MiracleLinux 4 : java-1.6.0-openjdk-1.6.0.37-1.13.9.4.AXS4 (AXSA:2015-565:05)

🗓️ 16 Jan 2026 00:00:00Reported by TenableType

MiracleLinux 4 OpenJDK vulnerable per AXSA-2015-565:05; CVEs affect confidentiality, integrity, availability.

Reporter	Title	Published	Views	Family All 735
IBM Security Bulletins	Security Bulletin: Using Components with Known Vulnerabilities affects IBM Security Guardium (multiple CVEs)	16 Jun 201821:41	–	ibm
IBM Security Bulletins	Security Bulletin:Multiple Security Vulnerabilities exist in IBM Cognos Insight	24 Feb 202007:27	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM Java SDK shipped with IBM InfoSphere Optim Performance Manager (CVE-2015-4872)	8 Jul 202121:30	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection	16 Jun 201821:38	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for i, Rational Developer for AIX and Linux, Rational Developer for Power Systems Software	3 Aug 201804:23	–	ibm
IBM Security Bulletins	Security Bulletin: A vulnerability in IBM Java SDK affects IBM PureApplication System. (CVE-2015-4872)	15 Jun 201807:05	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) and Rational Directory Administrator (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931, CVE-2015-7575, CVE-2015-4872)	17 Jun 201805:10	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM API Management (CVE-2015-4872 CVE-2015-4911 CVE-2015-4893 CVE-2015-4803)	15 Jun 201807:04	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms (CVE-2015-4872, CVE-2015-4911, CVE-2015-4893, CVE-2015-4803, CVE-2015-4734, CVE-2015-5006)	17 Jun 201815:13	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Business Process Manager shipped with IBM Cloud Orchestrator and IBM SmartCloud Orchestrator	17 Jun 201822:30	–	ibm

Source	Link
tsn	www.tsn.miraclelinux.com/en/node/5949
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2015-565:05.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(288967);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/16");

  script_cve_id(
    "CVE-2015-4734",
    "CVE-2015-4803",
    "CVE-2015-4805",
    "CVE-2015-4806",
    "CVE-2015-4835",
    "CVE-2015-4842",
    "CVE-2015-4843",
    "CVE-2015-4844",
    "CVE-2015-4860",
    "CVE-2015-4872",
    "CVE-2015-4881",
    "CVE-2015-4882",
    "CVE-2015-4883",
    "CVE-2015-4893",
    "CVE-2015-4903",
    "CVE-2015-4911"
  );

  script_name(english:"MiracleLinux 4 : java-1.6.0-openjdk-1.6.0.37-1.13.9.4.AXS4 (AXSA:2015-565:05)");

  script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the
AXSA:2015-565:05 advisory.

    The OpenJDK runtime environment.
    Security issues fixed with this release:
    CVE-2015-4734
    Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and 8u60, and
    Java SE Embedded 8u51, allows remote attackers to affect
    confidentiality via vectors related to JGSS.
    CVE-2015-4803
    Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60;
    Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to
    affect availability via vectors related to JAXP, a different
    vulnerability than CVE-2015-4893 and CVE-2015-4911.
    CVE-2015-4805
    Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and
    Java SE Embedded 8u51, allows remote attackers to affect
    confidentiality, integrity, and availability via unknown vectors
    related to Serialization.
    CVE-2015-4806
    Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and
    Java SE Embedded 8u51, allows remote attackers to affect
    confidentiality and integrity via unknown vectors related to
    Libraries.
    CVE-2015-4835
    Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and
    Java SE Embedded 8u51, allows remote attackers to affect
    confidentiality, integrity, and availability via vectors related to
    CORBA, a different vulnerability than CVE-2015-4881.
    CVE-2015-4842
    Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and
    Java SE Embedded 8u51, allows remote attackers to affect
    confidentiality via vectors related to JAXP.
    CVE-2015-4843
    Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and
    Java SE Embedded 8u51, allows remote attackers to affect
    confidentiality, integrity, and availability via unknown vectors
    related to Libraries.
    CVE-2015-4844
    Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and
    Java SE Embedded 8u51, allows remote attackers to affect
    confidentiality, integrity, and availability via unknown vectors
    related to 2D.
    CVE-2015-4860
    Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and
    Java SE Embedded 8u51, allows remote attackers to affect
    confidentiality, integrity, and availability via vectors related to
    RMI, a different vulnerability than CVE-2015-4883.
    CVE-2015-4872
    Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60;
    Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to
    affect integrity via unknown vectors related to Security.
    CVE-2015-4881
    Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and
    Java SE Embedded 8u51, allows remote attackers to affect
    confidentiality, integrity, and availability via vectors related to
    CORBA, a different vulnerability than CVE-2015-4835.
    CVE-2015-4882
    Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and
    Java SE Embedded 8u51, allows remote attackers to affect availability
    via vectors related to CORBA.
    CVE-2015-4883
    Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and
    Java SE Embedded 8u51, allows remote attackers to affect
    confidentiality, integrity, and availability via vectors related to
    RMI, a different vulnerability than CVE-2015-4860.
    CVE-2015-4893
    Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60;
    Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to
    affect availability via vectors related to JAXP, a different
    vulnerability than CVE-2015-4803 and CVE-2015-4911.
    CVE-2015-4903
    Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and
    Java SE Embedded 8u51, allows remote attackers to affect
    confidentiality via vectors related to RMI.
    CVE-2015-4911
    Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60;
    Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to
    affect availability via vectors related to JAXP, a different
    vulnerability than CVE-2015-4803 and CVE-2015-4893.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/5949");
  script_set_attribute(attribute:"solution", value:
"Update the affected java-1.6.0-openjdk, java-1.6.0-openjdk-devel and / or java-1.6.0-openjdk-javadoc packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-4883");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2015-4806");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_severity", value:"High");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/10/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/11/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:java-1.6.0-openjdk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:java-1.6.0-openjdk-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:java-1.6.0-openjdk-javadoc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:4");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Miracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^4([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 4.x', 'MIRACLE LINUX ' + os_version);

if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);

var constraints = [
  {
    'release': '4',
    'pkgs': [
      {'reference':'java-1.6.0-openjdk-1.6.0.37-1.13.9.4.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'java-1.6.0-openjdk-1.6.0.37-1.13.9.4.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'java-1.6.0-openjdk-devel-1.6.0.37-1.13.9.4.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'java-1.6.0-openjdk-devel-1.6.0.37-1.13.9.4.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'java-1.6.0-openjdk-javadoc-1.6.0.37-1.13.9.4.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'java-1.6.0-openjdk-javadoc-1.6.0.37-1.13.9.4.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'java-1.6.0-openjdk / java-1.6.0-openjdk-devel / etc');
}

16 Jan 2026 00:00Current

6.6Medium risk

Vulners AI Score6.6

CVSS 210

EPSS0.14942