Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2013-733.NASL
HistoryJun 13, 2014 - 12:00 a.m.

openSUSE Security Update : icedtea-web (openSUSE-SU-2013:1509-1)

2014-06-1300:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.5%

JSON

This icedtea-web update fixes several security issues.

Changes in icedtea-web :

  • update to 1.4.1 (bnc#840572)

  • Improved and cleaned Temporary internet files panel

  • NetX

  • PR1465 - java.io.FileNotFoundException while trying to download a JAR file

  • PR1473 - javaws should not depend on name of local file

  • Plugin

  • PR854: Resizing an applet several times causes 100% CPU load

  • Security Updates

  • CVE-2013-4349, RH869040: Heap-based buffer overflow after triggering event attached to applet CVE-2012-4540 nit fixed in icedtea-web 1.4

  • Misc

  • reproducers tests are enabled in dist-tarball

  • application context support for OpenJDK build 25 and higher

  • small patches into rhino support and

  • PR1533: Inherit jnlp.packEnabled and jnlp.versionEnabled like other properties

  • need jpackage-utils on older distros

  • run more tests in %check

  • drop icedtea-web-AppContext.patch, already upstream

  • add javapackages-tools to build requires

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2013-733.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(75156);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2012-4540");

  script_name(english:"openSUSE Security Update : icedtea-web (openSUSE-SU-2013:1509-1)");
  script_summary(english:"Check for the openSUSE-2013-733 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This icedtea-web update fixes several security issues.

Changes in icedtea-web :

  - update to 1.4.1 (bnc#840572)

  - Improved and cleaned Temporary internet files panel

  - NetX

  - PR1465 - java.io.FileNotFoundException while trying to
    download a JAR file

  - PR1473 - javaws should not depend on name of local file

  - Plugin

  - PR854: Resizing an applet several times causes 100% CPU
    load

  - Security Updates

  - CVE-2013-4349, RH869040: Heap-based buffer overflow
    after triggering event attached to applet CVE-2012-4540
    nit fixed in icedtea-web 1.4

  - Misc 

  - reproducers tests are enabled in dist-tarball

  - application context support for OpenJDK build 25 and
    higher

  - small patches into rhino support and

  - PR1533: Inherit jnlp.packEnabled and jnlp.versionEnabled
    like other properties

  - need jpackage-utils on older distros

  - run more tests in %check

  - drop icedtea-web-AppContext.patch, already upstream

  - add javapackages-tools to build requires"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=840572"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2013-09/msg00071.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected icedtea-web packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:icedtea-web");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:icedtea-web-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:icedtea-web-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:icedtea-web-javadoc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/09/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE12\.2|SUSE12\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.2 / 12.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE12.2", reference:"icedtea-web-1.4.1-1.25.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"icedtea-web-debuginfo-1.4.1-1.25.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"icedtea-web-debugsource-1.4.1-1.25.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"icedtea-web-javadoc-1.4.1-1.25.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"icedtea-web-1.4.1-4.22.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"icedtea-web-debuginfo-1.4.1-4.22.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"icedtea-web-debugsource-1.4.1-4.22.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"icedtea-web-javadoc-1.4.1-4.22.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "icedtea-web / icedtea-web-debuginfo / icedtea-web-debugsource / etc");
}
VendorProductVersionCPE
novellopensuseicedtea-webp-cpe:/a:novell:opensuse:icedtea-web
novellopensuseicedtea-web-debuginfop-cpe:/a:novell:opensuse:icedtea-web-debuginfo
novellopensuseicedtea-web-debugsourcep-cpe:/a:novell:opensuse:icedtea-web-debugsource
novellopensuseicedtea-web-javadocp-cpe:/a:novell:opensuse:icedtea-web-javadoc
novellopensuse12.2cpe:/o:novell:opensuse:12.2
novellopensuse12.3cpe:/o:novell:opensuse:12.3

Related

cve 2
debian 2
openvas 21
fedora 7
prion 2
nvd 2
debiancve 1
cvelist 2
suse 2
nessus 17
ubuntucve 1
veracode 1
centos 1
securityvulns 2
ubuntu 1
osv 1
redhat 1
oraclelinux 1
gentoo 1
cve
cve
CVE-2012-4540
2012-11-11 13:00:54
CVE-2013-4349
2022-10-03 16:14:56
debian
debian
[SECURITY] [DSA 2768-1] icedtea-web security update
2013-10-04 19:41:30
[SECURITY] [DSA 2768-1] icedtea-web security update
2013-10-04 19:41:30
openvas
openvas
Fedora Update for icedtea-web FEDORA-2013-17026
2013-09-24 00:00:00
Fedora Update for icedtea-web FEDORA-2013-17026
2013-09-24 00:00:00
Debian Security Advisory DSA 2768-1 (icedtea-web - heap-based buffer overflow)
2013-10-04 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: icedtea-web-1.4.1-0.fc20
2013-09-23 00:27:02
[SECURITY] Fedora 19 Update: icedtea-web-1.4.1-0.fc19
2013-09-20 16:28:29
[SECURITY] Fedora 18 Update: icedtea-web-1.4.1-0.fc18
2013-10-04 01:58:51
prion
prion
Heap overflow
2012-11-11 13:00:00
Design/Logic Flaw
2013-11-02 19:55:00
nvd
nvd
CVE-2012-4540
2012-11-11 13:00:54
CVE-2013-4349
2013-11-02 19:55:04
debiancve
debiancve
CVE-2012-4540
2012-11-11 13:00:54
cvelist
cvelist
CVE-2012-4540
2012-11-11 11:00:00
CVE-2013-4349
2022-10-03 16:14:56
suse
suse
Security update for icedtea-web (critical)
2013-10-02 22:04:17
Security update for icedtea-web (important)
2015-09-22 11:10:12
nessus
nessus
SuSE 11.2 / 11.3 Security Update : icedtea-web (SAT Patch Numbers 8357 / 8358)
2013-10-03 00:00:00
Fedora 18 : icedtea-web-1.4.1-0.fc18 (2013-17016)
2013-10-04 00:00:00
Debian DSA-2768-1 : icedtea-web - heap-based buffer overflow
2013-10-06 00:00:00
ubuntucve
ubuntucve
CVE-2012-4540
2012-11-07 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 08:59:47
centos
centos
icedtea security update
2012-11-08 20:06:41
securityvulns
securityvulns
IcedTea-Web memory corruption
2012-11-09 00:00:00
[USN-1625-1] Icedtea-Web vulnerability
2012-11-09 00:00:00
ubuntu
ubuntu
Icedtea-Web vulnerability
2012-11-07 00:00:00
osv
osv
icedtea-web - heap-based buffer overflow
2013-10-04 00:00:00
redhat
redhat
(RHSA-2012:1434) Critical: icedtea-web security update
2012-11-07 00:00:00
oraclelinux
oraclelinux
icedtea-web security update
2012-11-07 00:00:00
gentoo
gentoo
IcedTea JDK: Multiple vulnerabilities
2014-06-29 00:00:00

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.5%

JSON
Related for OPENSUSE-2013-733.NASL
cve2debian2openvas21fedora7prion2nvd2debiancve1cvelist2suse2nessus17ubuntucve1veracode1centos1securityvulns2ubuntu1osv1redhat1oraclelinux1gentoo1