these flaws to\nbypass Java sandbox restrictions. (CVE-2013-2431, CVE-2013-2421)\n\nIt was discovered that JPEGImageReader and JPEGImageWriter in the ImageIO\ncomponent did not protect against modification of their state while\nperforming certain native code operations. An untrusted Java application or\napplet could possibly use these flaws to trigger Java Virtual Machine\nmemory corruption. (CVE-2013-2429, CVE-2013-2430)\n\nThe JDBC driver manager could incorrectly call the toString() method in\nJDBC drivers, and the ConcurrentHashMap class could incorrectly call the\ndefaultReadObject() method. An untrusted Java application or applet could\npossibly use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-1488, CVE-2013-2426)\n\nThe sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly\ninvoke the system class loader. An untrusted Java application or applet\ncould possibly use this flaw to bypass certain Java sandbox restrictions.\n(CVE-2013-0401)\n\nFlaws were discovered in the Network component's InetAddress serialization,\nand the 2D component's font handling. An untrusted Java application or\napplet could possibly use these flaws to crash the Java Virtual Machine.\n(CVE-2013-2417, CVE-2013-2419)\n\nThe MBeanInstantiator class implementation in the OpenJDK JMX component did\nnot properly check class access before creating new instances. An untrusted\nJava application or applet could use this flaw to create instances of\nnon-public classes. (CVE-2013-2424)\n\nIt was discovered that JAX-WS could possibly create temporary files with\ninsecure permissions. A local attacker could use this flaw to access\ntemporary files created by an application using JAX-WS. (CVE-2013-2415)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.10. Refer\nto the NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "modified": "2018-06-06T20:24:08", "published": "2013-04-24T04:00:00", "id": "RHSA-2013:0770", "href": "https://access.redhat.com/errata/RHSA-2013:0770", "type": "redhat", "title": "(RHSA-2013:0770) Important: java-1.6.0-openjdk security update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:41:29", "bulletinFamily": "unix", "description": "These packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple flaws were discovered in the ImagingLib and the image attribute,\nchannel, layout and raster processing in the 2D component. An untrusted\nJava application or applet could possibly use these flaws to trigger Java\nVirtual Machine memory corruption. (CVE-2013-2470, CVE-2013-2471,\nCVE-2013-2472, CVE-2013-2473, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469)\n\nInteger overflow flaws were found in the way AWT processed certain input.\nAn attacker could use these flaws to execute arbitrary code with the\nprivileges of the user running an untrusted Java applet or application.\n(CVE-2013-2459)\n\nMultiple improper permission check issues were discovered in the Sound and\nJMX components in OpenJDK. An untrusted Java application or applet could\nuse these flaws to bypass Java sandbox restrictions. (CVE-2013-2448,\nCVE-2013-2457, CVE-2013-2453)\n\nMultiple flaws in the Serialization, Networking, Libraries and CORBA\ncomponents can be exploited by an untrusted Java application or applet to\ngain access to potentially sensitive information. (CVE-2013-2456,\nCVE-2013-2447, CVE-2013-2455, CVE-2013-2452, CVE-2013-2443, CVE-2013-2446)\n\nIt was discovered that the Hotspot component did not properly handle\nout-of-memory errors. An untrusted Java application or applet could\npossibly use these flaws to terminate the Java Virtual Machine.\n(CVE-2013-2445)\n\nIt was discovered that the AWT component did not properly manage certain\nresources and that the ObjectStreamClass of the Serialization component\ndid not properly handle circular references. An untrusted Java application\nor applet could possibly use these flaws to cause a denial of service.\n(CVE-2013-2444, CVE-2013-2450)\n\nIt was discovered that the Libraries component contained certain errors\nrelated to XML security and the class loader. A remote attacker could\npossibly exploit these flaws to bypass intended security mechanisms or\ndisclose potentially sensitive information and cause a denial of service.\n(CVE-2013-2407, CVE-2013-2461)\n\nIt was discovered that JConsole did not properly inform the user when\nestablishing an SSL connection failed. An attacker could exploit this flaw\nto gain access to potentially sensitive information. (CVE-2013-2412)\n\nIt was found that documentation generated by Javadoc was vulnerable to a\nframe injection attack. If such documentation was accessible over a\nnetwork, and a remote attacker could trick a user into visiting a\nspecially-crafted URL, it would lead to arbitrary web content being\ndisplayed next to the documentation. This could be used to perform a\nphishing attack by providing frame content that spoofed a login form on\nthe site hosting the vulnerable documentation. (CVE-2013-1571)\n\nIt was discovered that the 2D component created shared memory segments with\ninsecure permissions. A local attacker could use this flaw to read or write\nto the shared memory segment. (CVE-2013-1500)\n\nRed Hat would like to thank US-CERT for reporting CVE-2013-1571, and Tim\nBrown for reporting CVE-2013-1500. US-CERT acknowledges Oracle as the\noriginal reporter of CVE-2013-1571.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "modified": "2018-06-06T20:24:18", "published": "2013-07-03T04:00:00", "id": "RHSA-2013:1014", "href": "https://access.redhat.com/errata/RHSA-2013:1014", "type": "redhat", "title": "(RHSA-2013:1014) Important: java-1.6.0-openjdk security update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T12:42:50", "bulletinFamily": "unix", "description": "java-1_7_0-opendjk was updated to icedtea-2.3.3 (bnc#785814)\n * Security fixes\n - S6631398, CVE-2012-3216: FilePermission improved path\n checking\n - S7093490: adjust package access in rmiregistry\n - S7143535, CVE-2012-5068: ScriptEngine corrected\n permissions\n - S7158796, CVE-2012-5070: Tighten properties checking in\n EnvHelp\n - S7158807: Revise stack management with volatile call\n sites\n - S7163198, CVE-2012-5076: Tightened package accessibility\n - S7167656, CVE-2012-5077: Multiple Seeders are being\n created\n - S7169884, CVE-2012-5073: LogManager checks do not work\n correctly for sub-types\n - S7169887, CVE-2012-5074: Tightened package accessibility\n - S7169888, CVE-2012-5075: Narrowing resource definitions\n in JMX RMI connector\n - S7172522, CVE-2012-5072: Improve DomainCombiner checking\n - S7186286, CVE-2012-5081: TLS implementation to better\n adhere to RFC\n - S7189103, CVE-2012-5069: Executors needs to maintain\n state\n - S7189490: More improvements to DomainCombiner checking\n - S7189567, CVE-2012-5085: java net obselete protocol\n - S7192975, CVE-2012-5071: Issue with JMX reflection\n - S7195194, CVE-2012-5084: Better data validation for\n Swing\n - S7195549, CVE-2012-5087: Better bean object persistence\n - S7195917, CVE-2012-5086: XMLDecoder parsing at\n close-time should be improved\n - S7195919, CVE-2012-5079: (sl) ServiceLoader can throw\n CCE without needing to create instance\n - S7196190, CVE-2012-5088: Improve method of handling\n MethodHandles\n - S7198296, CVE-2012-5089: Refactor classloader usage\n - S7158800: Improve storage of symbol tables\n - S7158801: Improve VM CompileOnly option\n - S7158804: Improve config file parsing\n - S7198606, CVE-2012-4416: Improve VM optimization\n * Bug fixes\n - Remove merge artefact.\n\n", "modified": "2012-10-31T16:11:24", "published": "2012-10-31T16:11:24", "id": "OPENSUSE-SU-2012:1419-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00020.html", "type": "suse", "title": "java-1_7_0-openjdk: Update to icedtea-2.3.3 (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:03:49", "bulletinFamily": "unix", "description": "This update contains the Oracle January 14 2014 CPU for\n java-1_7_0-ibm.\n\n Find more information at:\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/#Oracle_Ja\">http://www.ibm.com/developerworks/java/jdk/alerts/#Oracle_Ja</a>\n nuary_14_2014_CPU\n <<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/#Oracle_J\">http://www.ibm.com/developerworks/java/jdk/alerts/#Oracle_J</a>\n anuary_14_2014_CPU>\n", "modified": "2014-02-18T13:04:15", "published": "2014-02-18T13:04:15", "id": "SUSE-SU-2014:0246-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html", "type": "suse", "title": "Security update for IBM Java (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:46:23", "bulletinFamily": "unix", "description": "IBM Java 1.7.0 has been updated to SR3 which fixes bugs and\n security issues.\n\n More information can be found on:\n\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n <<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>>\n\n CVEs fixed:\n CVE-2012-3159,CVE-2012-3216,CVE-2012-5070,CVE-2012-5067,CVE-\n 2012-3143,CVE-2012-5076,CVE-2012-5077,CVE-2012-5073,CVE-2012\n -5074,CVE-2012-5075,CVE-2012-5083,CVE-2012-5083,CVE-2012-507\n 2,CVE-2012-1531,CVE-2012-5081,CVE-2012-1532,CVE-2012-1533,CV\n E-2012-5069,CVE-2012-5071,CVE-2012-5084,CVE-2012-5087,CVE-20\n 12-5086,CVE-2012-5079,CVE-2012-5088,CVE-2012-5089\n\n", "modified": "2012-11-21T18:08:45", "published": "2012-11-21T18:08:45", "id": "SUSE-SU-2012:1489-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00014.html", "type": "suse", "title": "Security update for IBM Java 1.7.0 (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:46:48", "bulletinFamily": "unix", "description": "[1.7.0.9-2.3.3.0.1.el6_3.1]\n- Update DISTRO_NAME in specfile\n[1.7.0.9-2.3.3.el6.1]\n- Changed permissions of sa-jdi.jar to correct 644\n- Resolves: rhbz#865050\n[1.7.0.9-2.3.3.el6]\n- Updated to 2.3.3\n- Updated java-1.7.0-openjdk-java-access-bridge-security.patch\n- Resolves rhbz#s 856124, 865346, 865348, 865350, 865352, 865354, 865357,\n 865359, 865363, 865365, 865370, 865428, 865471, 865434, 865511, 865514,\n 865519, 865531, 865541, 865568\n[1.7.0.5-2.3.2.el6.1]\n- Cleanup before security release\n- Updated to latest IcedTea7-forest 2.3\n- Resolves: rhbz#852299\n[1.7.0.5-2.2.1.1.el6.4]\n- Cleanup before security release\n- Removed patches:\n patch 1001 sec-webrevs-openjdk7-29_aug_2012-7162473.patch\n patch 1002 sec-webrevs-openjdk7-29_aug_2012-7162476.patch\n patch 1003 sec-webrevs-openjdk7-29_aug_2012-7163201.patch\n patch 1004 sec-webrevs-openjdk7-29_aug_2012-7194567.patch\n patch 1005 sec-webrevs-openjdk7-29_aug_2012-78e01a6ca8d3.patch\n- Resolves: rhbz#852299", "modified": "2012-10-17T00:00:00", "published": "2012-10-17T00:00:00", "id": "ELSA-2012-1386", "href": "http://linux.oracle.com/errata/ELSA-2012-1386.html", "title": "java-1.7.0-openjdk security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:42:56", "bulletinFamily": "unix", "description": "[1:1.6.0.0-1.61.1.11.11]\n- added and applied (temporally) patch10 fixToFontSecurityFix.patch.\n - fixing regression in fonts introduced by one security patch.\n- Resolves: rhbz#950386\n[1:1.6.0.0-1.60.1.11.11]\n- added and applied (temporally) one more patch to xalan/xerces privileges\n - patch9 jaxp-backport-factoryfinder.patch\n- will be upstreamed\n- Resolves: rhbz#950386\n[1:1.6.0.0-1.59.1.11.11]\n- Updated to icedtea6 1.11.11 - fixed xalan/xerxes privledges\n- removed patch 8 - removingOfAarch64.patch.patch - fixed upstream\n- Resolves: rhbz#950386\n[1:1.6.0.0-1.58.1.11.10]\n- Updated to icedtea6 1.11.10\n- rewritten java-1.6.0-openjdk-java-access-bridge-security.patch\n- excluded aarch64.patch\n - by patch 8 - removingOfAarch64.patch.patch\n- Resolves: rhbz#950386", "modified": "2013-04-24T00:00:00", "published": "2013-04-24T00:00:00", "id": "ELSA-2013-0770", "href": "http://linux.oracle.com/errata/ELSA-2013-0770.html", "title": "java-1.6.0-openjdk security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:40:51", "bulletinFamily": "unix", "description": "[1:1.6.0.0-1.62.1.11.11.90]\n- updated to icedtea6-1.11.11.90.tar.gz\n- removed upstreamed patch9 jaxp-backport-factoryfinder.patch\n- removed upstreamed patch10 fixToFontSecurityFix.patch.\n- modified patch3, java-1.6.0-openjdk-java-access-bridge-security.patch\n- Resolves: rhbz#973129", "modified": "2013-07-03T00:00:00", "published": "2013-07-03T00:00:00", "id": "ELSA-2013-1014", "href": "http://linux.oracle.com/errata/ELSA-2013-1014.html", "title": "java-1.6.0-openjdk security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:25:12", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2013:1505\n\n\nThe java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime\nEnvironment and the OpenJDK 6 Java Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image\nparsing code. A specially crafted image file could trigger a Java Virtual\nMachine memory corruption and, possibly, lead to arbitrary code execution\nwith the privileges of the user running the Java Virtual Machine.\n(CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public\nproxy classes. A remote attacker could possibly use this flaw to execute\narbitrary code with the privileges of the user running the Java Virtual\nMachine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA,\nJNDI, and Libraries components in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850)\n\nMultiple input checking flaws were discovered in the JPEG image reading and\nwriting code in the 2D component. An untrusted Java application or applet\ncould use these flaws to corrupt the Java Virtual Machine memory and bypass\nJava sandbox restrictions. (CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use this\nflaw to supply a crafted XML that would be processed without the intended\nsecurity restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components\nprocesses XML inputs. A remote attacker could create a crafted XML that\nwould cause a Java application to use an excessive amount of CPU and memory\nwhen processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries,\nSwing, JAX-WS, JGSS, AWT, Beans, and Scripting components in OpenJDK. An\nuntrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2013-3829, CVE-2013-5840,\nCVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5849, CVE-2013-5790,\nCVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the Java\nVirtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc\ndocumentation was generated from an untrusted Java source code and hosted\non a domain not controlled by the code author, these issues could make it\neasier to perform cross-site scripting attacks. (CVE-2013-5804,\nCVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings returned by\ntoString() methods. These flaws could possibly lead to an unexpected\nexposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added\ninto the HTML pages it generated. Crafted content in the memory of a Java\nprogram analyzed using jhat could possibly be used to conduct cross-site\nscripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using JGSS to\nexit. (CVE-2013-5803)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-November/020016.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-November/020019.html\n\n**Affected packages:**\njava-1.6.0-openjdk\njava-1.6.0-openjdk-demo\njava-1.6.0-openjdk-devel\njava-1.6.0-openjdk-javadoc\njava-1.6.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-1505.html", "modified": "2013-11-05T21:41:40", "published": "2013-11-05T20:45:16", "href": "http://lists.centos.org/pipermail/centos-announce/2013-November/020016.html", "id": "CESA-2013:1505", "title": "java security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:26:56", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2012:1386\n\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the Beans,\nLibraries, Swing, and JMX components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2012-5086, CVE-2012-5087, CVE-2012-5088, CVE-2012-5084,\nCVE-2012-5089)\n\nThe default Java security properties configuration did not restrict access\nto certain com.sun.org.glassfish packages. An untrusted Java application\nor applet could use these flaws to bypass Java sandbox restrictions. This\nupdate lists those packages as restricted. (CVE-2012-5076, CVE-2012-5074)\n\nMultiple improper permission check issues were discovered in the Scripting,\nJMX, Concurrency, Libraries, and Security components in OpenJDK. An\nuntrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071,\nCVE-2012-5069, CVE-2012-5073, CVE-2012-5072)\n\nIt was discovered that java.util.ServiceLoader could create an instance of\nan incompatible class while performing provider lookup. An untrusted Java\napplication or applet could use this flaw to bypass certain Java sandbox\nrestrictions. (CVE-2012-5079)\n\nIt was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS\nimplementation did not properly handle handshake records containing an\noverly large data length value. An unauthenticated, remote attacker could\npossibly use this flaw to cause an SSL/TLS server to terminate with an\nexception. (CVE-2012-5081)\n\nIt was discovered that the JMX component in OpenJDK could perform certain\nactions in an insecure manner. An untrusted Java application or applet\ncould possibly use these flaws to disclose sensitive information.\n(CVE-2012-5070, CVE-2012-5075)\n\nA bug in the Java HotSpot Virtual Machine optimization code could cause it\nto not perform array initialization in certain cases. An untrusted Java\napplication or applet could use this flaw to disclose portions of the\nvirtual machine's memory. (CVE-2012-4416)\n\nIt was discovered that the SecureRandom class did not properly protect\nagainst the creation of multiple seeders. An untrusted Java application or\napplet could possibly use this flaw to disclose sensitive information.\n(CVE-2012-5077)\n\nIt was discovered that the java.io.FilePermission class exposed the hash\ncode of the canonicalized path name. An untrusted Java application or\napplet could possibly use this flaw to determine certain system paths, such\nas the current working directory. (CVE-2012-3216)\n\nThis update disables Gopher protocol support in the java.net package by\ndefault. Gopher support can be enabled by setting the newly introduced\nproperty, \"jdk.net.registerGopherProtocol\", to true. (CVE-2012-5085)\n\nThis erratum also upgrades the OpenJDK package to IcedTea7 2.3.3. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-October/018947.html\n\n**Affected packages:**\njava-1.7.0-openjdk\njava-1.7.0-openjdk-demo\njava-1.7.0-openjdk-devel\njava-1.7.0-openjdk-javadoc\njava-1.7.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-1386.html", "modified": "2012-10-17T17:16:08", "published": "2012-10-17T17:16:08", "href": "http://lists.centos.org/pipermail/centos-announce/2012-October/018947.html", "id": "CESA-2012:1386", "title": "java security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:26:22", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2013:0770\n\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple flaws were discovered in the font layout engine in the 2D\ncomponent. An untrusted Java application or applet could possibly use these\nflaws to trigger Java Virtual Machine memory corruption. (CVE-2013-1569,\nCVE-2013-2383, CVE-2013-2384)\n\nMultiple improper permission check issues were discovered in the Beans,\nLibraries, JAXP, and RMI components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-1558, CVE-2013-2422, CVE-2013-1518, CVE-2013-1557)\n\nThe previous default value of the java.rmi.server.useCodebaseOnly property\npermitted the RMI implementation to automatically load classes from\nremotely specified locations. An attacker able to connect to an application\nusing RMI could use this flaw to make the application execute arbitrary\ncode. (CVE-2013-1537)\n\nNote: The fix for CVE-2013-1537 changes the default value of the property\nto true, restricting class loading to the local CLASSPATH and locations\nspecified in the java.rmi.server.codebase property. Refer to Red Hat\nBugzilla bug 952387 for additional details.\n\nThe 2D component did not properly process certain images. An untrusted Java\napplication or applet could possibly use this flaw to trigger Java Virtual\nMachine memory corruption. (CVE-2013-2420)\n\nIt was discovered that the Hotspot component did not properly handle\ncertain intrinsic frames, and did not correctly perform MethodHandle\nlookups. An untrusted Java application or applet could use these flaws to\nbypass Java sandbox restrictions. (CVE-2013-2431, CVE-2013-2421)\n\nIt was discovered that JPEGImageReader and JPEGImageWriter in the ImageIO\ncomponent did not protect against modification of their state while\nperforming certain native code operations. An untrusted Java application or\napplet could possibly use these flaws to trigger Java Virtual Machine\nmemory corruption. (CVE-2013-2429, CVE-2013-2430)\n\nThe JDBC driver manager could incorrectly call the toString() method in\nJDBC drivers, and the ConcurrentHashMap class could incorrectly call the\ndefaultReadObject() method. An untrusted Java application or applet could\npossibly use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-1488, CVE-2013-2426)\n\nThe sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly\ninvoke the system class loader. An untrusted Java application or applet\ncould possibly use this flaw to bypass certain Java sandbox restrictions.\n(CVE-2013-0401)\n\nFlaws were discovered in the Network component's InetAddress serialization,\nand the 2D component's font handling. An untrusted Java application or\napplet could possibly use these flaws to crash the Java Virtual Machine.\n(CVE-2013-2417, CVE-2013-2419)\n\nThe MBeanInstantiator class implementation in the OpenJDK JMX component did\nnot properly check class access before creating new instances. An untrusted\nJava application or applet could use this flaw to create instances of\nnon-public classes. (CVE-2013-2424)\n\nIt was discovered that JAX-WS could possibly create temporary files with\ninsecure permissions. A local attacker could use this flaw to access\ntemporary files created by an application using JAX-WS. (CVE-2013-2415)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.10. Refer\nto the NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-April/019703.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-April/019705.html\n\n**Affected packages:**\njava-1.6.0-openjdk\njava-1.6.0-openjdk-demo\njava-1.6.0-openjdk-devel\njava-1.6.0-openjdk-javadoc\njava-1.6.0-openjdk-src\n\n**Upstream details at:**\n\nhttps://rhn.redhat.com/errata/RHSA-2013-0770.html", "modified": "2013-04-24T21:40:25", "published": "2013-04-24T20:56:24", "href": "http://lists.centos.org/pipermail/centos-announce/2013-April/019705.html", "id": "CESA-2013:0770", "title": "java security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "threatpost": [{"lastseen": "2018-10-06T23:02:04", "bulletinFamily": "info", "description": "[](<https://threatpost.com/apple-patches-java-flaws-101812/>)Apple has released a patch that fixes a laundry list of vulnerabilities in Java after [Oracle pushed out a fix](<https://threatpost.com/oracle-leaves-fix-java-se-zero-day-until-february-patch-update-101712/>) for the technology for users of Windows and other platforms. The patch from Apple also completely disables the Java plugin in users\u2019 browsers in order to prevent users from falling victim to new attacks on the oft-vulnerable application.\n\nApple for some time has pushed out its own patches for Oracle\u2019s Java technology because the company doesn\u2019t like third-party vendors pushing updates to its users. That\u2019s going to change, as Oracle now has the ability to update Java on Mac OS X. The latest [Java patch for OS X](<http://lists.apple.com/archives/security-announce/2012/Oct/msg00001.html>) fixes a large number of vulnerabilities in the application. \n\n\u201cMultiple vulnerabilities exist in Java 1.6.0_35, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_37,\u201d Apple\u2019s security advisory said.\n\nThe new patches for Java are available for Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 or later, OS X Lion Server v10.7 or later, OS X Mountain Lion 10.8 or later. The list of vulnerabilities fixed by the Apple Java patch are:\n\nCVE-2012-1531 CVE-2012-1532 CVE-2012-1533 CVE-2012-3143 CVE-2012-3159 CVE-2012-3216 CVE-2012-4416 CVE-2012-5068 CVE-2012-5069 CVE-2012-5071 CVE-2012-5072 CVE-2012-5073 CVE-2012-5075 CVE-2012-5077 CVE-2012-5079 CVE-2012-5081 CVE-2012-5083 CVE-2012-5084 CVE-2012-5086 CVE-2012-5089\n\nJava has emerged as one of the key targets for attackers, who have been exploiting vulnerabilities in the application for fun and profit for years now. Some groups have used previously unknown Java bugs in targeted attacks, but it\u2019s often the case that users don\u2019t update their Java plugins on a regular basis, so attacks on older vulnerabilities are quite common, as well.\n", "modified": "2013-04-17T16:31:22", "published": "2012-10-18T13:44:08", "id": "THREATPOST:44E8157609650EEB3E678BC8C1CDF059", "href": "https://threatpost.com/apple-patches-java-flaws-101812/77126/", "type": "threatpost", "title": "Apple Patches Java Flaws", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:47", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2013-04-16-2 Java for OS X 2013-003 and\r\nMac OS X v10.6 Update 15\r\n\r\nJava for OS X 2013-003 and Mac OS X v10.6 Update 15 are now available\r\nand address the following:\r\n\r\nJava\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 or later, OS X Lion Server v10.7 or later,\r\nOS X Mountain Lion 10.8 or later\r\nImpact: Multiple vulnerabilities in Java 1.6.0_43\r\nDescription: Multiple vulnerabilities existed in Java 1.6.0_43, the\r\nmost serious of which may allow an untrusted Java applet to execute\r\narbitrary code outside the Java sandbox. Visiting a web page\r\ncontaining a maliciously crafted untrusted Java applet may lead to\r\narbitrary code execution with the privileges of the current user.\r\nThese issues were addressed by updating to Java version 1.6.0_45.\r\nFurther information is available via the Java website at http://www.o\r\nracle.com/technetwork/java/javase/releasenotes-136954.html\r\nCVE-ID\r\nCVE-2013-1491\r\nCVE-2013-1537\r\nCVE-2013-1540\r\nCVE-2013-1557\r\nCVE-2013-1558\r\nCVE-2013-1563\r\nCVE-2013-1569\r\nCVE-2013-2383\r\nCVE-2013-2384\r\nCVE-2013-2394\r\nCVE-2013-2417\r\nCVE-2013-2419\r\nCVE-2013-2420\r\nCVE-2013-2422\r\nCVE-2013-2424\r\nCVE-2013-2429\r\nCVE-2013-2430\r\nCVE-2013-2432\r\nCVE-2013-2435\r\nCVE-2013-2437\r\nCVE-2013-2440\r\n\r\n\r\nJava for OS X 2013-003 and Mac OS X v10.6 Update 15\r\nmay be obtained from the Software Update pane in System Preferences,\r\nMac App Store, or Apple's Software Downloads web site:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nFor Mac OS X v10.6 systems\r\nThe download file is named: JavaForMacOSX10.6.Update15.dmg\r\nIts SHA-1 digest is: 56a950f7a89f2a1c39de01b2b1998986f132be57\r\n\r\nFor OS X Lion and Mountain Lion systems\r\nThe download file is named: JavaForOSX2013-003.dmg\r\nIts SHA-1 digest is: 3393ff8642b6e29cacaf10fbb04f76e657cc313a\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.17 (Darwin)\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBAgAGBQJRbatSAAoJEPefwLHPlZEwsl4P/ixeRjTgN3MFTNK4VTobV93j\r\nzbj99S53RY0R7vOd7lZe6QMnLjvAEC+wF5BEsWcLbI/+L1ewufE62TeC3K0v7QH6\r\nGExzGa41GCfICF3cUSQNopXy3KvskLACpOmK3LKxUUtP2NL7+As3HpXyaU3pPvxk\r\nEQE/Af9p4IzPECvZzBe8KfJuQWeUWYiQhN+nH6ei4E2FS6vXaUlTpOn6sUVyeDfR\r\nJX3NFmbXuJB0RKQcKicGSx8x1lZTRFSVPbb6HPfcvHHnfUe2WqqA6SwUZavrtY6C\r\njiSqAB5Vog8oTP4XZhgrxPlqohZqnYJ7Fnimrk+LeiPrJ2Is3W6TM9kEhU6vfgCm\r\nxIDC0GuZRToiWDzUQskeNitUDLGYz+32a/4ZyFLGtHZdiGhOgiuqGuYPnCdRvhGt\r\n9kMgcOC5f/C1uBNAw8pCDfsqm00dmA6IV1QRHZLGKQhUsiu3PbhftB0EiUiEwlcX\r\nla5Xvp+3AkupO8Gc0JOnAvVgYy7s6IupHUzwsMD3vDEzaF1lrQ6+z6tjhibhc+mb\r\ny0VycheIUSUyNuLt6js06wyhK8VW5vkNFG+Ogj1xm/3Y2sSJQfxGsOMqRwrkBN7p\r\nEEKV7Nck9G/qsuKBzEZJ3CFDkF6RJezoYN8v3QG+sZLEt4WFVkmtG86NgEVPu6gp\r\ntyT4/+vnaqKDRbcwCKXy\r\n=bvDt\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2013-04-22T00:00:00", "published": "2013-04-22T00:00:00", "id": "SECURITYVULNS:DOC:29268", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29268", "title": "APPLE-SA-2013-04-16-2 Java for OS X 2013-003 and Mac OS X v10.6 Update 15", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-18T13:49:54", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2727-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJuly 25, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openjdk-6\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2013-1500 CVE-2013-1571 CVE-2013-2407 CVE-2013-2412 \n CVE-2013-2443 CVE-2013-2444 CVE-2013-2445 CVE-2013-2446 \n CVE-2013-2447 CVE-2013-2448 CVE-2013-2450 CVE-2013-2451 \n CVE-2013-2452 CVE-2013-2453 CVE-2013-2455 CVE-2013-2456 \n CVE-2013-2457 CVE-2013-2459 CVE-2013-2461 CVE-2013-2463 \n CVE-2013-2465 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 \n CVE-2013-2472 CVE-2013-2473\n\nSeveral vulnerabilities have been discovered in OpenJDK, an \nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, breakouts of the Java sandbox, information disclosure\nor denial of service.\n\nFor the oldstable distribution (squeeze), these problems have been fixed in\nversion 6b27-1.12.6-1~deb6u1.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 6b27-1.12.6-1~deb7u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 6b27-1.12.6-1.\n\nWe recommend that you upgrade your openjdk-6 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2013-07-25T21:12:25", "published": "2013-07-25T21:12:25", "id": "DEBIAN:DSA-2727-1:34891", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2013/msg00137.html", "title": "[SECURITY] [DSA 2727-1] openjdk-6 security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "amazon": [{"lastseen": "2018-10-02T16:55:19", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nMultiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. ([CVE-2013-1569 __](<https://access.redhat.com/security/cve/CVE-2013-1569>), [CVE-2013-2383 __](<https://access.redhat.com/security/cve/CVE-2013-2383>), [CVE-2013-2384 __](<https://access.redhat.com/security/cve/CVE-2013-2384>))\n\nMultiple improper permission check issues were discovered in the Beans, Libraries, JAXP, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. ([CVE-2013-1558 __](<https://access.redhat.com/security/cve/CVE-2013-1558>), [CVE-2013-2422 __](<https://access.redhat.com/security/cve/CVE-2013-2422>), [CVE-2013-1518 __](<https://access.redhat.com/security/cve/CVE-2013-1518>), [CVE-2013-1557 __](<https://access.redhat.com/security/cve/CVE-2013-1557>))\n\nThe previous default value of the java.rmi.server.useCodebaseOnly property permitted the RMI implementation to automatically load classes from remotely specified locations. An attacker able to connect to an application using RMI could use this flaw to make the application execute arbitrary code. ([CVE-2013-1537 __](<https://access.redhat.com/security/cve/CVE-2013-1537>))\n\nThe 2D component did not properly process certain images. An untrusted Java application or applet could possibly use this flaw to trigger Java Virtual Machine memory corruption. ([CVE-2013-2420 __](<https://access.redhat.com/security/cve/CVE-2013-2420>))\n\nIt was discovered that the Hotspot component did not properly handle certain intrinsic frames, and did not correctly perform MethodHandle lookups. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. ([CVE-2013-2431 __](<https://access.redhat.com/security/cve/CVE-2013-2431>), [CVE-2013-2421 __](<https://access.redhat.com/security/cve/CVE-2013-2421>))\n\nIt was discovered that JPEGImageReader and JPEGImageWriter in the ImageIO component did not protect against modification of their state while performing certain native code operations. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. ([CVE-2013-2429 __](<https://access.redhat.com/security/cve/CVE-2013-2429>), [CVE-2013-2430 __](<https://access.redhat.com/security/cve/CVE-2013-2430>))\n\nThe JDBC driver manager could incorrectly call the toString() method in JDBC drivers, and the ConcurrentHashMap class could incorrectly call the defaultReadObject() method. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. ([CVE-2013-1488 __](<https://access.redhat.com/security/cve/CVE-2013-1488>), [CVE-2013-2426 __](<https://access.redhat.com/security/cve/CVE-2013-2426>))\n\nThe sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly invoke the system class loader. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions. ([CVE-2013-0401 __](<https://access.redhat.com/security/cve/CVE-2013-0401>))\n\nFlaws were discovered in the Network component's InetAddress serialization, and the 2D component's font handling. An untrusted Java application or applet could possibly use these flaws to crash the Java Virtual Machine. ([CVE-2013-2417 __](<https://access.redhat.com/security/cve/CVE-2013-2417>), [CVE-2013-2419 __](<https://access.redhat.com/security/cve/CVE-2013-2419>))\n\nThe MBeanInstantiator class implementation in the OpenJDK JMX component did not properly check class access before creating new instances. An untrusted Java application or applet could use this flaw to create instances of non-public classes. ([CVE-2013-2424 __](<https://access.redhat.com/security/cve/CVE-2013-2424>))\n\nIt was discovered that JAX-WS could possibly create temporary files with insecure permissions. A local attacker could use this flaw to access temporary files created by an application using JAX-WS. ([CVE-2013-2415 __](<https://access.redhat.com/security/cve/CVE-2013-2415>))\n\n \n**Affected Packages:** \n\n\njava-1.6.0-openjdk\n\n \n**Issue Correction:** \nRun _yum update java-1.6.0-openjdk_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n java-1.6.0-openjdk-debuginfo-1.6.0.0-61.1.11.11.53.amzn1.i686 \n java-1.6.0-openjdk-javadoc-1.6.0.0-61.1.11.11.53.amzn1.i686 \n java-1.6.0-openjdk-devel-1.6.0.0-61.1.11.11.53.amzn1.i686 \n java-1.6.0-openjdk-demo-1.6.0.0-61.1.11.11.53.amzn1.i686 \n java-1.6.0-openjdk-src-1.6.0.0-61.1.11.11.53.amzn1.i686 \n java-1.6.0-openjdk-1.6.0.0-61.1.11.11.53.amzn1.i686 \n \n src: \n java-1.6.0-openjdk-1.6.0.0-61.1.11.11.53.amzn1.src \n \n x86_64: \n java-1.6.0-openjdk-src-1.6.0.0-61.1.11.11.53.amzn1.x86_64 \n java-1.6.0-openjdk-demo-1.6.0.0-61.1.11.11.53.amzn1.x86_64 \n java-1.6.0-openjdk-javadoc-1.6.0.0-61.1.11.11.53.amzn1.x86_64 \n java-1.6.0-openjdk-1.6.0.0-61.1.11.11.53.amzn1.x86_64 \n java-1.6.0-openjdk-devel-1.6.0.0-61.1.11.11.53.amzn1.x86_64 \n java-1.6.0-openjdk-debuginfo-1.6.0.0-61.1.11.11.53.amzn1.x86_64 \n \n \n", "modified": "2014-09-15T22:53:00", "published": "2014-09-15T22:53:00", "id": "ALAS-2013-185", "href": "https://alas.aws.amazon.com/ALAS-2013-185.html", "title": "Important: java-1.6.0-openjdk", "type": "amazon", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-02T16:55:17", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nMultiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. ([CVE-2013-2470 __](<https://access.redhat.com/security/cve/CVE-2013-2470>), [CVE-2013-2471 __](<https://access.redhat.com/security/cve/CVE-2013-2471>), [CVE-2013-2472 __](<https://access.redhat.com/security/cve/CVE-2013-2472>), [CVE-2013-2473 __](<https://access.redhat.com/security/cve/CVE-2013-2473>), [CVE-2013-2463 __](<https://access.redhat.com/security/cve/CVE-2013-2463>), [CVE-2013-2465 __](<https://access.redhat.com/security/cve/CVE-2013-2465>), [CVE-2013-2469 __](<https://access.redhat.com/security/cve/CVE-2013-2469>))\n\nInteger overflow flaws were found in the way AWT processed certain input. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted Java applet or application. ([CVE-2013-2459 __](<https://access.redhat.com/security/cve/CVE-2013-2459>))\n\nMultiple improper permission check issues were discovered in the Sound and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. ([CVE-2013-2448 __](<https://access.redhat.com/security/cve/CVE-2013-2448>), [CVE-2013-2457 __](<https://access.redhat.com/security/cve/CVE-2013-2457>), [CVE-2013-2453 __](<https://access.redhat.com/security/cve/CVE-2013-2453>))\n\nMultiple flaws in the Serialization, Networking, Libraries and CORBA components can be exploited by an untrusted Java application or applet to gain access to potentially sensitive information. ([CVE-2013-2456 __](<https://access.redhat.com/security/cve/CVE-2013-2456>), [CVE-2013-2447 __](<https://access.redhat.com/security/cve/CVE-2013-2447>), [CVE-2013-2455 __](<https://access.redhat.com/security/cve/CVE-2013-2455>), [CVE-2013-2452 __](<https://access.redhat.com/security/cve/CVE-2013-2452>), [CVE-2013-2443 __](<https://access.redhat.com/security/cve/CVE-2013-2443>), [CVE-2013-2446 __](<https://access.redhat.com/security/cve/CVE-2013-2446>))\n\nIt was discovered that the Hotspot component did not properly handle out-of-memory errors. An untrusted Java application or applet could possibly use these flaws to terminate the Java Virtual Machine. ([CVE-2013-2445 __](<https://access.redhat.com/security/cve/CVE-2013-2445>))\n\nIt was discovered that the AWT component did not properly manage certain resources and that the ObjectStreamClass of the Serialization component did not properly handle circular references. An untrusted Java application or applet could possibly use these flaws to cause a denial of service. ([CVE-2013-2444 __](<https://access.redhat.com/security/cve/CVE-2013-2444>), [CVE-2013-2450 __](<https://access.redhat.com/security/cve/CVE-2013-2450>))\n\nIt was discovered that the Libraries component contained certain errors related to XML security and the class loader. A remote attacker could possibly exploit these flaws to bypass intended security mechanisms or disclose potentially sensitive information and cause a denial of service. ([CVE-2013-2407 __](<https://access.redhat.com/security/cve/CVE-2013-2407>), [CVE-2013-2461 __](<https://access.redhat.com/security/cve/CVE-2013-2461>))\n\nIt was discovered that JConsole did not properly inform the user when establishing an SSL connection failed. An attacker could exploit this flaw to gain access to potentially sensitive information. ([CVE-2013-2412 __](<https://access.redhat.com/security/cve/CVE-2013-2412>))\n\nIt was found that documentation generated by Javadoc was vulnerable to a frame injection attack. If such documentation was accessible over a network, and a remote attacker could trick a user into visiting a specially-crafted URL, it would lead to arbitrary web content being displayed next to the documentation. This could be used to perform a phishing attack by providing frame content that spoofed a login form on the site hosting the vulnerable documentation. ([CVE-2013-1571 __](<https://access.redhat.com/security/cve/CVE-2013-1571>))\n\nIt was discovered that the 2D component created shared memory segments with insecure permissions. A local attacker could use this flaw to read or write to the shared memory segment. ([CVE-2013-1500 __](<https://access.redhat.com/security/cve/CVE-2013-1500>))\n\n \n**Affected Packages:** \n\n\njava-1.6.0-openjdk\n\n \n**Issue Correction:** \nRun _yum update java-1.6.0-openjdk_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n java-1.6.0-openjdk-src-1.6.0.0-62.1.11.11.90.55.amzn1.i686 \n java-1.6.0-openjdk-javadoc-1.6.0.0-62.1.11.11.90.55.amzn1.i686 \n java-1.6.0-openjdk-devel-1.6.0.0-62.1.11.11.90.55.amzn1.i686 \n java-1.6.0-openjdk-demo-1.6.0.0-62.1.11.11.90.55.amzn1.i686 \n java-1.6.0-openjdk-1.6.0.0-62.1.11.11.90.55.amzn1.i686 \n java-1.6.0-openjdk-debuginfo-1.6.0.0-62.1.11.11.90.55.amzn1.i686 \n \n src: \n java-1.6.0-openjdk-1.6.0.0-62.1.11.11.90.55.amzn1.src \n \n x86_64: \n java-1.6.0-openjdk-1.6.0.0-62.1.11.11.90.55.amzn1.x86_64 \n java-1.6.0-openjdk-src-1.6.0.0-62.1.11.11.90.55.amzn1.x86_64 \n java-1.6.0-openjdk-demo-1.6.0.0-62.1.11.11.90.55.amzn1.x86_64 \n java-1.6.0-openjdk-debuginfo-1.6.0.0-62.1.11.11.90.55.amzn1.x86_64 \n java-1.6.0-openjdk-javadoc-1.6.0.0-62.1.11.11.90.55.amzn1.x86_64 \n java-1.6.0-openjdk-devel-1.6.0.0-62.1.11.11.90.55.amzn1.x86_64 \n \n \n", "modified": "2014-09-15T23:15:00", "published": "2014-09-15T23:15:00", "id": "ALAS-2013-207", "href": "https://alas.aws.amazon.com/ALAS-2013-207.html", "title": "Important: java-1.6.0-openjdk", "type": "amazon", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:14", "bulletinFamily": "unix", "description": "### Background\n\nThe Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE) provide the Oracle Java platform (formerly known as Sun Java Platform). \n\n### Description\n\nMultiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nAn unauthenticated, remote attacker could exploit these vulnerabilities to execute arbitrary code. Furthermore, a local or remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Oracle JDK 1.7 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-java/oracle-jdk-bin-1.7.0.51\"\n \n\nAll Oracle JRE 1.7 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-java/oracle-jre-bin-1.7.0.51\"\n \n\nAll users of the precompiled 32-bit Oracle JRE should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=app-emulation/emul-linux-x86-java-1.7.0.51\"\n \n\nAll Sun Microsystems JDK/JRE 1.6 users are suggested to upgrade to one of the newer Oracle packages like dev-java/oracle-jdk-bin or dev-java/oracle-jre-bin or choose another alternative we provide; eg. the IBM JDK/JRE or the open source IcedTea. \n\nNOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically.", "modified": "2014-01-27T00:00:00", "published": "2014-01-27T00:00:00", "id": "GLSA-201401-30", "href": "https://security.gentoo.org/glsa/201401-30", "type": "gentoo", "title": "Oracle JRE/JDK: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}