Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2022 Tenable Network Security, Inc.JAVA_JRE_MULTIPLE_APPLET_VULNERABILITY_UNIX.NASL
HistoryFeb 22, 2013 - 12:00 a.m.

Sun Java JRE Plug-in Capability Arbitrary Package Access (Unix)

2013-02-2200:00:00
This script is Copyright (C) 2013-2022 Tenable Network Security, Inc.
www.tenable.com
15

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.192 Low

EPSS

Percentile

96.3%

JSON

The remote host is using an unmanaged version of Sun Java Runtime Environment that has vulnerabilities in its Java Runtime Plug-in, a web browser add-on used to display Java applets :

  • An untrusted applet may escalate its privileges in order to read, write or execute files on the remote system.

  • An untrusted applet may interfere with trusted applets loaded on the same page.

A remote attacker could exploit these by tricking a user into visiting a maliciously crafted web page.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(64835);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id("CVE-2004-1029");
  script_bugtraq_id(11726, 11766, 12317);
  script_xref(name:"SECUNIA", value:"13271");

  script_name(english:"Sun Java JRE Plug-in Capability Arbitrary Package Access (Unix)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Unix host has an application that is affected by a security
bypass vulnerability.");
  script_set_attribute(attribute:"description", value:
"The remote host is using an unmanaged version of Sun Java Runtime
Environment that has vulnerabilities in its Java Runtime Plug-in, a web
browser add-on used to display Java applets :

  - An untrusted applet may escalate its privileges in
    order to read, write or execute files on the remote system.

  - An untrusted applet may interfere with trusted applets
    loaded on the same page.

A remote attacker could exploit these by tricking a user into visiting a
maliciously crafted web page.");
  script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2004/Nov/1059");
  # https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=158
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0d0f6ddb");
  # http://web.archive.org/web/20080509045543/http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1e3d3f10");
  script_set_attribute(attribute:"solution", value:
"Upgrade to JDK 1.3.1_13 / JRE 1.4.2_06 or later.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(264);

  script_set_attribute(attribute:"vuln_publication_date", value:"2004/11/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2004/11/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2013-2022 Tenable Network Security, Inc.");

  script_dependencies("sun_java_jre_installed_unix.nasl");
  script_require_keys("Host/Java/JRE/Installed");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

# Check each installed JRE.
installs = get_kb_list_or_exit("Host/Java/JRE/Unmanaged/*");

info = "";
vuln = 0;
vuln2 = 0;
installed_versions = "";
granular = "";
foreach install (list_uniq(keys(installs)))
{
  ver = install - "Host/Java/JRE/Unmanaged/";
  if (ver !~ "^[0-9.]+") continue;

  installed_versions = installed_versions + " & " + ver;
  if (ver =~ "^1\.(3\.(0.*|1[^_].*|1_[0-9][^0-9].*|1_1[0-2].*)|4\.([0-1]\..*|2_0[0-5].*))")
  {
    dirs = make_list(get_kb_list(install));
    vuln += max_index(dirs);

    foreach dir (dirs)
      info += '\n  Path              : ' + dir;

    info += '\n  Installed version : ' + ver;
    info += '\n  Fixed version     : 1.3.1_13 / 1.4.2_06\n';
  }
  else if (ver =~ "^[\d\.]+$")
  {
    dirs = make_list(get_kb_list(install));
    foreach dir (dirs)
      granular += "The Oracle Java version "+ver+" at "+dir+" is not granular enough to make a determination."+'\n';
  }
  else
  {
    dirs = make_list(get_kb_list(install));
    vuln2 += max_index(dirs);
  }
}


# Report if any were found to be vulnerable.
if (info)
{
  if (report_verbosity)
  {
    if (vuln > 1) s = "s of Sun's JRE are";
    else s = " of Sun's JRE is";

    report = string(
      "\n",
      "The following vulnerable instance", s, " installed on the\n",
      "remote host :\n",
      info
    );
    security_hole(port:0, extra:report);
  }
  else security_hole(0);
  if (granular) exit(0, granular);
}
else
{
  if (granular) exit(0, granular);
  installed_versions = substr(installed_versions, 3);
  if (vuln2 > 1)
    exit(0, "The Java "+installed_versions+" installs on the remote host are not affected.");
  else
    exit(0, "The Java "+installed_versions+" install on the remote host is not affected.");
}
VendorProductVersionCPE
oraclejrecpe:/a:oracle:jre

Related

freebsd 1
nessus 5
cvelist 1
openvas 10
cve 1
securityvulns 1
checkpoint_advisories 1
cert 1
nvd 1
gentoo 1
freebsd
freebsd
jdk/jre -- Security Vulnerability With Java Plugin
2004-11-24 00:00:00
nessus
nessus
FreeBSD : jdk/jre -- Security Vulnerability With Java Plugin (81)
2004-11-30 00:00:00
Mac OS X Java JRE Plug-in Capability Arbitrary Package Access (Security Update 2005-002)
2005-02-22 00:00:00
GLSA-200411-38 : Sun and Blackdown Java: Applet privilege escalation
2004-11-30 00:00:00
cvelist
cvelist
CVE-2004-1029
2004-11-24 05:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200411-38 (Java)
2008-09-24 00:00:00
HP-UX Update for Java Plug-In (JPI) HPSBUX01100
2009-05-05 00:00:00
Gentoo Security Advisory GLSA 200411-38 (Java)
2008-09-24 00:00:00
cve
cve
CVE-2004-1029
2005-03-01 05:00:00
securityvulns
securityvulns
iDEFENSE Security Advisory 11.22.04: Sun Java Plugin Arbitrary Package Access Vulnerability
2004-11-23 00:00:00
checkpoint_advisories
checkpoint_advisories
Sun Java Plug-in Sandbox Security Bypass (CVE-2004-1029)
2009-11-30 00:00:00
cert
cert
Sun Java Plug-in fails to restrict access to private Java packages
2004-11-23 00:00:00
nvd
nvd
CVE-2004-1029
2005-03-01 05:00:00
gentoo
gentoo
Sun and Blackdown Java: Applet privilege escalation
2004-11-29 00:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.192 Low

EPSS

Percentile

96.3%

JSON
Related for JAVA_JRE_MULTIPLE_APPLET_VULNERABILITY_UNIX.NASL
freebsd1nessus5cvelist1openvas10cve1securityvulns1checkpoint_advisories1cert1nvd1gentoo1