{"id": "ORACLE_JAVA_CPU_APR_2015.NASL", "bulletinFamily": "scanner", "title": "Oracle Java SE Multiple Vulnerabilities (April 2015 CPU) (FREAK)", "description": "The version of Oracle (formerly Sun) Java SE or Java for Business\ninstalled on the remote host is prior to 8 Update 45, 7 Update 79,\n6 Update 95, or 5 Update 85. It is, therefore, affected by security\nvulnerabilities in the following components :\n\n - 2D\n - Beans\n - Deployment\n - Hotspot\n - JavaFX\n - JCE\n - JSSE\n - Tools", "published": "2015-04-16T00:00:00", "modified": "2021-01-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/82820", "reporter": "This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.", "references": ["http://www.nessus.org/u?84f3023c", "https://www.smacktls.com/#freak", "http://www.nessus.org/u?7736cf95", "http://www.nessus.org/u?726f7054", "http://www.nessus.org/u?56618dc1", "http://www.nessus.org/u?abb7def2"], "cvelist": ["CVE-2015-0484", "CVE-2015-0492", "CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0458", "CVE-2015-0459", "CVE-2015-0478", "CVE-2015-0204", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0470", "CVE-2015-0480", "CVE-2015-0486", "CVE-2015-0491"], "type": "nessus", "lastseen": "2021-01-01T04:33:56", "edition": 26, "viewCount": 272, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["DEBIAN_DLA-213.NASL", "REDHAT-RHSA-2015-0857.NASL", "REDHAT-RHSA-2015-0854.NASL", "SUSE_11_JAVA-1_7_0-OPENJDK-150419.NASL", "OPENSUSE-2015-332.NASL", "DEBIAN_DSA-3235.NASL", "DEBIAN_DSA-3234.NASL", "REDHAT-RHSA-2015-0858.NASL", "OPENSUSE-2015-331.NASL", "ORACLE_JAVA_CPU_APR_2015_UNIX.NASL"]}, {"type": "kaspersky", "idList": ["KLA10551", "KLA10548"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310703234", "OPENVAS:1361412562310850686", "OPENVAS:1361412562310108397", "OPENVAS:703234", "OPENVAS:703235", "OPENVAS:1361412562310703235", "OPENVAS:1361412562310842172", "OPENVAS:1361412562310805536", "OPENVAS:1361412562310850684", "OPENVAS:1361412562310850987"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2015:0773-1", "SUSE-SU-2015:0833-1", "OPENSUSE-SU-2015:0774-1"]}, {"type": "f5", "idList": ["F5:K17125", "SOL17125", "SOL17136", "F5:K17136"]}, {"type": "redhat", "idList": ["RHSA-2015:0807", "RHSA-2015:0809", "RHSA-2015:0857", "RHSA-2015:0858", "RHSA-2015:0806", "RHSA-2015:0854"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3235-1:44FE6", "DEBIAN:DLA-213-1:9AD21", "DEBIAN:DSA-3234-1:1ADBC"]}, {"type": "ubuntu", "idList": ["USN-2574-1", "USN-2573-1"]}, {"type": "centos", "idList": ["CESA-2015:0809", "CESA-2015:0808", "CESA-2015:0806", "CESA-2015:0807"]}, {"type": "archlinux", "idList": ["ASA-201504-22", "ASA-201504-17", "ASA-201504-15", "ASA-201504-16", "ASA-201504-23", "ASA-201504-21"]}, {"type": "amazon", "idList": ["ALAS-2015-515", "ALAS-2015-517", "ALAS-2015-516"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-0809", "ELSA-2015-0808", "ELSA-2015-0806", "ELSA-2015-0807"]}, {"type": "aix", "idList": ["JAVA_APRIL2015_ADVISORY.ASC"]}], "modified": "2021-01-01T04:33:56", "rev": 2}, "score": {"value": 8.7, "vector": "NONE", "modified": "2021-01-01T04:33:56", "rev": 2}, "vulnersScore": 8.7}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82820);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/15 20:50:28\");\n\n script_cve_id(\n \"CVE-2015-0204\",\n \"CVE-2015-0458\",\n \"CVE-2015-0459\",\n \"CVE-2015-0460\",\n \"CVE-2015-0469\",\n \"CVE-2015-0470\",\n \"CVE-2015-0477\",\n \"CVE-2015-0478\",\n \"CVE-2015-0480\",\n \"CVE-2015-0484\",\n \"CVE-2015-0486\",\n \"CVE-2015-0488\",\n \"CVE-2015-0491\",\n \"CVE-2015-0492\"\n );\n script_bugtraq_id(\n 71936,\n 74072,\n 74083,\n 74094,\n 74097,\n 74104,\n 74111,\n 74119,\n 74129,\n 74135,\n 74141,\n 74145,\n 74147,\n 74149\n );\n\n script_name(english:\"Oracle Java SE Multiple Vulnerabilities (April 2015 CPU) (FREAK)\");\n script_summary(english:\"Checks the version of the JRE.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a programming platform that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle (formerly Sun) Java SE or Java for Business\ninstalled on the remote host is prior to 8 Update 45, 7 Update 79,\n6 Update 95, or 5 Update 85. It is, therefore, affected by security\nvulnerabilities in the following components :\n\n - 2D\n - Beans\n - Deployment\n - Hotspot\n - JavaFX\n - JCE\n - JSSE\n - Tools\");\n # http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?56618dc1\");\n # Java SE JDK and JRE 8 Update 45\n # https://www.oracle.com/technetwork/java/javase/8u45-relnotes-2494160.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?abb7def2\");\n # Java SE JDK and JRE 7 Update 79\n # https://www.oracle.com/technetwork/java/javase/7u79-relnotes-2494161.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7736cf95\");\n # Java SE JDK and JRE 6 Update 95\n # http://www.oracle.com/technetwork/java/javase/documentation/overview-156328.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?726f7054\");\n #Java SE JDK and JRE 5.0 Update 85\n # https://www.oracle.com/technetwork/java/javase/documentation/overview-137139.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?84f3023c\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.smacktls.com/#freak\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Oracle JDK / JRE 8 Update 45, 7 Update 79, 6 Update 95, or\n5 Update 85 or later. If necessary, remove any affected versions.\n\nNote that an Extended Support contract with Oracle is needed to obtain\nJDK / JRE 5 Update 85 or later and 6 Update 95 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jre\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jdk\");\n\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"sun_java_jre_installed.nasl\");\n script_require_keys(\"SMB/Java/JRE/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Check each installed JRE.\ninstalls = get_kb_list_or_exit(\"SMB/Java/JRE/*\");\n\ninfo = \"\";\nvuln = 0;\ninstalled_versions = \"\";\n\nforeach install (list_uniq(keys(installs)))\n{\n ver = install - \"SMB/Java/JRE/\";\n if (ver !~ \"^[0-9.]+\") continue;\n\n installed_versions = installed_versions + \" & \" + ver;\n\n # Fixes : (JDK|JRE) 8 Update 45 / 7 Update 79 / 6 Update 95 / 5 Update 85\n if (\n ver =~ '^1\\\\.5\\\\.0_([0-9]|[0-7][0-9]|8[0-4])([^0-9]|$)' ||\n ver =~ '^1\\\\.6\\\\.0_([0-9]|[0-8][0-9]|9[0-4])([^0-9]|$)' ||\n ver =~ '^1\\\\.7\\\\.0_([0-9]|[0-6][0-9]|7[0-8])([^0-9]|$)' ||\n ver =~ '^1\\\\.8\\\\.0_([0-9]|[0-3][0-9]|4[0-4])([^0-9]|$)'\n )\n {\n dirs = make_list(get_kb_list(install));\n vuln += max_index(dirs);\n\n foreach dir (dirs)\n info += '\\n Path : ' + dir;\n\n info += '\\n Installed version : ' + ver;\n info += '\\n Fixed version : 1.5.0_85 / 1.6.0_95 / 1.7.0_79 / 1.8.0_45\\n';\n }\n}\n\n# Report if any were found to be vulnerable.\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n if (vuln > 1) s = \"s of Java are\";\n else s = \" of Java is\";\n\n report =\n '\\n' +\n 'The following vulnerable instance'+s+' installed on the\\n' +\n 'remote host :\\n' +\n info;\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse\n{\n installed_versions = substr(installed_versions, 3);\n if (\" & \" >< installed_versions)\n exit(0, \"The Java \"+installed_versions+\" installs on the remote host are not affected.\");\n else\n audit(AUDIT_INST_VER_NOT_VULN, \"Java\", installed_versions);\n}\n", "naslFamily": "Windows", "pluginID": "82820", "cpe": ["cpe:/a:oracle:jre", "cpe:/a:oracle:jdk"], "scheme": null, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}

{"nessus": [{"lastseen": "2021-01-01T04:33:57", "description": "The version of Oracle (formerly Sun) Java SE or Java for Business\ninstalled on the remote host is prior to 8 Update 45, 7 Update 79,\n6 Update 95, or 5 Update 85. It is, therefore, affected by security\nvulnerabilities in the following components :\n\n - 2D\n - Beans\n - Deployment\n - Hotspot\n - JavaFX\n - JCE\n - JSSE\n - Tools", "edition": 25, "published": "2015-04-16T00:00:00", "title": "Oracle Java SE Multiple Vulnerabilities (April 2015 CPU) (Unix) (FREAK)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0484", "CVE-2015-0492", "CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0458", "CVE-2015-0459", "CVE-2015-0478", "CVE-2015-0204", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0470", "CVE-2015-0480", "CVE-2015-0486", "CVE-2015-0491"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:oracle:jre", "cpe:/a:oracle:jdk"], "id": "ORACLE_JAVA_CPU_APR_2015_UNIX.NASL", "href": "https://www.tenable.com/plugins/nessus/82821", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82821);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/11/15 20:50:23\");\n\n script_cve_id(\n \"CVE-2015-0204\",\n \"CVE-2015-0458\",\n \"CVE-2015-0459\",\n \"CVE-2015-0460\",\n \"CVE-2015-0469\",\n \"CVE-2015-0470\",\n \"CVE-2015-0477\",\n \"CVE-2015-0478\",\n \"CVE-2015-0480\",\n \"CVE-2015-0484\",\n \"CVE-2015-0486\",\n \"CVE-2015-0488\",\n \"CVE-2015-0491\",\n \"CVE-2015-0492\"\n );\n script_bugtraq_id(\n 71936,\n 74072,\n 74083,\n 74094,\n 74097,\n 74104,\n 74111,\n 74119,\n 74129,\n 74135,\n 74141,\n 74145,\n 74147,\n 74149\n );\n script_xref(name:\"CERT\", value:\"243585\");\n\n script_name(english:\"Oracle Java SE Multiple Vulnerabilities (April 2015 CPU) (Unix) (FREAK)\");\n script_summary(english:\"Checks the version of the JRE.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Unix host contains a programming platform that is affected\nby multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle (formerly Sun) Java SE or Java for Business\ninstalled on the remote host is prior to 8 Update 45, 7 Update 79,\n6 Update 95, or 5 Update 85. It is, therefore, affected by security\nvulnerabilities in the following components :\n\n - 2D\n - Beans\n - Deployment\n - Hotspot\n - JavaFX\n - JCE\n - JSSE\n - Tools\");\n # http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?56618dc1\");\n # Java SE JDK and JRE 8 Update 45\n # https://www.oracle.com/technetwork/java/javase/8u45-relnotes-2494160.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?abb7def2\");\n # Java SE JDK and JRE 7 Update 79\n # https://www.oracle.com/technetwork/java/javase/7u79-relnotes-2494161.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7736cf95\");\n # Java SE JDK and JRE 6 Update 95\n # http://www.oracle.com/technetwork/java/javase/documentation/overview-156328.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?726f7054\");\n #Java SE JDK and JRE 5.0 Update 85\n # https://www.oracle.com/technetwork/java/javase/documentation/overview-137139.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?84f3023c\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.smacktls.com/#freak\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Oracle JDK / JRE 8 Update 45, 7 Update 79, 6 Update 95, or\n5 Update 85 or later. If necessary, remove any affected versions.\n\nNote that an Extended Support contract with Oracle is needed to obtain\nJDK / JRE 5 Update 85 or later and 6 Update 95 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jre\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jdk\");\n\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"sun_java_jre_installed_unix.nasl\");\n script_require_keys(\"Host/Java/JRE/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Check each installed JRE.\ninstalls = get_kb_list_or_exit(\"Host/Java/JRE/Unmanaged/*\");\n\ninfo = \"\";\nvuln = 0;\nvuln2 = 0;\ninstalled_versions = \"\";\ngranular = \"\";\n\nforeach install (list_uniq(keys(installs)))\n{\n ver = install - \"Host/Java/JRE/Unmanaged/\";\n if (ver !~ \"^[0-9.]+\") continue;\n\n installed_versions = installed_versions + \" & \" + ver;\n\n if (\n ver =~ '^1\\\\.5\\\\.0_([0-9]|[0-7][0-9]|8[0-4])([^0-9]|$)' ||\n ver =~ '^1\\\\.6\\\\.0_([0-9]|[0-8][0-9]|9[0-4])([^0-9]|$)' ||\n ver =~ '^1\\\\.7\\\\.0_([0-9]|[0-6][0-9]|7[0-8])([^0-9]|$)' ||\n ver =~ '^1\\\\.8\\\\.0_([0-9]|[0-3][0-9]|4[0-4])([^0-9]|$)'\n )\n {\n dirs = make_list(get_kb_list(install));\n vuln += max_index(dirs);\n\n foreach dir (dirs)\n info += '\\n Path : ' + dir;\n\n info += '\\n Installed version : ' + ver;\n info += '\\n Fixed version : 1.5.0_85 / 1.6.0_95 / 1.7.0_79 / 1.8.0_45\\n';\n }\n else if (ver =~ \"^[\\d\\.]+$\")\n {\n dirs = make_list(get_kb_list(install));\n foreach dir (dirs)\n granular += \"The Oracle Java version \"+ver+\" at \"+dir+\" is not granular enough to make a determination.\"+'\\n';\n }\n else\n {\n dirs = make_list(get_kb_list(install));\n vuln2 += max_index(dirs);\n }\n\n}\n\n# Report if any were found to be vulnerable.\nif (info)\n{\n if (report_verbosity > 0)\n {\n if (vuln > 1) s = \"s of Java are\";\n else s = \" of Java is\";\n\n report =\n '\\n' +\n 'The following vulnerable instance'+s+' installed on the\\n' +\n 'remote host :\\n' +\n info;\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n if (granular) exit(0, granular);\n}\nelse\n{\n if (granular) exit(0, granular);\n\n installed_versions = substr(installed_versions, 3);\n if (vuln2 > 1)\n exit(0, \"The Java \"+installed_versions+\" installs on the remote host are not affected.\");\n else\n audit(AUDIT_INST_VER_NOT_VULN, \"Java\", installed_versions);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T11:12:24", "description": "OpenJDK was updated to jdk8u45-b14 to fix security issues and bugs.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2015-0458: Deployment: unauthenticated remote\n attackers could execute arbitrary code via multiple\n protocols.\n\n - CVE-2015-0459: 2D: unauthenticated remote attackers\n could execute arbitrary code via multiple protocols.\n\n - CVE-2015-0460: Hotspot: unauthenticated remote attackers\n could execute arbitrary code via multiple protocols.\n\n - CVE-2015-0469: 2D: unauthenticated remote attackers\n could execute arbitrary code via multiple protocols.\n\n - CVE-2015-0470: Hotspot: unauthenticated remote attackers\n could update, insert or delete some JAVA accessible data\n via multiple protocols\n\n - CVE-2015-0477: Beans: unauthenticated remote attackers\n could update, insert or delete some JAVA accessible data\n via multiple protocols\n\n - CVE-2015-0478: JCE: unauthenticated remote attackers\n could read some JAVA accessible data via multiple\n protocols\n\n - CVE-2015-0480: Tools: unauthenticated remote attackers\n could update, insert or delete some JAVA accessible data\n via multiple protocols and cause a partial denial of\n service (partial DOS)\n\n - CVE-2015-0484: JavaFX: unauthenticated remote attackers\n could read, update, insert or delete access some Java\n accessible data via multiple protocols and cause a\n partial denial of service (partial DOS).\n\n - CVE-2015-0486: Deployment: unauthenticated remote\n attackers could read some JAVA accessible data via\n multiple protocols\n\n - CVE-2015-0488: JSSE: unauthenticated remote attackers\n could cause a partial denial of service (partial DOS).\n\n - CVE-2015-0491: 2D: unauthenticated remote attackers\n could execute arbitrary code via multiple protocols.\n\n - CVE-2015-0492: JavaFX: unauthenticated remote attackers\n could execute arbitrary code via multiple protocols.", "edition": 16, "published": "2015-04-28T00:00:00", "title": "openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2015-332)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0484", "CVE-2015-0492", "CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0458", "CVE-2015-0459", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0470", "CVE-2015-0480", "CVE-2015-0486", "CVE-2015-0491"], "modified": "2015-04-28T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-headless", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-accessibility", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-debuginfo", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-demo-debuginfo", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-src", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-javadoc", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-demo", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-devel", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-headless-debuginfo", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-debugsource"], "id": "OPENSUSE-2015-332.NASL", "href": "https://www.tenable.com/plugins/nessus/83107", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-332.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83107);\n script_version(\"2.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2015-0458\", \"CVE-2015-0459\", \"CVE-2015-0460\", \"CVE-2015-0469\", \"CVE-2015-0470\", \"CVE-2015-0477\", \"CVE-2015-0478\", \"CVE-2015-0480\", \"CVE-2015-0484\", \"CVE-2015-0486\", \"CVE-2015-0488\", \"CVE-2015-0491\", \"CVE-2015-0492\");\n\n script_name(english:\"openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2015-332)\");\n script_summary(english:\"Check for the openSUSE-2015-332 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OpenJDK was updated to jdk8u45-b14 to fix security issues and bugs.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2015-0458: Deployment: unauthenticated remote\n attackers could execute arbitrary code via multiple\n protocols.\n\n - CVE-2015-0459: 2D: unauthenticated remote attackers\n could execute arbitrary code via multiple protocols.\n\n - CVE-2015-0460: Hotspot: unauthenticated remote attackers\n could execute arbitrary code via multiple protocols.\n\n - CVE-2015-0469: 2D: unauthenticated remote attackers\n could execute arbitrary code via multiple protocols.\n\n - CVE-2015-0470: Hotspot: unauthenticated remote attackers\n could update, insert or delete some JAVA accessible data\n via multiple protocols\n\n - CVE-2015-0477: Beans: unauthenticated remote attackers\n could update, insert or delete some JAVA accessible data\n via multiple protocols\n\n - CVE-2015-0478: JCE: unauthenticated remote attackers\n could read some JAVA accessible data via multiple\n protocols\n\n - CVE-2015-0480: Tools: unauthenticated remote attackers\n could update, insert or delete some JAVA accessible data\n via multiple protocols and cause a partial denial of\n service (partial DOS)\n\n - CVE-2015-0484: JavaFX: unauthenticated remote attackers\n could read, update, insert or delete access some Java\n accessible data via multiple protocols and cause a\n partial denial of service (partial DOS).\n\n - CVE-2015-0486: Deployment: unauthenticated remote\n attackers could read some JAVA accessible data via\n multiple protocols\n\n - CVE-2015-0488: JSSE: unauthenticated remote attackers\n could cause a partial denial of service (partial DOS).\n\n - CVE-2015-0491: 2D: unauthenticated remote attackers\n could execute arbitrary code via multiple protocols.\n\n - CVE-2015-0492: JavaFX: unauthenticated remote attackers\n could execute arbitrary code via multiple protocols.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=927591\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_8_0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-headless-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_8_0-openjdk-1.8.0.45-9.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_8_0-openjdk-accessibility-1.8.0.45-9.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_8_0-openjdk-debuginfo-1.8.0.45-9.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_8_0-openjdk-debugsource-1.8.0.45-9.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_8_0-openjdk-demo-1.8.0.45-9.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_8_0-openjdk-demo-debuginfo-1.8.0.45-9.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_8_0-openjdk-devel-1.8.0.45-9.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_8_0-openjdk-headless-1.8.0.45-9.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_8_0-openjdk-headless-debuginfo-1.8.0.45-9.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_8_0-openjdk-javadoc-1.8.0.45-9.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_8_0-openjdk-src-1.8.0.45-9.3\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_8_0-openjdk / java-1_8_0-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T14:18:42", "description": "OpenJDK was updated to version 2.5.5 - OpenJDK 7u79 to fix security\nissues and bugs.\n\nThe following vulnerabilities have been fixed :\n\n - Deployment: unauthenticated remote attackers could\n execute arbitrary code via multiple protocols.\n (CVE-2015-0458)\n\n - 2D: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols. (CVE-2015-0459)\n\n - Hotspot: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols. (CVE-2015-0460)\n\n - 2D: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols. (CVE-2015-0469)\n\n - Beans: unauthenticated remote attackers could update,\n insert or delete some JAVA accessible data via multiple\n protocols. (CVE-2015-0477)\n\n - JCE: unauthenticated remote attackers could read some\n JAVA accessible data via multiple protocols.\n (CVE-2015-0478)\n\n - Tools: unauthenticated remote attackers could update,\n insert or delete some JAVA accessible data via multiple\n protocols and cause a partial denial of service (partial\n DOS). (CVE-2015-0480)\n\n - JavaFX: unauthenticated remote attackers could read,\n update, insert or delete access some Java accessible\n data via multiple protocols and cause a partial denial\n of service (partial DOS). (CVE-2015-0484)\n\n - JSSE: unauthenticated remote attackers could cause a\n partial denial of service (partial DOS). (CVE-2015-0488)\n\n - 2D: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols. (CVE-2015-0491)\n\n - JavaFX: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols. (CVE-2015-0492)", "edition": 23, "published": "2015-05-08T00:00:00", "title": "SuSE 11.3 Security Update : java-1_7_0-openjdk (SAT Patch Number 10621)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0484", "CVE-2015-0492", "CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0458", "CVE-2015-0459", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480", "CVE-2015-0491"], "modified": "2015-05-08T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:java-1_7_0-openjdk-demo", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:java-1_7_0-openjdk-devel", "p-cpe:/a:novell:suse_linux:11:java-1_7_0-openjdk"], "id": "SUSE_11_JAVA-1_7_0-OPENJDK-150419.NASL", "href": "https://www.tenable.com/plugins/nessus/83287", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83287);\n script_version(\"2.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-0458\", \"CVE-2015-0459\", \"CVE-2015-0460\", \"CVE-2015-0469\", \"CVE-2015-0477\", \"CVE-2015-0478\", \"CVE-2015-0480\", \"CVE-2015-0484\", \"CVE-2015-0488\", \"CVE-2015-0491\", \"CVE-2015-0492\");\n\n script_name(english:\"SuSE 11.3 Security Update : java-1_7_0-openjdk (SAT Patch Number 10621)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OpenJDK was updated to version 2.5.5 - OpenJDK 7u79 to fix security\nissues and bugs.\n\nThe following vulnerabilities have been fixed :\n\n - Deployment: unauthenticated remote attackers could\n execute arbitrary code via multiple protocols.\n (CVE-2015-0458)\n\n - 2D: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols. (CVE-2015-0459)\n\n - Hotspot: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols. (CVE-2015-0460)\n\n - 2D: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols. (CVE-2015-0469)\n\n - Beans: unauthenticated remote attackers could update,\n insert or delete some JAVA accessible data via multiple\n protocols. (CVE-2015-0477)\n\n - JCE: unauthenticated remote attackers could read some\n JAVA accessible data via multiple protocols.\n (CVE-2015-0478)\n\n - Tools: unauthenticated remote attackers could update,\n insert or delete some JAVA accessible data via multiple\n protocols and cause a partial denial of service (partial\n DOS). (CVE-2015-0480)\n\n - JavaFX: unauthenticated remote attackers could read,\n update, insert or delete access some Java accessible\n data via multiple protocols and cause a partial denial\n of service (partial DOS). (CVE-2015-0484)\n\n - JSSE: unauthenticated remote attackers could cause a\n partial denial of service (partial DOS). (CVE-2015-0488)\n\n - 2D: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols. (CVE-2015-0491)\n\n - JavaFX: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols. (CVE-2015-0492)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=927591\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0458.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0459.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0460.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0469.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0477.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0478.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0480.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0484.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0488.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0491.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0492.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 10621.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_7_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_7_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_7_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"java-1_7_0-openjdk-1.7.0.75-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"java-1_7_0-openjdk-demo-1.7.0.75-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"java-1_7_0-openjdk-devel-1.7.0.75-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-1.7.0.75-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-demo-1.7.0.75-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-devel-1.7.0.75-0.9.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T11:12:24", "description": "OpenJDK was updated to 2.5.5 - OpenJdk 7u79 to fix security issues and\nbugs :\n\nThe following vulnerabilities were fixed :\n\n - CVE-2015-0458: Deployment: unauthenticated remote\n attackers could execute arbitrary code via multiple\n protocols.\n\n - CVE-2015-0459: 2D: unauthenticated remote attackers\n could execute arbitrary code via multiple protocols.\n\n - CVE-2015-0460: Hotspot: unauthenticated remote attackers\n could execute arbitrary code via multiple protocols.\n\n - CVE-2015-0469: 2D: unauthenticated remote attackers\n could execute arbitrary code via multiple protocols.\n\n - CVE-2015-0477: Beans: unauthenticated remote attackers\n could update, insert or delete some JAVA accessible data\n via multiple protocols\n\n - CVE-2015-0478: JCE: unauthenticated remote attackers\n could read some JAVA accessible data via multiple\n protocols\n\n - CVE-2015-0480: Tools: unauthenticated remote attackers\n could update, insert or delete some JAVA accessible data\n via multiple protocols and cause a partial denial of\n service (partial DOS)\n\n - CVE-2015-0484: JavaFX: unauthenticated remote attackers\n could read, update, insert or delete access some Java\n accessible data via multiple protocols and cause a\n partial denial of service (partial DOS).\n\n - CVE-2015-0488: JSSE: unauthenticated remote attackers\n could cause a partial denial of service (partial DOS).\n\n - CVE-2015-0491: 2D: unauthenticated remote attackers\n could execute arbitrary code via multiple protocols.\n\n - CVE-2015-0492: JavaFX: unauthenticated remote attackers\n could execute arbitrary code via multiple protocols.", "edition": 16, "published": "2015-04-28T00:00:00", "title": "openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2015-331)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0484", "CVE-2015-0492", "CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0458", "CVE-2015-0459", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480", "CVE-2015-0491"], "modified": "2015-04-28T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debugsource", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-accessibility", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-src", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-javadoc", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debuginfo"], "id": "OPENSUSE-2015-331.NASL", "href": "https://www.tenable.com/plugins/nessus/83106", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-331.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83106);\n script_version(\"2.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2015-0458\", \"CVE-2015-0459\", \"CVE-2015-0460\", \"CVE-2015-0469\", \"CVE-2015-0477\", \"CVE-2015-0478\", \"CVE-2015-0480\", \"CVE-2015-0484\", \"CVE-2015-0488\", \"CVE-2015-0491\", \"CVE-2015-0492\");\n\n script_name(english:\"openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2015-331)\");\n script_summary(english:\"Check for the openSUSE-2015-331 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OpenJDK was updated to 2.5.5 - OpenJdk 7u79 to fix security issues and\nbugs :\n\nThe following vulnerabilities were fixed :\n\n - CVE-2015-0458: Deployment: unauthenticated remote\n attackers could execute arbitrary code via multiple\n protocols.\n\n - CVE-2015-0459: 2D: unauthenticated remote attackers\n could execute arbitrary code via multiple protocols.\n\n - CVE-2015-0460: Hotspot: unauthenticated remote attackers\n could execute arbitrary code via multiple protocols.\n\n - CVE-2015-0469: 2D: unauthenticated remote attackers\n could execute arbitrary code via multiple protocols.\n\n - CVE-2015-0477: Beans: unauthenticated remote attackers\n could update, insert or delete some JAVA accessible data\n via multiple protocols\n\n - CVE-2015-0478: JCE: unauthenticated remote attackers\n could read some JAVA accessible data via multiple\n protocols\n\n - CVE-2015-0480: Tools: unauthenticated remote attackers\n could update, insert or delete some JAVA accessible data\n via multiple protocols and cause a partial denial of\n service (partial DOS)\n\n - CVE-2015-0484: JavaFX: unauthenticated remote attackers\n could read, update, insert or delete access some Java\n accessible data via multiple protocols and cause a\n partial denial of service (partial DOS).\n\n - CVE-2015-0488: JSSE: unauthenticated remote attackers\n could cause a partial denial of service (partial DOS).\n\n - CVE-2015-0491: 2D: unauthenticated remote attackers\n could execute arbitrary code via multiple protocols.\n\n - CVE-2015-0492: JavaFX: unauthenticated remote attackers\n could execute arbitrary code via multiple protocols.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=927591\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_7_0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-1.7.0.79-7.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-accessibility-1.7.0.79-7.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.79-7.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.79-7.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-demo-1.7.0.79-7.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-demo-debuginfo-1.7.0.79-7.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-devel-1.7.0.79-7.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-devel-debuginfo-1.7.0.79-7.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-headless-1.7.0.79-7.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.79-7.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-javadoc-1.7.0.79-7.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-src-1.7.0.79-7.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_7_0-openjdk / java-1_7_0-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:05:26", "description": "Updated java-1.8.0-oracle packages that fix several security issues\nare now available for Oracle Java for Red Hat Enterprise Linux 6 and\n7.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOracle Java SE version 8 includes the Oracle Java Runtime Environment\nand the Oracle Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the Oracle Java Runtime\nEnvironment and the Oracle Java Software Development Kit. Further\ninformation about these flaws can be found on the Oracle Java SE\nCritical Patch Update Advisory page, listed in the References section.\n(CVE-2005-1080, CVE-2015-0458, CVE-2015-0459, CVE-2015-0460,\nCVE-2015-0469, CVE-2015-0470, CVE-2015-0477, CVE-2015-0478,\nCVE-2015-0480, CVE-2015-0484, CVE-2015-0486, CVE-2015-0488,\nCVE-2015-0491, CVE-2015-0492)\n\nThe CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nAll users of java-1.8.0-oracle are advised to upgrade to these updated\npackages, which provide Oracle Java 8 Update 45 and resolve these\nissues. All running instances of Oracle Java must be restarted for the\nupdate to take effect.", "edition": 26, "published": "2015-04-20T00:00:00", "title": "RHEL 6 / 7 : java-1.8.0-oracle (RHSA-2015:0854)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0484", "CVE-2015-0492", "CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0458", "CVE-2015-0459", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0470", "CVE-2015-0480", "CVE-2015-0486", "CVE-2015-0491"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle-src", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle-javafx", "cpe:/o:redhat:enterprise_linux:7.1", "cpe:/o:redhat:enterprise_linux:6.6", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle-devel", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2015-0854.NASL", "href": "https://www.tenable.com/plugins/nessus/82897", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0854. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82897);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/10/24 15:35:39\");\n\n script_cve_id(\"CVE-2005-1080\", \"CVE-2015-0458\", \"CVE-2015-0459\", \"CVE-2015-0460\", \"CVE-2015-0469\", \"CVE-2015-0470\", \"CVE-2015-0477\", \"CVE-2015-0478\", \"CVE-2015-0480\", \"CVE-2015-0484\", \"CVE-2015-0486\", \"CVE-2015-0488\", \"CVE-2015-0491\", \"CVE-2015-0492\");\n script_bugtraq_id(13083, 74072, 74083, 74094, 74097, 74104, 74111, 74119, 74129, 74135, 74141, 74145, 74147, 74149);\n script_xref(name:\"RHSA\", value:\"2015:0854\");\n\n script_name(english:\"RHEL 6 / 7 : java-1.8.0-oracle (RHSA-2015:0854)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.8.0-oracle packages that fix several security issues\nare now available for Oracle Java for Red Hat Enterprise Linux 6 and\n7.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOracle Java SE version 8 includes the Oracle Java Runtime Environment\nand the Oracle Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the Oracle Java Runtime\nEnvironment and the Oracle Java Software Development Kit. Further\ninformation about these flaws can be found on the Oracle Java SE\nCritical Patch Update Advisory page, listed in the References section.\n(CVE-2005-1080, CVE-2015-0458, CVE-2015-0459, CVE-2015-0460,\nCVE-2015-0469, CVE-2015-0470, CVE-2015-0477, CVE-2015-0478,\nCVE-2015-0480, CVE-2015-0484, CVE-2015-0486, CVE-2015-0488,\nCVE-2015-0491, CVE-2015-0492)\n\nThe CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nAll users of java-1.8.0-oracle are advised to upgrade to these updated\npackages, which provide Oracle Java 8 Update 45 and resolve these\nissues. All running instances of Oracle Java must be restarted for the\nupdate to take effect.\"\n );\n # http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ef68d9ef\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0854\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-1080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0458\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0459\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0477\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0484\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0486\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0488\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0491\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0492\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle-javafx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:0854\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-oracle-1.8.0.45-1jpp.2.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-1.8.0.45-1jpp.2.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-oracle-devel-1.8.0.45-1jpp.2.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-devel-1.8.0.45-1jpp.2.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-oracle-javafx-1.8.0.45-1jpp.2.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-javafx-1.8.0.45-1jpp.2.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-oracle-jdbc-1.8.0.45-1jpp.2.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-jdbc-1.8.0.45-1jpp.2.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-oracle-plugin-1.8.0.45-1jpp.2.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-plugin-1.8.0.45-1jpp.2.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-oracle-src-1.8.0.45-1jpp.2.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-src-1.8.0.45-1jpp.2.el6_6\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-1.8.0.45-1jpp.2.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-devel-1.8.0.45-1jpp.2.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-javafx-1.8.0.45-1jpp.2.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-jdbc-1.8.0.45-1jpp.2.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-plugin-1.8.0.45-1jpp.2.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-src-1.8.0.45-1jpp.2.el7_1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-oracle / java-1.8.0-oracle-devel / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:05:26", "description": "Updated java-1.7.0-oracle packages that fix several security issues\nare now available for Oracle Java for Red Hat Enterprise Linux 5, 6,\nand 7.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOracle Java SE version 7 includes the Oracle Java Runtime Environment\nand the Oracle Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the Oracle Java Runtime\nEnvironment and the Oracle Java Software Development Kit. Further\ninformation about these flaws can be found on the Oracle Java SE\nCritical Patch Update Advisory page, listed in the References section.\n(CVE-2005-1080, CVE-2015-0458, CVE-2015-0459, CVE-2015-0460,\nCVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480,\nCVE-2015-0484, CVE-2015-0488, CVE-2015-0491, CVE-2015-0492)\n\nThe CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nAll users of java-1.7.0-oracle are advised to upgrade to these updated\npackages, which provide Oracle Java 7 Update 79 and resolve these\nissues. All running instances of Oracle Java must be restarted for the\nupdate to take effect.", "edition": 26, "published": "2015-04-21T00:00:00", "title": "RHEL 5 / 6 / 7 : java-1.7.0-oracle (RHSA-2015:0857)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0484", "CVE-2015-0492", "CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0458", "CVE-2015-0459", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480", "CVE-2015-0491"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-javafx", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-src", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-devel", "cpe:/o:redhat:enterprise_linux:7.1", "cpe:/o:redhat:enterprise_linux:6.6", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-plugin"], "id": "REDHAT-RHSA-2015-0857.NASL", "href": "https://www.tenable.com/plugins/nessus/82909", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0857. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82909);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/10/24 15:35:39\");\n\n script_cve_id(\"CVE-2005-1080\", \"CVE-2015-0458\", \"CVE-2015-0459\", \"CVE-2015-0460\", \"CVE-2015-0469\", \"CVE-2015-0477\", \"CVE-2015-0478\", \"CVE-2015-0480\", \"CVE-2015-0484\", \"CVE-2015-0488\", \"CVE-2015-0491\", \"CVE-2015-0492\");\n script_bugtraq_id(13083, 74072, 74083, 74094, 74097, 74104, 74111, 74119, 74129, 74135, 74141, 74147);\n script_xref(name:\"RHSA\", value:\"2015:0857\");\n\n script_name(english:\"RHEL 5 / 6 / 7 : java-1.7.0-oracle (RHSA-2015:0857)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.7.0-oracle packages that fix several security issues\nare now available for Oracle Java for Red Hat Enterprise Linux 5, 6,\nand 7.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOracle Java SE version 7 includes the Oracle Java Runtime Environment\nand the Oracle Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the Oracle Java Runtime\nEnvironment and the Oracle Java Software Development Kit. Further\ninformation about these flaws can be found on the Oracle Java SE\nCritical Patch Update Advisory page, listed in the References section.\n(CVE-2005-1080, CVE-2015-0458, CVE-2015-0459, CVE-2015-0460,\nCVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480,\nCVE-2015-0484, CVE-2015-0488, CVE-2015-0491, CVE-2015-0492)\n\nThe CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nAll users of java-1.7.0-oracle are advised to upgrade to these updated\npackages, which provide Oracle Java 7 Update 79 and resolve these\nissues. All running instances of Oracle Java must be restarted for the\nupdate to take effect.\"\n );\n # http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ef68d9ef\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0857\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-1080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0458\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0459\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0477\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0484\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0488\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0491\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0492\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-javafx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:0857\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.7.0-oracle-1.7.0.79-1jpp.1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-1.7.0.79-1jpp.1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.7.0-oracle-devel-1.7.0.79-1jpp.1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-devel-1.7.0.79-1jpp.1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.7.0-oracle-javafx-1.7.0.79-1jpp.1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-javafx-1.7.0.79-1jpp.1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.7.0-oracle-jdbc-1.7.0.79-1jpp.1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-jdbc-1.7.0.79-1jpp.1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.7.0-oracle-plugin-1.7.0.79-1jpp.1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-plugin-1.7.0.79-1jpp.1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.7.0-oracle-src-1.7.0.79-1jpp.1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-src-1.7.0.79-1jpp.1.el5_11\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-1.7.0.79-1jpp.1.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-1.7.0.79-1jpp.1.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-devel-1.7.0.79-1jpp.1.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-devel-1.7.0.79-1jpp.1.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-javafx-1.7.0.79-1jpp.1.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-javafx-1.7.0.79-1jpp.1.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-jdbc-1.7.0.79-1jpp.1.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-jdbc-1.7.0.79-1jpp.1.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-plugin-1.7.0.79-1jpp.1.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-plugin-1.7.0.79-1jpp.1.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-src-1.7.0.79-1jpp.1.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-src-1.7.0.79-1jpp.1.el6_6\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-1.7.0-oracle-1.7.0.79-1jpp.1.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-1.7.0.79-1jpp.1.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-1.7.0-oracle-devel-1.7.0.79-1jpp.1.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-devel-1.7.0.79-1jpp.1.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-javafx-1.7.0.79-1jpp.1.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-jdbc-1.7.0.79-1jpp.1.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-plugin-1.7.0.79-1jpp.1.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-src-1.7.0.79-1jpp.1.el7_1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-oracle / java-1.7.0-oracle-devel / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:05:26", "description": "Updated java-1.6.0-sun packages that fix several security issues are\nnow available for Oracle Java for Red Hat Enterprise Linux 5, 6, and\n7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOracle Java SE version 6 includes the Oracle Java Runtime Environment\nand the Oracle Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the Oracle Java Runtime\nEnvironment and the Oracle Java Software Development Kit. Further\ninformation about these flaws can be found on the Oracle Java SE\nCritical Patch Update Advisory page, listed in the References section.\n(CVE-2005-1080, CVE-2015-0458, CVE-2015-0459, CVE-2015-0460,\nCVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480,\nCVE-2015-0488, CVE-2015-0491)\n\nThe CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nAll users of java-1.6.0-sun are advised to upgrade to these updated\npackages, which provide Oracle Java 6 Update 95 and resolve these\nissues. All running instances of Oracle Java must be restarted for the\nupdate to take effect.", "edition": 26, "published": "2015-04-21T00:00:00", "title": "RHEL 5 / 6 / 7 : java-1.6.0-sun (RHSA-2015:0858)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0458", "CVE-2015-0459", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480", "CVE-2015-0491"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:7.1", "cpe:/o:redhat:enterprise_linux:6.6", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-src", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-jdbc", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-plugin"], "id": "REDHAT-RHSA-2015-0858.NASL", "href": "https://www.tenable.com/plugins/nessus/82910", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0858. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82910);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/10/24 15:35:39\");\n\n script_cve_id(\"CVE-2005-1080\", \"CVE-2015-0458\", \"CVE-2015-0459\", \"CVE-2015-0460\", \"CVE-2015-0469\", \"CVE-2015-0477\", \"CVE-2015-0478\", \"CVE-2015-0480\", \"CVE-2015-0488\", \"CVE-2015-0491\");\n script_bugtraq_id(13083, 74072, 74083, 74094, 74097, 74104, 74111, 74119, 74141, 74147);\n script_xref(name:\"RHSA\", value:\"2015:0858\");\n\n script_name(english:\"RHEL 5 / 6 / 7 : java-1.6.0-sun (RHSA-2015:0858)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-sun packages that fix several security issues are\nnow available for Oracle Java for Red Hat Enterprise Linux 5, 6, and\n7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOracle Java SE version 6 includes the Oracle Java Runtime Environment\nand the Oracle Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the Oracle Java Runtime\nEnvironment and the Oracle Java Software Development Kit. Further\ninformation about these flaws can be found on the Oracle Java SE\nCritical Patch Update Advisory page, listed in the References section.\n(CVE-2005-1080, CVE-2015-0458, CVE-2015-0459, CVE-2015-0460,\nCVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480,\nCVE-2015-0488, CVE-2015-0491)\n\nThe CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nAll users of java-1.6.0-sun are advised to upgrade to these updated\npackages, which provide Oracle Java 6 Update 95 and resolve these\nissues. All running instances of Oracle Java must be restarted for the\nupdate to take effect.\"\n );\n # http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ef68d9ef\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0858\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-1080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0458\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0459\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0477\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0488\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0491\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:0858\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-1.6.0.95-1jpp.3.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-1.6.0.95-1jpp.3.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-demo-1.6.0.95-1jpp.3.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-demo-1.6.0.95-1jpp.3.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-devel-1.6.0.95-1jpp.3.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-devel-1.6.0.95-1jpp.3.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-jdbc-1.6.0.95-1jpp.3.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-jdbc-1.6.0.95-1jpp.3.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-plugin-1.6.0.95-1jpp.3.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-plugin-1.6.0.95-1jpp.3.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-src-1.6.0.95-1jpp.3.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-src-1.6.0.95-1jpp.3.el5_11\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-sun-1.6.0.95-1jpp.3.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-1.6.0.95-1jpp.3.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-sun-demo-1.6.0.95-1jpp.3.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-demo-1.6.0.95-1jpp.3.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-sun-devel-1.6.0.95-1jpp.3.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-devel-1.6.0.95-1jpp.3.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-sun-jdbc-1.6.0.95-1jpp.3.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-jdbc-1.6.0.95-1jpp.3.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-sun-plugin-1.6.0.95-1jpp.3.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-plugin-1.6.0.95-1jpp.3.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-sun-src-1.6.0.95-1jpp.3.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-src-1.6.0.95-1jpp.3.el6_6\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-1.6.0-sun-1.6.0.95-1jpp.3.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-1.6.0.95-1jpp.3.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-demo-1.6.0.95-1jpp.3.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-1.6.0-sun-devel-1.6.0.95-1jpp.3.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-devel-1.6.0.95-1jpp.3.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-jdbc-1.6.0.95-1jpp.3.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-plugin-1.6.0.95-1jpp.3.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-src-1.6.0.95-1jpp.3.el7_1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-sun / java-1.6.0-sun-demo / java-1.6.0-sun-devel / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T09:42:11", "description": "Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, breakouts of the Java sandbox, information\ndisclosure or denial of service.\n\nFor Debian 6 'Squeeze', these problems have been fixed in\nversion 6b35-1.13.7-1~deb6u1.\n\nWe recommend that you upgrade your openjdk-6 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 15, "published": "2015-05-01T00:00:00", "title": "Debian DLA-213-1 : openjdk-6 security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0470", "CVE-2015-0480"], "modified": "2015-05-01T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openjdk-6-jdk", "cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:openjdk-6-jre-zero", "p-cpe:/a:debian:debian_linux:icedtea-6-jre-cacao", "p-cpe:/a:debian:debian_linux:openjdk-6-demo", "p-cpe:/a:debian:debian_linux:openjdk-6-doc", "p-cpe:/a:debian:debian_linux:openjdk-6-jre-lib", "p-cpe:/a:debian:debian_linux:openjdk-6-source", "p-cpe:/a:debian:debian_linux:openjdk-6-jre", "p-cpe:/a:debian:debian_linux:openjdk-6-jre-headless", "p-cpe:/a:debian:debian_linux:openjdk-6-dbg"], "id": "DEBIAN_DLA-213.NASL", "href": "https://www.tenable.com/plugins/nessus/83165", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-213-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83165);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-0460\", \"CVE-2015-0469\", \"CVE-2015-0470\", \"CVE-2015-0477\", \"CVE-2015-0478\", \"CVE-2015-0480\", \"CVE-2015-0488\");\n script_bugtraq_id(74072, 74097, 74104, 74111, 74119, 74147, 74149);\n\n script_name(english:\"Debian DLA-213-1 : openjdk-6 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, breakouts of the Java sandbox, information\ndisclosure or denial of service.\n\nFor Debian 6 'Squeeze', these problems have been fixed in\nversion 6b35-1.13.7-1~deb6u1.\n\nWe recommend that you upgrade your openjdk-6 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/04/msg00027.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/openjdk-6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedtea-6-jre-cacao\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-6-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-6-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-6-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-6-jdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-6-jre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-6-jre-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-6-jre-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-6-jre-zero\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-6-source\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/01\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/04/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"icedtea-6-jre-cacao\", reference:\"6b35-1.13.7-1~deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openjdk-6-dbg\", reference:\"6b35-1.13.7-1~deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openjdk-6-demo\", reference:\"6b35-1.13.7-1~deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openjdk-6-doc\", reference:\"6b35-1.13.7-1~deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openjdk-6-jdk\", reference:\"6b35-1.13.7-1~deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openjdk-6-jre\", reference:\"6b35-1.13.7-1~deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openjdk-6-jre-headless\", reference:\"6b35-1.13.7-1~deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openjdk-6-jre-lib\", reference:\"6b35-1.13.7-1~deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openjdk-6-jre-zero\", reference:\"6b35-1.13.7-1~deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openjdk-6-source\", reference:\"6b35-1.13.7-1~deb6u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T09:49:05", "description": "Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, breakouts of the Java sandbox, information\ndisclosure or denial of service.", "edition": 22, "published": "2015-04-27T00:00:00", "title": "Debian DSA-3235-1 : openjdk-7 - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0470", "CVE-2015-0480"], "modified": "2015-04-27T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openjdk-7", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3235.NASL", "href": "https://www.tenable.com/plugins/nessus/83063", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3235. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83063);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-0460\", \"CVE-2015-0469\", \"CVE-2015-0470\", \"CVE-2015-0477\", \"CVE-2015-0478\", \"CVE-2015-0480\", \"CVE-2015-0488\");\n script_bugtraq_id(74072, 74097, 74104, 74111, 74119, 74147, 74149);\n script_xref(name:\"DSA\", value:\"3235\");\n\n script_name(english:\"Debian DSA-3235-1 : openjdk-7 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, breakouts of the Java sandbox, information\ndisclosure or denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/openjdk-7\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3235\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openjdk-7 packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 7u79-2.5.5-1~deb7u1.\n\nFor the upcoming stable distribution (jessie), these problems will be\nfixed soon in version 7u79-2.5.5-1~deb8u1 (the update will be\navailable shortly after the final jessie release).\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"icedtea-7-jre-cacao\", reference:\"7u79-2.5.5-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icedtea-7-jre-jamvm\", reference:\"7u79-2.5.5-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-7-dbg\", reference:\"7u79-2.5.5-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-7-demo\", reference:\"7u79-2.5.5-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-7-doc\", reference:\"7u79-2.5.5-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-7-jdk\", reference:\"7u79-2.5.5-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-7-jre\", reference:\"7u79-2.5.5-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-7-jre-headless\", reference:\"7u79-2.5.5-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-7-jre-lib\", reference:\"7u79-2.5.5-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-7-jre-zero\", reference:\"7u79-2.5.5-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-7-source\", reference:\"7u79-2.5.5-1~deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T09:49:05", "description": "Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, breakouts of the Java sandbox, information\ndisclosure or denial of service.", "edition": 22, "published": "2015-04-27T00:00:00", "title": "Debian DSA-3234-1 : openjdk-6 - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0470", "CVE-2015-0480"], "modified": "2015-04-27T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openjdk-6", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3234.NASL", "href": "https://www.tenable.com/plugins/nessus/83062", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3234. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83062);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-0460\", \"CVE-2015-0469\", \"CVE-2015-0470\", \"CVE-2015-0477\", \"CVE-2015-0478\", \"CVE-2015-0480\", \"CVE-2015-0488\");\n script_bugtraq_id(74072, 74097, 74104, 74111, 74119, 74147, 74149);\n script_xref(name:\"DSA\", value:\"3234\");\n\n script_name(english:\"Debian DSA-3234-1 : openjdk-6 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, breakouts of the Java sandbox, information\ndisclosure or denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/openjdk-6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3234\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openjdk-6 packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 6b35-1.13.7-1~deb7u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"icedtea-6-jre-cacao\", reference:\"6b35-1.13.7-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icedtea-6-jre-jamvm\", reference:\"6b35-1.13.7-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-6-dbg\", reference:\"6b35-1.13.7-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-6-demo\", reference:\"6b35-1.13.7-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-6-doc\", reference:\"6b35-1.13.7-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-6-jdk\", reference:\"6b35-1.13.7-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-6-jre\", reference:\"6b35-1.13.7-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-6-jre-headless\", reference:\"6b35-1.13.7-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-6-jre-lib\", reference:\"6b35-1.13.7-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-6-jre-zero\", reference:\"6b35-1.13.7-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-6-source\", reference:\"6b35-1.13.7-1~deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2020-09-02T11:55:09", "bulletinFamily": "info", "cvelist": ["CVE-2015-0484", "CVE-2015-0492", "CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0458", "CVE-2015-0459", "CVE-2015-0478", "CVE-2015-0204", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0470", "CVE-2015-0480", "CVE-2015-0486", "CVE-2015-0491"], "description": "### *Detect date*:\n04/14/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nAn unspecified vulnerabilities were found in Oracle products. By exploiting these vulnerabilities malicious users can affect integrity, availability and confidentiality. These vulnerabilities can be exploited remotely via an unknown vectors related to 2D, Hotspot, JavaFX, Delpoyment, Tools, JSSE, Beans and JCE.\n\n### *Affected products*:\nOracle Java SE 5u81, 6u91, 7u76, 8u40 \nOracle JavaFX 2.2.76 \nOracle JRockit R28.3.5\n\n### *Solution*:\nUpdate to the latest version \n[Get Java SE](<http://www.oracle.com/technetwork/java/javase/downloads/index.html>)\n\n### *Original advisories*:\n[Oracle bulletin](<http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Oracle Java JRE 1.7.x](<https://threats.kaspersky.com/en/product/Oracle-Java-JRE-1.7.x/>)\n\n### *CVE-IDS*:\n[CVE-2015-0204](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204>)4.3Warning \n[CVE-2015-0484](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0484>)6.8High \n[CVE-2015-0492](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0492>)9.3Critical \n[CVE-2015-0469](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469>)10.0Critical \n[CVE-2015-0478](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478>)4.3Warning \n[CVE-2015-0480](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480>)5.8High \n[CVE-2015-0477](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477>)4.3Warning \n[CVE-2015-0458](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0458>)7.6Critical \n[CVE-2015-0459](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0459>)10.0Critical \n[CVE-2015-0470](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0470>)4.3Warning \n[CVE-2015-0488](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488>)5.0Critical \n[CVE-2015-0486](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0486>)5.0Critical \n[CVE-2015-0491](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0491>)10.0Critical \n[CVE-2015-0460](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0460>)9.3Critical", "edition": 43, "modified": "2020-05-22T00:00:00", "published": "2015-04-14T00:00:00", "id": "KLA10548", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10548", "title": "\r KLA10548Multiple vulnerabilities in Oracle products ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-02T11:43:41", "bulletinFamily": "info", "cvelist": ["CVE-2015-0484", "CVE-2015-0492", "CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0458", "CVE-2015-0459", "CVE-2015-0478", "CVE-2015-0204", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0470", "CVE-2015-0480", "CVE-2015-0486", "CVE-2015-0491"], "description": "### *Detect date*:\n04/14/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nUse-after-free, XSS and aother unspecified vulnerabilities were found in Microsoft products. By exploiting these vulnerabilities malicious users can execute or inject arbitrary code. These vulnerabilities can be exploited remotely via a specially designed Office document.\n\n### *Affected products*:\nMicrosoft Office 2007 Service Pack 3 \nMicrosoft Office 2010 x86, x64 Service Pack 2 \nMicrosoft Office 2013 x86, x64, RT Service Pack1 \nMicrosoft Word Viewer \nMicrosoft Office Compatibility Pack Service Pack 3 \nMicrosoft SharePoint Server 2010 Service Pack 2 \nMicrosoft SharePoinr Server 2013 Service Pack 1 \nMicrosoft Office Web Apps 2010 Service Pack 2 \nMicrosoft Office Web Apps 2013 Service Pack 1\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[MS15-033](<https://technet.microsoft.com/en-us/library/security/ms15-033>) \n[CVE-2015-0204](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0204>) \n[CVE-2015-0484](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0484>) \n[CVE-2015-0492](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0492>) \n[CVE-2015-0469](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0469>) \n[CVE-2015-0478](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0478>) \n[CVE-2015-0480](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0480>) \n[CVE-2015-0477](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0477>) \n[CVE-2015-0458](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0458>) \n[CVE-2015-0459](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0459>) \n[CVE-2015-0470](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0470>) \n[CVE-2015-0488](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0488>) \n[CVE-2015-0486](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0486>) \n[CVE-2015-0491](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0491>) \n[CVE-2015-0460](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-0460>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Office](<https://threats.kaspersky.com/en/product/Microsoft-Office/>)\n\n### *CVE-IDS*:\n[CVE-2015-0204](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204>)4.3Warning \n[CVE-2015-0484](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0484>)6.8High \n[CVE-2015-0492](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0492>)9.3Critical \n[CVE-2015-0469](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469>)10.0Critical \n[CVE-2015-0478](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478>)4.3Warning \n[CVE-2015-0480](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480>)5.8High \n[CVE-2015-0477](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477>)4.3Warning \n[CVE-2015-0458](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0458>)7.6Critical \n[CVE-2015-0459](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0459>)10.0Critical \n[CVE-2015-0470](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0470>)4.3Warning \n[CVE-2015-0488](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488>)5.0Critical \n[CVE-2015-0486](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0486>)5.0Critical \n[CVE-2015-0491](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0491>)10.0Critical \n[CVE-2015-0460](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0460>)9.3Critical\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[2965224](<http://support.microsoft.com/kb/2965224>) \n[2965284](<http://support.microsoft.com/kb/2965284>) \n[2553428](<http://support.microsoft.com/kb/2553428>) \n[2965236](<http://support.microsoft.com/kb/2965236>) \n[2965215](<http://support.microsoft.com/kb/2965215>) \n[2553164](<http://support.microsoft.com/kb/2553164>) \n[2965238](<http://support.microsoft.com/kb/2965238>) \n[2965210](<http://support.microsoft.com/kb/2965210>) \n[2965289](<http://support.microsoft.com/kb/2965289>) \n[3051737](<http://support.microsoft.com/kb/3051737>) \n[2965306](<http://support.microsoft.com/kb/2965306>) \n[3055707](<http://support.microsoft.com/kb/3055707>)", "edition": 41, "modified": "2020-05-22T00:00:00", "published": "2015-04-14T00:00:00", "id": "KLA10551", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10551", "title": "\r KLA10551Code execution vulnerabilities in Microsoft Office ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-01-31T18:38:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0484", "CVE-2015-0492", "CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0458", "CVE-2015-0459", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0470", "CVE-2015-0480", "CVE-2015-0486", "CVE-2015-0491"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2015-09-18T00:00:00", "id": "OPENVAS:1361412562310850684", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850684", "type": "openvas", "title": "openSUSE: Security Advisory for java-1_8_0-openjdk (openSUSE-SU-2015:0773-1)", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850684\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-09-18 10:39:26 +0200 (Fri, 18 Sep 2015)\");\n script_cve_id(\"CVE-2015-0458\", \"CVE-2015-0459\", \"CVE-2015-0460\", \"CVE-2015-0469\", \"CVE-2015-0470\", \"CVE-2015-0477\", \"CVE-2015-0478\", \"CVE-2015-0480\", \"CVE-2015-0484\", \"CVE-2015-0486\", \"CVE-2015-0488\", \"CVE-2015-0491\", \"CVE-2015-0492\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for java-1_8_0-openjdk (openSUSE-SU-2015:0773-1)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1_8_0-openjdk'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"OpenJDK was updated to jdk8u45-b14 to fix security issues and bugs.\n\n The following vulnerabilities were fixed:\n\n * CVE-2015-0458: Deployment: unauthenticated remote attackers could\n execute arbitrary code via multiple protocols.\n\n * CVE-2015-0459: 2D: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols.\n\n * CVE-2015-0460: Hotspot: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols.\n\n * CVE-2015-0469: 2D: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols.\n\n * CVE-2015-0470: Hotspot: unauthenticated remote attackers could update,\n insert or delete some JAVA accessible data via multiple protocols\n\n * CVE-2015-0477: Beans: unauthenticated remote attackers could update,\n insert or delete some JAVA accessible data via multiple protocols\n\n * CVE-2015-0478: JCE: unauthenticated remote attackers could read some\n JAVA accessible data via multiple protocols\n\n * CVE-2015-0480: Tools: unauthenticated remote attackers could update,\n insert or delete some JAVA accessible data via multiple protocols and\n cause a partial denial of service (partial DOS)\n\n * CVE-2015-0484: JavaFX: unauthenticated remote attackers could read,\n update, insert or delete access some Java accessible data via multiple\n protocols and cause a partial denial of service (partial DOS).\n\n * CVE-2015-0486: Deployment: unauthenticated remote attackers could read\n some JAVA accessible data via multiple protocols\n\n * CVE-2015-0488: JSSE: unauthenticated remote attackers could cause a\n partial denial of service (partial DOS).\n\n * CVE-2015-0491: 2D: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols.\n\n * CVE-2015-0492: JavaFX: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols.\");\n\n script_tag(name:\"affected\", value:\"java-1_8_0-openjdk on openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"openSUSE-SU\", value:\"2015:0773-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk\", rpm:\"java-1_8_0-openjdk~1.8.0.45~9.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-accessibility\", rpm:\"java-1_8_0-openjdk-accessibility~1.8.0.45~9.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-debuginfo\", rpm:\"java-1_8_0-openjdk-debuginfo~1.8.0.45~9.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-debugsource\", rpm:\"java-1_8_0-openjdk-debugsource~1.8.0.45~9.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-demo\", rpm:\"java-1_8_0-openjdk-demo~1.8.0.45~9.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-demo-debuginfo\", rpm:\"java-1_8_0-openjdk-demo-debuginfo~1.8.0.45~9.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-devel\", rpm:\"java-1_8_0-openjdk-devel~1.8.0.45~9.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-headless\", rpm:\"java-1_8_0-openjdk-headless~1.8.0.45~9.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-headless-debuginfo\", rpm:\"java-1_8_0-openjdk-headless-debuginfo~1.8.0.45~9.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-src\", rpm:\"java-1_8_0-openjdk-src~1.8.0.45~9.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_8_0-openjdk-javadoc\", rpm:\"java-1_8_0-openjdk-javadoc~1.8.0.45~9.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:37:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0484", "CVE-2015-0492", "CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0458", "CVE-2015-0459", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480", "CVE-2015-0491"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2015-09-18T00:00:00", "id": "OPENVAS:1361412562310850686", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850686", "type": "openvas", "title": "openSUSE: Security Advisory for java-1_7_0-openjdk (openSUSE-SU-2015:0774-1)", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850686\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-09-18 10:41:38 +0200 (Fri, 18 Sep 2015)\");\n script_cve_id(\"CVE-2015-0458\", \"CVE-2015-0459\", \"CVE-2015-0460\", \"CVE-2015-0469\", \"CVE-2015-0477\", \"CVE-2015-0478\", \"CVE-2015-0480\", \"CVE-2015-0484\", \"CVE-2015-0488\", \"CVE-2015-0491\", \"CVE-2015-0492\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for java-1_7_0-openjdk (openSUSE-SU-2015:0774-1)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1_7_0-openjdk'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"OpenJDK was updated to 2.5.5 - OpenJdk 7u79 to fix security issues and\n bugs:\n\n The following vulnerabilities were fixed:\n\n * CVE-2015-0458: Deployment: unauthenticated remote attackers could\n execute arbitrary code via multiple protocols.\n\n * CVE-2015-0459: 2D: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols.\n\n * CVE-2015-0460: Hotspot: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols.\n\n * CVE-2015-0469: 2D: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols.\n\n * CVE-2015-0477: Beans: unauthenticated remote attackers could update,\n insert or delete some JAVA accessible data via multiple protocols\n\n * CVE-2015-0478: JCE: unauthenticated remote attackers could read some\n JAVA accessible data via multiple protocols\n\n * CVE-2015-0480: Tools: unauthenticated remote attackers could update,\n insert or delete some JAVA accessible data via multiple protocols and\n cause a partial denial of service (partial DOS)\n\n * CVE-2015-0484: JavaFX: unauthenticated remote attackers could read,\n update, insert or delete access some Java accessible data via multiple\n protocols and cause a partial denial of service (partial DOS).\n\n * CVE-2015-0488: JSSE: unauthenticated remote attackers could cause a\n partial denial of service (partial DOS).\n\n * CVE-2015-0491: 2D: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols.\n\n * CVE-2015-0492: JavaFX: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols.\");\n\n script_tag(name:\"affected\", value:\"java-1_7_0-openjdk on openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"openSUSE-SU\", value:\"2015:0774-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk\", rpm:\"java-1_7_0-openjdk~1.7.0.79~7.4\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-accessibility\", rpm:\"java-1_7_0-openjdk-accessibility~1.7.0.79~7.4\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-debuginfo\", rpm:\"java-1_7_0-openjdk-debuginfo~1.7.0.79~7.4\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-debugsource\", rpm:\"java-1_7_0-openjdk-debugsource~1.7.0.79~7.4\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-demo\", rpm:\"java-1_7_0-openjdk-demo~1.7.0.79~7.4\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-demo-debuginfo\", rpm:\"java-1_7_0-openjdk-demo-debuginfo~1.7.0.79~7.4\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-devel\", rpm:\"java-1_7_0-openjdk-devel~1.7.0.79~7.4\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-devel-debuginfo\", rpm:\"java-1_7_0-openjdk-devel-debuginfo~1.7.0.79~7.4\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-headless\", rpm:\"java-1_7_0-openjdk-headless~1.7.0.79~7.4\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-headless-debuginfo\", rpm:\"java-1_7_0-openjdk-headless-debuginfo~1.7.0.79~7.4\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-src\", rpm:\"java-1_7_0-openjdk-src~1.7.0.79~7.4\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-javadoc\", rpm:\"java-1_7_0-openjdk-javadoc~1.7.0.79~7.4\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:37:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0484", "CVE-2015-0492", "CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0458", "CVE-2015-0459", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480", "CVE-2015-0491"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2015-10-16T00:00:00", "id": "OPENVAS:1361412562310850987", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850987", "type": "openvas", "title": "SUSE: Security Advisory for java-1_7_0-openjdk (SUSE-SU-2015:0833-1)", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850987\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 16:14:19 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2015-0458\", \"CVE-2015-0459\", \"CVE-2015-0460\", \"CVE-2015-0469\", \"CVE-2015-0477\", \"CVE-2015-0478\", \"CVE-2015-0480\", \"CVE-2015-0484\", \"CVE-2015-0488\", \"CVE-2015-0491\", \"CVE-2015-0492\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for java-1_7_0-openjdk (SUSE-SU-2015:0833-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1_7_0-openjdk'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"OpenJDK was updated to version 2.5.5 - OpenJDK 7u79 to fix security issues\n and bugs.\n\n The following vulnerabilities have been fixed:\n\n * CVE-2015-0458: Deployment: unauthenticated remote attackers could\n execute arbitrary code via multiple protocols.\n\n * CVE-2015-0459: 2D: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols.\n\n * CVE-2015-0460: Hotspot: unauthenticated remote attackers could\n execute arbitrary code via multiple protocols.\n\n * CVE-2015-0469: 2D: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols.\n\n * CVE-2015-0477: Beans: unauthenticated remote attackers could update,\n insert or delete some JAVA accessible data via multiple protocols\n\n * CVE-2015-0478: JCE: unauthenticated remote attackers could read some\n JAVA accessible data via multiple protocols\n\n * CVE-2015-0480: Tools: unauthenticated remote attackers could update,\n insert or delete some JAVA accessible data via multiple protocols\n and cause a partial denial of service (partial DOS)\n\n * CVE-2015-0484: JavaFX: unauthenticated remote attackers could read,\n update, insert or delete access some Java accessible data via\n multiple protocols and cause a partial denial of service (partial\n DOS).\n\n * CVE-2015-0488: JSSE: unauthenticated remote attackers could cause a\n partial denial of service (partial DOS).\n\n * CVE-2015-0491: 2D: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols.\n\n * CVE-2015-0492: JavaFX: unauthenticated remote attackers could\n execute arbitrary code via multiple protocols.\");\n\n script_tag(name:\"affected\", value:\"java-1_7_0-openjdk on SUSE Linux Enterprise Desktop 11 SP3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2015:0833-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLED11\\.0SP3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLED11.0SP3\") {\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk\", rpm:\"java-1_7_0-openjdk~1.7.0.75~0.9.1\", rls:\"SLED11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-demo\", rpm:\"java-1_7_0-openjdk-demo~1.7.0.75~0.9.1\", rls:\"SLED11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-devel\", rpm:\"java-1_7_0-openjdk-devel~1.7.0.75~0.9.1\", rls:\"SLED11.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-05-15T17:24:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0459", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480", "CVE-2015-0491"], "description": "The host is installed with Oracle Java SE\n JRE and is prone to multiple unspecified vulnerabilities.", "modified": "2020-05-12T00:00:00", "published": "2015-04-21T00:00:00", "id": "OPENVAS:1361412562310805536", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805536", "type": "openvas", "title": "Oracle Java SE JRE Multiple Unspecified Vulnerabilities-02 Apr 2015 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle Java SE JRE Multiple Unspecified Vulnerabilities-02 Apr 2015 (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805536\");\n script_version(\"2020-05-12T13:57:17+0000\");\n script_cve_id(\"CVE-2015-0491\", \"CVE-2015-0488\", \"CVE-2015-0480\", \"CVE-2015-0478\",\n \"CVE-2015-0477\", \"CVE-2015-0469\", \"CVE-2015-0460\", \"CVE-2015-0459\");\n script_bugtraq_id(74094, 74111, 74104, 74147, 74119, 74072, 74097, 74083);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-05-12 13:57:17 +0000 (Tue, 12 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-04-21 16:34:06 +0530 (Tue, 21 Apr 2015)\");\n script_name(\"Oracle Java SE JRE Multiple Unspecified Vulnerabilities-02 Apr 2015 (Windows)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Oracle Java SE\n JRE and is prone to multiple unspecified vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - An error in the Java Cryptography Extension (JCE) subcomponent's RSA signature\n implementation.\n\n - An error in the JSSE subcomponent that is triggered when checking X.509\n certificate options.\n\n - An error in the 'ReferenceProcessor::process_discovered_references' function\n in share/vm/memory/referenceProcessor.cpp script.\n\n - Two unspecified errors related to the 2D subcomponent.\n\n - An error in the Beans subcomponent related to permissions and resource\n loading.\n\n - An off-by-one overflow condition in the functions\n 'LigatureSubstitutionProcessor::processStateEntry' and\n 'LigatureSubstitutionProcessor2::processStateEntry' within LigatureSubstProc.cpp\n and LigatureSubstProc2.cpp scripts respectively.\n\n - An unspecified error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to gain knowledge of potentially sensitive information, conduct\n denial-of-service attacks, execute arbitrary code and other unspecified impact.\");\n\n script_tag(name:\"affected\", value:\"Oracle Java SE 5.0 update 81 and prior,\n 6 update 91 and prior, 7 update 76 and prior, and 8 update 40 and prior on\n Windows.\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_java_prdts_detect_portable_win.nasl\");\n script_mandatory_keys(\"Sun/Java/JRE/Win/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ncpe_list = make_list(\"cpe:/a:oracle:jre\", \"cpe:/a:sun:jre\");\n\nif(!infos = get_app_version_and_location_from_list(cpe_list:cpe_list, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(vers =~ \"^1\\.[5-8]\") {\n if(version_in_range(version:vers, test_version:\"1.8.0\", test_version2:\"1.8.0.40\")||\n version_in_range(version:vers, test_version:\"1.7.0\", test_version2:\"1.7.0.76\")||\n version_in_range(version:vers, test_version:\"1.6.0\", test_version2:\"1.6.0.91\")||\n version_in_range(version:vers, test_version:\"1.5.0\", test_version2:\"1.5.0.81\")) {\n report = 'Installed version: ' + vers + '\\n' +\n 'Fixed version: ' + \"Apply the patch\" + '\\n';\n security_message(data:report);\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-05-15T17:26:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0459", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480", "CVE-2015-0491"], "description": "The host is installed with Oracle Java SE\n JRE and is prone to multiple unspecified vulnerabilities.", "modified": "2020-05-12T00:00:00", "published": "2015-04-21T00:00:00", "id": "OPENVAS:1361412562310108397", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108397", "type": "openvas", "title": "Oracle Java SE JRE Multiple Unspecified Vulnerabilities-02 Apr 2015 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle Java SE JRE Multiple Unspecified Vulnerabilities-02 Apr 2015 (Linux)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108397\");\n script_version(\"2020-05-12T13:57:17+0000\");\n script_cve_id(\"CVE-2015-0491\", \"CVE-2015-0488\", \"CVE-2015-0480\", \"CVE-2015-0478\",\n \"CVE-2015-0477\", \"CVE-2015-0469\", \"CVE-2015-0460\", \"CVE-2015-0459\");\n script_bugtraq_id(74094, 74111, 74104, 74147, 74119, 74072, 74097, 74083);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-05-12 13:57:17 +0000 (Tue, 12 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-04-21 16:34:06 +0530 (Tue, 21 Apr 2015)\");\n script_name(\"Oracle Java SE JRE Multiple Unspecified Vulnerabilities-02 Apr 2015 (Linux)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Oracle Java SE\n JRE and is prone to multiple unspecified vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - An error in the Java Cryptography Extension (JCE) subcomponent's RSA signature\n implementation.\n\n - An error in the JSSE subcomponent that is triggered when checking X.509\n certificate options.\n\n - An error in the 'ReferenceProcessor::process_discovered_references' function\n in share/vm/memory/referenceProcessor.cpp script.\n\n - Two unspecified errors related to the 2D subcomponent.\n\n - An error in the Beans subcomponent related to permissions and resource\n loading.\n\n - An off-by-one overflow condition in the functions\n 'LigatureSubstitutionProcessor::processStateEntry' and\n 'LigatureSubstitutionProcessor2::processStateEntry' within LigatureSubstProc.cpp\n and LigatureSubstProc2.cpp scripts respectively.\n\n - An unspecified error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to gain knowledge of potentially sensitive information, conduct\n denial-of-service attacks, execute arbitrary code and other unspecified impact.\");\n\n script_tag(name:\"affected\", value:\"Oracle Java SE 5.0 update 81 and prior,\n 6 update 91 and prior, 7 update 76 and prior, and 8 update 40 and prior on\n Linux.\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_java_prdts_detect_lin.nasl\");\n script_mandatory_keys(\"Sun/Java/JRE/Linux/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ncpe_list = make_list(\"cpe:/a:oracle:jre\", \"cpe:/a:sun:jre\");\n\nif(!infos = get_app_version_and_location_from_list(cpe_list:cpe_list, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(vers =~ \"^1\\.[5-8]\") {\n if(version_in_range(version:vers, test_version:\"1.8.0\", test_version2:\"1.8.0.40\")||\n version_in_range(version:vers, test_version:\"1.7.0\", test_version2:\"1.7.0.76\")||\n version_in_range(version:vers, test_version:\"1.6.0\", test_version2:\"1.6.0.91\")||\n version_in_range(version:vers, test_version:\"1.5.0\", test_version2:\"1.5.0.81\")) {\n report = 'Installed version: ' + vers + '\\n' +\n 'Fixed version: ' + \"Apply the patch\" + '\\n';\n security_message(data:report);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:53:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0470", "CVE-2015-0480"], "description": "Several vulnerabilities have been\ndiscovered in OpenJDK, an implementation of the Oracle Java platform, resulting\nin the execution of arbitrary code, breakouts of the Java sandbox, information\ndisclosure or denial of service.", "modified": "2017-07-07T00:00:00", "published": "2015-04-24T00:00:00", "id": "OPENVAS:703234", "href": "http://plugins.openvas.org/nasl.php?oid=703234", "type": "openvas", "title": "Debian Security Advisory DSA 3234-1 (openjdk-6 - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3234.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3234-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703234);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-0460\", \"CVE-2015-0469\", \"CVE-2015-0470\", \"CVE-2015-0477\",\n \"CVE-2015-0478\", \"CVE-2015-0480\", \"CVE-2015-0488\");\n script_name(\"Debian Security Advisory DSA 3234-1 (openjdk-6 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-04-24 00:00:00 +0200 (Fri, 24 Apr 2015)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3234.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"openjdk-6 on Debian Linux\");\n script_tag(name: \"insight\", value: \"OpenJDK is a development environment\nfor building applications, applets, and components using the Java programming\nlanguage.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthese problems have been fixed in version 6b35-1.13.7-1~deb7u1.\n\nWe recommend that you upgrade your openjdk-6 packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities have been\ndiscovered in OpenJDK, an implementation of the Oracle Java platform, resulting\nin the execution of arbitrary code, breakouts of the Java sandbox, information\ndisclosure or denial of service.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao:amd64\", ver:\"6b35-1.13.7-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao:i386\", ver:\"6b35-1.13.7-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm:amd64\", ver:\"6b35-1.13.7-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm:i386\", ver:\"6b35-1.13.7-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-dbg:amd64\", ver:\"6b35-1.13.7-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-dbg:i386\", ver:\"6b35-1.13.7-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b35-1.13.7-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b35-1.13.7-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jdk:amd64\", ver:\"6b35-1.13.7-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jdk:i386\", ver:\"6b35-1.13.7-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre:amd64\", ver:\"6b35-1.13.7-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre:i386\", ver:\"6b35-1.13.7-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless:amd64\", ver:\"6b35-1.13.7-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless:i386\", ver:\"6b35-1.13.7-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b35-1.13.7-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero:amd64\", ver:\"6b35-1.13.7-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero:i386\", ver:\"6b35-1.13.7-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b35-1.13.7-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:52:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0470", "CVE-2015-0480"], "description": "Several vulnerabilities have been\ndiscovered in OpenJDK, an implementation of the Oracle Java platform, resulting\nin the execution of arbitrary code, breakouts of the Java sandbox, information\ndisclosure or denial of service.", "modified": "2017-07-07T00:00:00", "published": "2015-04-24T00:00:00", "id": "OPENVAS:703235", "href": "http://plugins.openvas.org/nasl.php?oid=703235", "type": "openvas", "title": "Debian Security Advisory DSA 3235-1 (openjdk-7 - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3235.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3235-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703235);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-0460\", \"CVE-2015-0469\", \"CVE-2015-0470\", \"CVE-2015-0477\",\n \"CVE-2015-0478\", \"CVE-2015-0480\", \"CVE-2015-0488\");\n script_name(\"Debian Security Advisory DSA 3235-1 (openjdk-7 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-04-24 00:00:00 +0200 (Fri, 24 Apr 2015)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3235.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"openjdk-7 on Debian Linux\");\n script_tag(name: \"insight\", value: \"OpenJDK is a development environment\nfor building applications, applets, and components using the Java programming\nlanguage.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthese problems have been fixed in version 7u79-2.5.5-1~deb7u1.\n\nFor the upcoming stable distribution (jessie), these problems will be\nfixed soon in version 7u79-2.5.5-1~deb8u1 (the update will be available\nshortly after the final jessie release).\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7u79-2.5.5-1.\n\nWe recommend that you upgrade your openjdk-7 packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities have been\ndiscovered in OpenJDK, an implementation of the Oracle Java platform, resulting\nin the execution of arbitrary code, breakouts of the Java sandbox, information\ndisclosure or denial of service.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"icedtea-7-jre-cacao:amd64\", ver:\"7u79-2.5.5-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedtea-7-jre-cacao:i386\", ver:\"7u79-2.5.5-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedtea-7-jre-jamvm:amd64\", ver:\"7u79-2.5.5-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedtea-7-jre-jamvm:i386\", ver:\"7u79-2.5.5-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-dbg:amd64\", ver:\"7u79-2.5.5-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-dbg:i386\", ver:\"7u79-2.5.5-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-demo\", ver:\"7u79-2.5.5-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-doc\", ver:\"7u79-2.5.5-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-jdk:amd64\", ver:\"7u79-2.5.5-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-jdk:i386\", ver:\"7u79-2.5.5-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-jre:amd64\", ver:\"7u79-2.5.5-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-jre:i386\", ver:\"7u79-2.5.5-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-jre-headless:amd64\", ver:\"7u79-2.5.5-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-jre-headless:i386\", ver:\"7u79-2.5.5-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-jre-lib\", ver:\"7u79-2.5.5-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-jre-zero:amd64\", ver:\"7u79-2.5.5-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-jre-zero:i386\", ver:\"7u79-2.5.5-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-7-source\", ver:\"7u79-2.5.5-1~deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0470", "CVE-2015-0480"], "description": "Several vulnerabilities have been\ndiscovered in OpenJDK, an implementation of the Oracle Java platform, resulting\nin the execution of arbitrary code, breakouts of the Java sandbox, information\ndisclosure or denial of service.", "modified": "2019-03-18T00:00:00", "published": "2015-04-24T00:00:00", "id": "OPENVAS:1361412562310703234", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703234", "type": "openvas", "title": "Debian Security Advisory DSA 3234-1 (openjdk-6 - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3234.nasl 14278 2019-03-18 14:47:26Z cfischer $\n# Auto-generated from advisory DSA 3234-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703234\");\n script_version(\"$Revision: 14278 $\");\n script_cve_id(\"CVE-2015-0460\", \"CVE-2015-0469\", \"CVE-2015-0470\", \"CVE-2015-0477\",\n \"CVE-2015-0478\", \"CVE-2015-0480\", \"CVE-2015-0488\");\n script_name(\"Debian Security Advisory DSA 3234-1 (openjdk-6 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:47:26 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-24 00:00:00 +0200 (Fri, 24 Apr 2015)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3234.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"openjdk-6 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy),\nthese problems have been fixed in version 6b35-1.13.7-1~deb7u1.\n\nWe recommend that you upgrade your openjdk-6 packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been\ndiscovered in OpenJDK, an implementation of the Oracle Java platform, resulting\nin the execution of arbitrary code, breakouts of the Java sandbox, information\ndisclosure or denial of service.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao:amd64\", ver:\"6b35-1.13.7-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao:i386\", ver:\"6b35-1.13.7-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm:amd64\", ver:\"6b35-1.13.7-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm:i386\", ver:\"6b35-1.13.7-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-dbg:amd64\", ver:\"6b35-1.13.7-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-dbg:i386\", ver:\"6b35-1.13.7-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b35-1.13.7-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b35-1.13.7-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-jdk:amd64\", ver:\"6b35-1.13.7-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-jdk:i386\", ver:\"6b35-1.13.7-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-jre:amd64\", ver:\"6b35-1.13.7-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-jre:i386\", ver:\"6b35-1.13.7-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless:amd64\", ver:\"6b35-1.13.7-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless:i386\", ver:\"6b35-1.13.7-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b35-1.13.7-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero:amd64\", ver:\"6b35-1.13.7-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero:i386\", ver:\"6b35-1.13.7-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b35-1.13.7-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0470", "CVE-2015-0480"], "description": "Several vulnerabilities have been\ndiscovered in OpenJDK, an implementation of the Oracle Java platform, resulting\nin the execution of arbitrary code, breakouts of the Java sandbox, information\ndisclosure or denial of service.", "modified": "2019-03-18T00:00:00", "published": "2015-04-24T00:00:00", "id": "OPENVAS:1361412562310703235", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703235", "type": "openvas", "title": "Debian Security Advisory DSA 3235-1 (openjdk-7 - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3235.nasl 14278 2019-03-18 14:47:26Z cfischer $\n# Auto-generated from advisory DSA 3235-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703235\");\n script_version(\"$Revision: 14278 $\");\n script_cve_id(\"CVE-2015-0460\", \"CVE-2015-0469\", \"CVE-2015-0470\", \"CVE-2015-0477\",\n \"CVE-2015-0478\", \"CVE-2015-0480\", \"CVE-2015-0488\");\n script_name(\"Debian Security Advisory DSA 3235-1 (openjdk-7 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:47:26 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-24 00:00:00 +0200 (Fri, 24 Apr 2015)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3235.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"openjdk-7 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy),\nthese problems have been fixed in version 7u79-2.5.5-1~deb7u1.\n\nFor the upcoming stable distribution (jessie), these problems will be\nfixed soon in version 7u79-2.5.5-1~deb8u1 (the update will be available\nshortly after the final jessie release).\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7u79-2.5.5-1.\n\nWe recommend that you upgrade your openjdk-7 packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been\ndiscovered in OpenJDK, an implementation of the Oracle Java platform, resulting\nin the execution of arbitrary code, breakouts of the Java sandbox, information\ndisclosure or denial of service.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"icedtea-7-jre-cacao:amd64\", ver:\"7u79-2.5.5-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedtea-7-jre-cacao:i386\", ver:\"7u79-2.5.5-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedtea-7-jre-jamvm:amd64\", ver:\"7u79-2.5.5-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedtea-7-jre-jamvm:i386\", ver:\"7u79-2.5.5-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-7-dbg:amd64\", ver:\"7u79-2.5.5-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-7-dbg:i386\", ver:\"7u79-2.5.5-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-7-demo\", ver:\"7u79-2.5.5-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-7-doc\", ver:\"7u79-2.5.5-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-7-jdk:amd64\", ver:\"7u79-2.5.5-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-7-jdk:i386\", ver:\"7u79-2.5.5-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-7-jre:amd64\", ver:\"7u79-2.5.5-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-7-jre:i386\", ver:\"7u79-2.5.5-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-7-jre-headless:amd64\", ver:\"7u79-2.5.5-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-7-jre-headless:i386\", ver:\"7u79-2.5.5-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-7-jre-lib\", ver:\"7u79-2.5.5-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-7-jre-zero:amd64\", ver:\"7u79-2.5.5-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-7-jre-zero:i386\", ver:\"7u79-2.5.5-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openjdk-7-source\", ver:\"7u79-2.5.5-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-04-22T00:00:00", "id": "OPENVAS:1361412562310842172", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842172", "type": "openvas", "title": "Ubuntu Update for openjdk-7 USN-2574-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for openjdk-7 USN-2574-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842172\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-22 07:23:01 +0200 (Wed, 22 Apr 2015)\");\n script_cve_id(\"CVE-2015-0460\", \"CVE-2015-0469\", \"CVE-2015-0480\", \"CVE-2015-0478\",\n \"CVE-2015-0477\", \"CVE-2015-0488\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for openjdk-7 USN-2574-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openjdk-7'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Several vulnerabilities were discovered\nin the OpenJDK JRE related to information disclosure, data integrity and\navailability. An attacker could exploit these to cause a denial of service\nor expose sensitive data over the network. (CVE-2015-0460, CVE-2015-0469)\n\nAlexander Cherepanov discovered that OpenJDK JRE was vulnerable to\ndirectory traversal issues with respect to handling jar files. An\nattacker could use this to expose sensitive data. (CVE-2015-0480)\n\nFlorian Weimer discovered that the RSA implementation in the JCE\ncomponent in OpenJDK JRE did not follow recommended practices for\nimplementing RSA signatures. An attacker could use this to expose\nsensitive data. (CVE-2015-0478)\n\nA vulnerability was discovered in the OpenJDK JRE related to data\nintegrity. An attacker could exploit this expose sensitive data over\nthe network. (CVE-2015-0477)\n\nA vulnerability was discovered in the OpenJDK JRE related to\navailability. An attacker could exploit these to cause a denial\nof service. (CVE-2015-0488)\");\n script_tag(name:\"affected\", value:\"openjdk-7 on Ubuntu 14.10,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2574-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2574-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-7-jre-jamvm:amd64\", ver:\"7u79-2.5.5-0ubuntu0.14.10.2\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-7-jre-jamvm:i386\", ver:\"7u79-2.5.5-0ubuntu0.14.10.2\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-demo\", ver:\"7u79-2.5.5-0ubuntu0.14.10.2\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-doc\", ver:\"7u79-2.5.5-0ubuntu0.14.10.2\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jdk:amd64\", ver:\"7u79-2.5.5-0ubuntu0.14.10.2\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jdk:i386\", ver:\"7u79-2.5.5-0ubuntu0.14.10.2\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre:amd64\", ver:\"7u79-2.5.5-0ubuntu0.14.10.2\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre:i386\", ver:\"7u79-2.5.5-0ubuntu0.14.10.2\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-headless:amd64\", ver:\"7u79-2.5.5-0ubuntu0.14.10.2\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-headless:i386\", ver:\"7u79-2.5.5-0ubuntu0.14.10.2\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-lib\", ver:\"7u79-2.5.5-0ubuntu0.14.10.2\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-zero:amd64\", ver:\"7u79-2.5.5-0ubuntu0.14.10.2\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-zero:i386\", ver:\"7u79-2.5.5-0ubuntu0.14.10.2\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-source\", ver:\"7u79-2.5.5-0ubuntu0.14.10.2\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-7-jre-jamvm:amd64\", ver:\"7u79-2.5.5-0ubuntu0.14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-7-jre-jamvm:i386\", ver:\"7u79-2.5.5-0ubuntu0.14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-demo\", ver:\"7u79-2.5.5-0ubuntu0.14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-doc\", ver:\"7u79-2.5.5-0ubuntu0.14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jdk:amd64\", ver:\"7u79-2.5.5-0ubuntu0.14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jdk:i386\", ver:\"7u79-2.5.5-0ubuntu0.14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre:amd64\", ver:\"7u79-2.5.5-0ubuntu0.14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre:i386\", ver:\"7u79-2.5.5-0ubuntu0.14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-headless:amd64\", ver:\"7u79-2.5.5-0ubuntu0.14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-headless:i386\", ver:\"7u79-2.5.5-0ubuntu0.14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-lib\", ver:\"7u79-2.5.5-0ubuntu0.14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-zero:amd64\", ver:\"7u79-2.5.5-0ubuntu0.14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-zero:i386\", ver:\"7u79-2.5.5-0ubuntu0.14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-source\", ver:\"7u79-2.5.5-0ubuntu0.14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:24:48", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0484", "CVE-2015-0492", "CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0458", "CVE-2015-0459", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0470", "CVE-2015-0480", "CVE-2015-0486", "CVE-2015-0491"], "description": "OpenJDK was updated to jdk8u45-b14 to fix security issues and bugs.\n\n The following vulnerabilities were fixed:\n\n * CVE-2015-0458: Deployment: unauthenticated remote attackers could\n execute arbitrary code via multiple protocols.\n * CVE-2015-0459: 2D: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols.\n * CVE-2015-0460: Hotspot: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols.\n * CVE-2015-0469: 2D: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols.\n * CVE-2015-0470: Hotspot: unauthenticated remote attackers could update,\n insert or delete some JAVA accessible data via multiple protocols\n * CVE-2015-0477: Beans: unauthenticated remote attackers could update,\n insert or delete some JAVA accessible data via multiple protocols\n * CVE-2015-0478: JCE: unauthenticated remote attackers could read some\n JAVA accessible data via multiple protocols\n * CVE-2015-0480: Tools: unauthenticated remote attackers could update,\n insert or delete some JAVA accessible data via multiple protocols and\n cause a partial denial of service (partial DOS)\n * CVE-2015-0484: JavaFX: unauthenticated remote attackers could read,\n update, insert or delete access some Java accessible data via multiple\n protocols and cause a partial denial of service (partial DOS).\n * CVE-2015-0486: Deployment: unauthenticated remote attackers could read\n some JAVA accessible data via multiple protocols\n * CVE-2015-0488: JSSE: unauthenticated remote attackers could cause a\n partial denial of service (partial DOS).\n * CVE-2015-0491: 2D: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols.\n * CVE-2015-0492: JavaFX: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols.\n\n", "edition": 1, "modified": "2015-04-27T13:05:39", "published": "2015-04-27T13:05:39", "id": "OPENSUSE-SU-2015:0773-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html", "type": "suse", "title": "Security update for java-1_8_0-openjdk (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:47:49", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0484", "CVE-2015-0492", "CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0458", "CVE-2015-0459", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480", "CVE-2015-0491"], "description": "OpenJDK was updated to version 2.5.5 - OpenJDK 7u79 to fix security issues\n and bugs.\n\n The following vulnerabilities have been fixed:\n\n * CVE-2015-0458: Deployment: unauthenticated remote attackers could\n execute arbitrary code via multiple protocols.\n * CVE-2015-0459: 2D: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols.\n * CVE-2015-0460: Hotspot: unauthenticated remote attackers could\n execute arbitrary code via multiple protocols.\n * CVE-2015-0469: 2D: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols.\n * CVE-2015-0477: Beans: unauthenticated remote attackers could update,\n insert or delete some JAVA accessible data via multiple protocols\n * CVE-2015-0478: JCE: unauthenticated remote attackers could read some\n JAVA accessible data via multiple protocols\n * CVE-2015-0480: Tools: unauthenticated remote attackers could update,\n insert or delete some JAVA accessible data via multiple protocols\n and cause a partial denial of service (partial DOS)\n * CVE-2015-0484: JavaFX: unauthenticated remote attackers could read,\n update, insert or delete access some Java accessible data via\n multiple protocols and cause a partial denial of service (partial\n DOS).\n * CVE-2015-0488: JSSE: unauthenticated remote attackers could cause a\n partial denial of service (partial DOS).\n * CVE-2015-0491: 2D: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols.\n * CVE-2015-0492: JavaFX: unauthenticated remote attackers could\n execute arbitrary code via multiple protocols.\n\n Security Issues:\n\n * CVE-2015-0458\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0458\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0458</a>&gt;\n * CVE-2015-0459\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0459\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0459</a>&gt;\n * CVE-2015-0460\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0460\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0460</a>&gt;\n * CVE-2015-0469\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469</a>&gt;\n * CVE-2015-0477\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477</a>&gt;\n * CVE-2015-0478\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478</a>&gt;\n * CVE-2015-0480\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480</a>&gt;\n * CVE-2015-0484\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0484\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0484</a>&gt;\n * CVE-2015-0488\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488</a>&gt;\n * CVE-2015-0491\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0491\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0491</a>&gt;\n * CVE-2015-0492\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0492\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0492</a>&gt;\n\n", "edition": 1, "modified": "2015-05-07T21:04:54", "published": "2015-05-07T21:04:54", "id": "SUSE-SU-2015:0833-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html", "type": "suse", "title": "Security update for java-1_7_0-openjdk (critical)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:17:56", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0484", "CVE-2015-0492", "CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0458", "CVE-2015-0459", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480", "CVE-2015-0491"], "description": "OpenJDK was updated to 2.5.5 - OpenJdk 7u79 to fix security issues and\n bugs:\n\n The following vulnerabilities were fixed:\n\n * CVE-2015-0458: Deployment: unauthenticated remote attackers could\n execute arbitrary code via multiple protocols.\n * CVE-2015-0459: 2D: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols.\n * CVE-2015-0460: Hotspot: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols.\n * CVE-2015-0469: 2D: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols.\n * CVE-2015-0477: Beans: unauthenticated remote attackers could update,\n insert or delete some JAVA accessible data via multiple protocols\n * CVE-2015-0478: JCE: unauthenticated remote attackers could read some\n JAVA accessible data via multiple protocols\n * CVE-2015-0480: Tools: unauthenticated remote attackers could update,\n insert or delete some JAVA accessible data via multiple protocols and\n cause a partial denial of service (partial DOS)\n * CVE-2015-0484: JavaFX: unauthenticated remote attackers could read,\n update, insert or delete access some Java accessible data via multiple\n protocols and cause a partial denial of service (partial DOS).\n * CVE-2015-0488: JSSE: unauthenticated remote attackers could cause a\n partial denial of service (partial DOS).\n * CVE-2015-0491: 2D: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols.\n * CVE-2015-0492: JavaFX: unauthenticated remote attackers could execute\n arbitrary code via multiple protocols.\n\n", "edition": 1, "modified": "2015-04-27T13:05:55", "published": "2015-04-27T13:05:55", "id": "OPENSUSE-SU-2015:0774-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html", "title": "Security update for java-1_7_0-openjdk (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "f5": [{"lastseen": "2019-03-21T18:29:01", "bulletinFamily": "software", "cvelist": ["CVE-2015-0484", "CVE-2015-0492", "CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0458", "CVE-2015-0459", "CVE-2015-0460", "CVE-2015-0470", "CVE-2015-0480", "CVE-2015-0486", "CVE-2015-0491"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 11.4.0 - 11.6.0| Not vulnerable| None \nBIG-IP AFM| None| 11.3.0 - 11.6.0| Not vulnerable| None \nBIG-IP Analytics| None| 11.0.0 - 11.6.0| Not vulnerable| None \nBIG-IP APM| None| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 11.3.0 - 11.6.0| Not vulnerable| None \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.0.0 - 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 \n| Not vulnerable| None \n \n**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the **Severity** value. Security Advisory articles published before this date do not list a **Severity** value.\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "edition": 1, "modified": "2017-04-06T16:51:00", "published": "2015-08-13T02:14:00", "id": "F5:K17125", "href": "https://support.f5.com/csp/article/K17125", "title": "Multiple Java vulnerabilities", "type": "f5", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-11-09T00:09:33", "bulletinFamily": "software", "cvelist": ["CVE-2015-0484", "CVE-2015-0492", "CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0458", "CVE-2015-0459", "CVE-2015-0460", "CVE-2015-0470", "CVE-2015-0480", "CVE-2015-0486", "CVE-2015-0491"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2016-07-25T00:00:00", "published": "2015-08-12T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/17000/100/sol17125.html", "id": "SOL17125", "title": "SOL17125 - Multiple Java vulnerabilities", "type": "f5", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-03-21T18:28:44", "bulletinFamily": "software", "cvelist": ["CVE-2015-0478", "CVE-2015-0488"], "description": "\nF5 Product Development has assigned IDs 519664 and 519668 (BIG-IP) and INSTALLER-1350 (Traffix SDC) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 11.4.0 - 11.6.0| Not vulnerable| None \nBIG-IP AFM| None| 11.3.0 - 11.6.0| Not vulnerable| None \nBIG-IP Analytics| None| 11.0.0 - 11.6.0| Not vulnerable| None \nBIG-IP APM| None| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 11.3.0 - 11.6.0| Not vulnerable| None \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.0.0 - 3.1.1 \n2.1.0 - 2.3.0| Not vulnerable| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| 3.3.2 - 4.4.0| None| Low| JDK \nBIG-IP Edge Clients for Android| None| 2.0.0 - 2.0.6| Not vulnerable| None \nBIG-IP Edge Clients for Apple iOS| None| 2.0.0 - 2.0.4 \n1.0.5 - 1.0.6| Not vulnerable| None \nBIG-IP Edge Clients for Linux| None| 6035.x - 7110.x| Not vulnerable| None \nBIG-IP Edge Clients for MAC OS X| None| 6035.x - 7110.x| Not vulnerable| None \nBIG-IP Edge Clients for Windows| None| 6035.x - 7110.x| Not vulnerable| None \nBIG-IP Edge Clients Windows Phone 8.1| None| 1.0.0.x| Not vulnerable| None \nBIG-IP Edge Portal for Android| None| 1.0.0 - 1.0.2| Not vulnerable| None \nBIG-IP Edge Portal for Apple iOS| None| 1.0.0 - 1.0.3| Not vulnerable| None \n \n**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the** Severity **value. Security Advisory articles published before this date do not list a **Severity **value.\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n", "edition": 1, "modified": "2017-04-06T16:51:00", "published": "2015-08-25T00:49:00", "id": "F5:K17136", "href": "https://support.f5.com/csp/article/K17136", "title": "Java and JRockit vulnerabilities CVE-2015-0478 and CVE-2015-0488", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:23:27", "bulletinFamily": "software", "cvelist": ["CVE-2015-0478", "CVE-2015-0488"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n", "modified": "2016-07-25T00:00:00", "published": "2015-08-24T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/17000/100/sol17136.html", "id": "SOL17136", "title": "SOL17136 - Java and JRockit vulnerabilities CVE-2015-0478 and CVE-2015-0488", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "redhat": [{"lastseen": "2019-08-13T18:47:08", "bulletinFamily": "unix", "cvelist": ["CVE-2005-1080", "CVE-2015-0458", "CVE-2015-0459", "CVE-2015-0460", "CVE-2015-0469", "CVE-2015-0470", "CVE-2015-0477", "CVE-2015-0478", "CVE-2015-0480", "CVE-2015-0484", "CVE-2015-0486", "CVE-2015-0488", "CVE-2015-0491", "CVE-2015-0492"], "description": "Oracle Java SE version 8 includes the Oracle Java Runtime Environment and\nthe Oracle Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the Oracle Java Runtime\nEnvironment and the Oracle Java Software Development Kit. Further\ninformation about these flaws can be found on the Oracle Java SE Critical\nPatch Update Advisory page, listed in the References section.\n(CVE-2005-1080, CVE-2015-0458, CVE-2015-0459, CVE-2015-0460, CVE-2015-0469,\nCVE-2015-0470, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0484,\nCVE-2015-0486, CVE-2015-0488, CVE-2015-0491, CVE-2015-0492)\n\nThe CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nAll users of java-1.8.0-oracle are advised to upgrade to these updated\npackages, which provide Oracle Java 8 Update 45 and resolve these issues.\nAll running instances of Oracle Java must be restarted for the update to\ntake effect.", "modified": "2018-06-07T18:20:30", "published": "2015-04-17T13:51:55", "id": "RHSA-2015:0854", "href": "https://access.redhat.com/errata/RHSA-2015:0854", "type": "redhat", "title": "(RHSA-2015:0854) Critical: java-1.8.0-oracle security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:26", "bulletinFamily": "unix", "cvelist": ["CVE-2005-1080", "CVE-2015-0458", "CVE-2015-0459", "CVE-2015-0460", "CVE-2015-0469", "CVE-2015-0477", "CVE-2015-0478", "CVE-2015-0480", "CVE-2015-0484", "CVE-2015-0488", "CVE-2015-0491", "CVE-2015-0492"], "description": "Oracle Java SE version 7 includes the Oracle Java Runtime Environment and\nthe Oracle Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the Oracle Java Runtime\nEnvironment and the Oracle Java Software Development Kit. Further\ninformation about these flaws can be found on the Oracle Java SE Critical\nPatch Update Advisory page, listed in the References section.\n(CVE-2005-1080, CVE-2015-0458, CVE-2015-0459, CVE-2015-0460, CVE-2015-0469,\nCVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0484, CVE-2015-0488,\nCVE-2015-0491, CVE-2015-0492)\n\nThe CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nAll users of java-1.7.0-oracle are advised to upgrade to these updated\npackages, which provide Oracle Java 7 Update 79 and resolve these issues.\nAll running instances of Oracle Java must be restarted for the update to\ntake effect.", "modified": "2018-06-07T18:20:33", "published": "2015-04-20T17:52:00", "id": "RHSA-2015:0857", "href": "https://access.redhat.com/errata/RHSA-2015:0857", "type": "redhat", "title": "(RHSA-2015:0857) Critical: java-1.7.0-oracle security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:47", "bulletinFamily": "unix", "cvelist": ["CVE-2005-1080", "CVE-2015-0458", "CVE-2015-0459", "CVE-2015-0460", "CVE-2015-0469", "CVE-2015-0477", "CVE-2015-0478", "CVE-2015-0480", "CVE-2015-0488", "CVE-2015-0491"], "description": "Oracle Java SE version 6 includes the Oracle Java Runtime Environment and\nthe Oracle Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the Oracle Java Runtime\nEnvironment and the Oracle Java Software Development Kit. Further\ninformation about these flaws can be found on the Oracle Java SE Critical\nPatch Update Advisory page, listed in the References section.\n(CVE-2005-1080, CVE-2015-0458, CVE-2015-0459, CVE-2015-0460, CVE-2015-0469,\nCVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488, CVE-2015-0491)\n\nThe CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nAll users of java-1.6.0-sun are advised to upgrade to these updated\npackages, which provide Oracle Java 6 Update 95 and resolve these issues.\nAll running instances of Oracle Java must be restarted for the update to\ntake effect.", "modified": "2018-06-07T18:20:32", "published": "2015-04-20T18:05:19", "id": "RHSA-2015:0858", "href": "https://access.redhat.com/errata/RHSA-2015:0858", "type": "redhat", "title": "(RHSA-2015:0858) Important: java-1.6.0-sun security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:24", "bulletinFamily": "unix", "cvelist": ["CVE-2005-1080", "CVE-2015-0460", "CVE-2015-0469", "CVE-2015-0470", "CVE-2015-0477", "CVE-2015-0478", "CVE-2015-0480", "CVE-2015-0488"], "description": "The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime\nEnvironment and the OpenJDK 8 Java Software Development Kit.\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the font\nparsing code in the 2D component in OpenJDK. A specially crafted font file\ncould possibly cause the Java Virtual Machine to execute arbitrary code,\nallowing an untrusted Java application or applet to bypass Java sandbox\nrestrictions. (CVE-2015-0469)\n\nA flaw was found in the way the Hotspot component in OpenJDK handled\nphantom references. An untrusted Java application or applet could use this\nflaw to corrupt the Java Virtual Machine memory and, possibly, execute\narbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460)\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509\ncertificate options. A specially crafted certificate could cause JSSE to\nraise an exception, possibly causing an application using JSSE to exit\nunexpectedly. (CVE-2015-0488)\n\nMultiple flaws were discovered in the Beans and Hotspot components in\nOpenJDK. An untrusted Java application or applet could use these flaws to\nbypass certain Java sandbox restrictions. (CVE-2015-0477, CVE-2015-0470)\n\nA directory traversal flaw was found in the way the jar tool extracted JAR\narchive files. A specially crafted JAR archive could cause jar to overwrite\narbitrary files writable by the user running jar when the archive was\nextracted. (CVE-2005-1080, CVE-2015-0480)\n\nIt was found that the RSA implementation in the JCE component in OpenJDK\ndid not follow recommended practices for implementing RSA signatures.\n(CVE-2015-0478)\n\nThe CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nAll users of java-1.8.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "modified": "2018-06-06T20:24:37", "published": "2015-04-14T04:00:00", "id": "RHSA-2015:0809", "href": "https://access.redhat.com/errata/RHSA-2015:0809", "type": "redhat", "title": "(RHSA-2015:0809) Important: java-1.8.0-openjdk security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:59", "bulletinFamily": "unix", "cvelist": ["CVE-2005-1080", "CVE-2015-0460", "CVE-2015-0469", "CVE-2015-0477", "CVE-2015-0478", "CVE-2015-0480", "CVE-2015-0488"], "description": "The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime\nEnvironment and the OpenJDK 6 Java Software Development Kit.\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the font\nparsing code in the 2D component in OpenJDK. A specially crafted font file\ncould possibly cause the Java Virtual Machine to execute arbitrary code,\nallowing an untrusted Java application or applet to bypass Java sandbox\nrestrictions. (CVE-2015-0469)\n\nA flaw was found in the way the Hotspot component in OpenJDK handled\nphantom references. An untrusted Java application or applet could use this\nflaw to corrupt the Java Virtual Machine memory and, possibly, execute\narbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460)\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509\ncertificate options. A specially crafted certificate could cause JSSE to\nraise an exception, possibly causing an application using JSSE to exit\nunexpectedly. (CVE-2015-0488)\n\nA flaw was discovered in the Beans component in OpenJDK. An untrusted Java\napplication or applet could use this flaw to bypass certain Java sandbox\nrestrictions. (CVE-2015-0477)\n\nA directory traversal flaw was found in the way the jar tool extracted JAR\narchive files. A specially crafted JAR archive could cause jar to overwrite\narbitrary files writable by the user running jar when the archive was\nextracted. (CVE-2005-1080, CVE-2015-0480)\n\nIt was found that the RSA implementation in the JCE component in OpenJDK\ndid not follow recommended practices for implementing RSA signatures.\n(CVE-2015-0478)\n\nThe CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "modified": "2018-06-06T20:24:28", "published": "2015-04-14T04:00:00", "id": "RHSA-2015:0808", "href": "https://access.redhat.com/errata/RHSA-2015:0808", "type": "redhat", "title": "(RHSA-2015:0808) Important: java-1.6.0-openjdk security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:47:13", "bulletinFamily": "unix", "cvelist": ["CVE-2005-1080", "CVE-2015-0460", "CVE-2015-0469", "CVE-2015-0477", "CVE-2015-0478", "CVE-2015-0480", "CVE-2015-0488"], "description": "The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the font\nparsing code in the 2D component in OpenJDK. A specially crafted font file\ncould possibly cause the Java Virtual Machine to execute arbitrary code,\nallowing an untrusted Java application or applet to bypass Java sandbox\nrestrictions. (CVE-2015-0469)\n\nA flaw was found in the way the Hotspot component in OpenJDK handled\nphantom references. An untrusted Java application or applet could use this\nflaw to corrupt the Java Virtual Machine memory and, possibly, execute\narbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460)\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509\ncertificate options. A specially crafted certificate could cause JSSE to\nraise an exception, possibly causing an application using JSSE to exit\nunexpectedly. (CVE-2015-0488)\n\nA flaw was discovered in the Beans component in OpenJDK. An untrusted Java\napplication or applet could use this flaw to bypass certain Java sandbox\nrestrictions. (CVE-2015-0477)\n\nA directory traversal flaw was found in the way the jar tool extracted JAR\narchive files. A specially crafted JAR archive could cause jar to overwrite\narbitrary files writable by the user running jar when the archive was\nextracted. (CVE-2005-1080, CVE-2015-0480)\n\nIt was found that the RSA implementation in the JCE component in OpenJDK\ndid not follow recommended practices for implementing RSA signatures.\n(CVE-2015-0478)\n\nThe CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nNote: If the web browser plug-in provided by the icedtea-web package was\ninstalled, the issues exposed via Java applets could have been exploited\nwithout user interaction if a user visited a malicious website.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "modified": "2018-06-06T20:24:13", "published": "2015-04-14T04:00:00", "id": "RHSA-2015:0806", "href": "https://access.redhat.com/errata/RHSA-2015:0806", "type": "redhat", "title": "(RHSA-2015:0806) Critical: java-1.7.0-openjdk security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:44", "bulletinFamily": "unix", "cvelist": ["CVE-2005-1080", "CVE-2015-0460", "CVE-2015-0469", "CVE-2015-0477", "CVE-2015-0478", "CVE-2015-0480", "CVE-2015-0488"], "description": "The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the font\nparsing code in the 2D component in OpenJDK. A specially crafted font file\ncould possibly cause the Java Virtual Machine to execute arbitrary code,\nallowing an untrusted Java application or applet to bypass Java sandbox\nrestrictions. (CVE-2015-0469)\n\nA flaw was found in the way the Hotspot component in OpenJDK handled\nphantom references. An untrusted Java application or applet could use this\nflaw to corrupt the Java Virtual Machine memory and, possibly, execute\narbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460)\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509\ncertificate options. A specially crafted certificate could cause JSSE to\nraise an exception, possibly causing an application using JSSE to exit\nunexpectedly. (CVE-2015-0488)\n\nA flaw was discovered in the Beans component in OpenJDK. An untrusted Java\napplication or applet could use this flaw to bypass certain Java sandbox\nrestrictions. (CVE-2015-0477)\n\nA directory traversal flaw was found in the way the jar tool extracted JAR\narchive files. A specially crafted JAR archive could cause jar to overwrite\narbitrary files writable by the user running jar when the archive was\nextracted. (CVE-2005-1080, CVE-2015-0480)\n\nIt was found that the RSA implementation in the JCE component in OpenJDK\ndid not follow recommended practices for implementing RSA signatures.\n(CVE-2015-0478)\n\nThe CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "modified": "2017-09-08T11:51:48", "published": "2015-04-14T04:00:00", "id": "RHSA-2015:0807", "href": "https://access.redhat.com/errata/RHSA-2015:0807", "type": "redhat", "title": "(RHSA-2015:0807) Important: java-1.7.0-openjdk security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-11-11T13:28:32", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0470", "CVE-2015-0480"], "description": "Package : openjdk-6\nVersion : 6b35-1.13.7-1~deb6u1\nCVE ID : CVE-2015-0460 CVE-2015-0469 CVE-2015-0470 CVE-2015-0477 \n CVE-2015-0478 CVE-2015-0480 CVE-2015-0488\n\nSeveral vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, breakouts of the Java sandbox, information\ndisclosure or denial of service.\n\nFor Debian 6 \u201cSqueeze\u201d, these problems have been fixed in version\n6b35-1.13.7-1~deb6u1.\n\nWe recommend that you upgrade your openjdk-6 packages.\n\n-- \nRapha\u00ebl Hertzog \u25c8 Debian Developer\n\nSupport Debian LTS: http://www.freexian.com/services/debian-lts.html\nLearn to master Debian: http://debian-handbook.info/get/\n", "edition": 7, "modified": "2015-04-30T13:41:18", "published": "2015-04-30T13:41:18", "id": "DEBIAN:DLA-213-1:9AD21", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201504/msg00027.html", "title": "[SECURITY] [DLA 213-1] openjdk-6 security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-12T00:47:33", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0470", "CVE-2015-0480"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3235-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nApril 24, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openjdk-7\nCVE ID : CVE-2015-0460 CVE-2015-0469 CVE-2015-0470 CVE-2015-0477 \n CVE-2015-0478 CVE-2015-0480 CVE-2015-0488\n\nSeveral vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, breakouts of the Java sandbox, information disclosure\nor denial of service.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 7u79-2.5.5-1~deb7u1.\n\nFor the upcoming stable distribution (jessie), these problems will be\nfixed soon in version 7u79-2.5.5-1~deb8u1 (the update will be available\nshortly after the final jessie release).\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7u79-2.5.5-1.\n\nWe recommend that you upgrade your openjdk-7 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 11, "modified": "2015-04-24T18:41:40", "published": "2015-04-24T18:41:40", "id": "DEBIAN:DSA-3235-1:44FE6", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00123.html", "title": "[SECURITY] [DSA 3235-1] openjdk-7 security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:22:19", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0470", "CVE-2015-0480"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3234-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nApril 24, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openjdk-6\nCVE ID : CVE-2015-0460 CVE-2015-0469 CVE-2015-0470 CVE-2015-0477 \n CVE-2015-0478 CVE-2015-0480 CVE-2015-0488\n\nSeveral vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, breakouts of the Java sandbox, information disclosure\nor denial of service.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 6b35-1.13.7-1~deb7u1.\n\nWe recommend that you upgrade your openjdk-6 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2015-04-24T18:40:07", "published": "2015-04-24T18:40:07", "id": "DEBIAN:DSA-3234-1:1ADBC", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00122.html", "title": "[SECURITY] [DSA 3234-1] openjdk-6 security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:37:32", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480"], "description": "Several vulnerabilities were discovered in the OpenJDK JRE related to \ninformation disclosure, data integrity and availability. An attacker \ncould exploit these to cause a denial of service or expose sensitive \ndata over the network. (CVE-2015-0460, CVE-2015-0469)\n\nAlexander Cherepanov discovered that OpenJDK JRE was vulnerable to \ndirectory traversal issues with respect to handling jar files. An \nattacker could use this to expose sensitive data. (CVE-2015-0480)\n\nFlorian Weimer discovered that the RSA implementation in the JCE \ncomponent in OpenJDK JRE did not follow recommended practices for \nimplementing RSA signatures. An attacker could use this to expose \nsensitive data. (CVE-2015-0478)\n\nA vulnerability was discovered in the OpenJDK JRE related to data \nintegrity. An attacker could exploit this expose sensitive data over \nthe network. (CVE-2015-0477)\n\nA vulnerability was discovered in the OpenJDK JRE related to \navailability. An attacker could exploit these to cause a denial \nof service. (CVE-2015-0488)", "edition": 5, "modified": "2015-04-21T00:00:00", "published": "2015-04-21T00:00:00", "id": "USN-2574-1", "href": "https://ubuntu.com/security/notices/USN-2574-1", "title": "OpenJDK 7 vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:41:28", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480"], "description": "Several vulnerabilities were discovered in the OpenJDK JRE related to \ninformation disclosure, data integrity and availability. An attacker \ncould exploit these to cause a denial of service or expose sensitive \ndata over the network. (CVE-2015-0460, CVE-2015-0469)\n\nAlexander Cherepanov discovered that OpenJDK JRE was vulnerable to \ndirectory traversal issues with respect to handling jar files. An \nattacker could use this to expose sensitive data. (CVE-2015-0480)\n\nFlorian Weimer discovered that the RSA implementation in the JCE \ncomponent in OpenJDK JRE did not follow recommended practices for \nimplementing RSA signatures. An attacker could use this to expose \nsensitive data. (CVE-2015-0478)\n\nA vulnerability was discovered in the OpenJDK JRE related to data \nintegrity. An attacker could exploit this expose sensitive data over \nthe network. (CVE-2015-0477)\n\nA vulnerability was discovered in the OpenJDK JRE related to \navailability. An attacker could exploit these to cause a denial \nof service. (CVE-2015-0488)", "edition": 5, "modified": "2015-04-21T00:00:00", "published": "2015-04-21T00:00:00", "id": "USN-2573-1", "href": "https://ubuntu.com/security/notices/USN-2573-1", "title": "OpenJDK 6 vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2020-11-10T12:37:31", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0470", "CVE-2015-0480"], "description": "**Issue Overview:**\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. ([CVE-2015-0469 __](<https://access.redhat.com/security/cve/CVE-2015-0469>))\n\nA flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. ([CVE-2015-0460 __](<https://access.redhat.com/security/cve/CVE-2015-0460>))\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. ([CVE-2015-0488 __](<https://access.redhat.com/security/cve/CVE-2015-0488>))\n\nMultiple flaws were discovered in the Beans and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. ([CVE-2015-0477 __](<https://access.redhat.com/security/cve/CVE-2015-0477>), [CVE-2015-0470 __](<https://access.redhat.com/security/cve/CVE-2015-0470>))\n\nA directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. ([CVE-2005-1080 __](<https://access.redhat.com/security/cve/CVE-2005-1080>), [CVE-2015-0480 __](<https://access.redhat.com/security/cve/CVE-2015-0480>))\n\nIt was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. ([CVE-2015-0478 __](<https://access.redhat.com/security/cve/CVE-2015-0478>)) \n\n\n \n**Affected Packages:** \n\n\njava-1.8.0-openjdk\n\n \n**Issue Correction:** \nRun _yum update java-1.8.0-openjdk_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n java-1.8.0-openjdk-debuginfo-1.8.0.45-30.b13.5.amzn1.i686 \n java-1.8.0-openjdk-headless-1.8.0.45-30.b13.5.amzn1.i686 \n java-1.8.0-openjdk-src-1.8.0.45-30.b13.5.amzn1.i686 \n java-1.8.0-openjdk-1.8.0.45-30.b13.5.amzn1.i686 \n java-1.8.0-openjdk-demo-1.8.0.45-30.b13.5.amzn1.i686 \n java-1.8.0-openjdk-devel-1.8.0.45-30.b13.5.amzn1.i686 \n \n noarch: \n java-1.8.0-openjdk-javadoc-1.8.0.45-30.b13.5.amzn1.noarch \n \n src: \n java-1.8.0-openjdk-1.8.0.45-30.b13.5.amzn1.src \n \n x86_64: \n java-1.8.0-openjdk-devel-1.8.0.45-30.b13.5.amzn1.x86_64 \n java-1.8.0-openjdk-demo-1.8.0.45-30.b13.5.amzn1.x86_64 \n java-1.8.0-openjdk-1.8.0.45-30.b13.5.amzn1.x86_64 \n java-1.8.0-openjdk-debuginfo-1.8.0.45-30.b13.5.amzn1.x86_64 \n java-1.8.0-openjdk-src-1.8.0.45-30.b13.5.amzn1.x86_64 \n java-1.8.0-openjdk-headless-1.8.0.45-30.b13.5.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2015-05-05T15:44:00", "published": "2015-05-05T15:44:00", "id": "ALAS-2015-517", "href": "https://alas.aws.amazon.com/ALAS-2015-517.html", "title": "Important: java-1.8.0-openjdk", "type": "amazon", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-10T12:34:52", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480"], "description": "**Issue Overview:**\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. ([CVE-2015-0469 __](<https://access.redhat.com/security/cve/CVE-2015-0469>))\n\nA flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. ([CVE-2015-0460 __](<https://access.redhat.com/security/cve/CVE-2015-0460>))\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. ([CVE-2015-0488 __](<https://access.redhat.com/security/cve/CVE-2015-0488>))\n\nA flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. ([CVE-2015-0477 __](<https://access.redhat.com/security/cve/CVE-2015-0477>))\n\nA directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. ([CVE-2005-1080 __](<https://access.redhat.com/security/cve/CVE-2005-1080>), [CVE-2015-0480 __](<https://access.redhat.com/security/cve/CVE-2015-0480>))\n\nIt was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. ([CVE-2015-0478 __](<https://access.redhat.com/security/cve/CVE-2015-0478>))\n\n \n**Affected Packages:** \n\n\njava-1.6.0-openjdk\n\n \n**Issue Correction:** \nRun _yum update java-1.6.0-openjdk_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n java-1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.70.amzn1.i686 \n java-1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.70.amzn1.i686 \n java-1.6.0-openjdk-1.6.0.35-1.13.7.1.70.amzn1.i686 \n java-1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.70.amzn1.i686 \n java-1.6.0-openjdk-src-1.6.0.35-1.13.7.1.70.amzn1.i686 \n java-1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.70.amzn1.i686 \n \n src: \n java-1.6.0-openjdk-1.6.0.35-1.13.7.1.70.amzn1.src \n \n x86_64: \n java-1.6.0-openjdk-1.6.0.35-1.13.7.1.70.amzn1.x86_64 \n java-1.6.0-openjdk-debuginfo-1.6.0.35-1.13.7.1.70.amzn1.x86_64 \n java-1.6.0-openjdk-demo-1.6.0.35-1.13.7.1.70.amzn1.x86_64 \n java-1.6.0-openjdk-devel-1.6.0.35-1.13.7.1.70.amzn1.x86_64 \n java-1.6.0-openjdk-javadoc-1.6.0.35-1.13.7.1.70.amzn1.x86_64 \n java-1.6.0-openjdk-src-1.6.0.35-1.13.7.1.70.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2015-04-23T00:44:00", "published": "2015-04-23T00:44:00", "id": "ALAS-2015-515", "href": "https://alas.aws.amazon.com/ALAS-2015-515.html", "title": "Important: java-1.6.0-openjdk", "type": "amazon", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-10T12:36:26", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480"], "description": "**Issue Overview:**\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. ([CVE-2015-0469 __](<https://access.redhat.com/security/cve/CVE-2015-0469>))\n\nA flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. ([CVE-2015-0460 __](<https://access.redhat.com/security/cve/CVE-2015-0460>))\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. ([CVE-2015-0488 __](<https://access.redhat.com/security/cve/CVE-2015-0488>))\n\nA flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. ([CVE-2015-0477 __](<https://access.redhat.com/security/cve/CVE-2015-0477>))\n\nA directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. ([CVE-2005-1080 __](<https://access.redhat.com/security/cve/CVE-2005-1080>), [CVE-2015-0480 __](<https://access.redhat.com/security/cve/CVE-2015-0480>))\n\nIt was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. ([CVE-2015-0478 __](<https://access.redhat.com/security/cve/CVE-2015-0478>))\n\n \n**Affected Packages:** \n\n\njava-1.7.0-openjdk\n\n \n**Issue Correction:** \nRun _yum update java-1.7.0-openjdk_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.1.59.amzn1.i686 \n java-1.7.0-openjdk-src-1.7.0.79-2.5.5.1.59.amzn1.i686 \n java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.1.59.amzn1.i686 \n java-1.7.0-openjdk-1.7.0.79-2.5.5.1.59.amzn1.i686 \n java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.1.59.amzn1.i686 \n \n noarch: \n java-1.7.0-openjdk-javadoc-1.7.0.79-2.5.5.1.59.amzn1.noarch \n \n src: \n java-1.7.0-openjdk-1.7.0.79-2.5.5.1.59.amzn1.src \n \n x86_64: \n java-1.7.0-openjdk-demo-1.7.0.79-2.5.5.1.59.amzn1.x86_64 \n java-1.7.0-openjdk-src-1.7.0.79-2.5.5.1.59.amzn1.x86_64 \n java-1.7.0-openjdk-debuginfo-1.7.0.79-2.5.5.1.59.amzn1.x86_64 \n java-1.7.0-openjdk-1.7.0.79-2.5.5.1.59.amzn1.x86_64 \n java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.1.59.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2015-04-23T00:44:00", "published": "2015-04-23T00:44:00", "id": "ALAS-2015-516", "href": "https://alas.aws.amazon.com/ALAS-2015-516.html", "title": "Important: java-1.7.0-openjdk", "type": "amazon", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:04", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0470", "CVE-2015-0480"], "description": "[1:1.8.0.45-30.b13]\n- repacked sources\n- Resolves: RHBZ#1209076\n[1:1.8.0.45-7.b13]\n- Re-add %{name} prefix to patches to avoid conflicts with OpenJDK 7 versions.\n- Remove ppc64le test case now fix has been verified.\n- Resolves: rhbz#1194378\n[1:1.8.0.45-27.b13]\n- updated to security u45\n- minor sync with 7.2\n - generate_source_tarball.sh\n - adapted java-1.8.0-openjdk-s390-java-opts.patch and java-1.8.0-openjdk-size_t.patch\n - reworked (synced) zero patches (removed 103,11 added 204, 400-403)\n - family of 5XX patches renamed to 6XX\n - added upstreamed patch 501 and 505\n - included removeSunEcProvider-RH1154143.patch\n- returned java (jre only) provides\n- repacked policies (source20)\n- removed duplicated NVR provides\n- added automated test for priority (length7)\n- Resolves: RHBZ#1209076", "edition": 4, "modified": "2015-04-15T00:00:00", "published": "2015-04-15T00:00:00", "id": "ELSA-2015-0809", "href": "http://linux.oracle.com/errata/ELSA-2015-0809.html", "title": "java-1.8.0-openjdk security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:05", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480"], "description": "[1:1.7.0.75-2.5.5.1.0.1.el5_11]\n- Add oracle-enterprise.patch\n- Fix DISTRO_NAME to 'Oracle Linux'\n[1:1.7.0.75-2.5.5.1]\n- Repacked sources\n- Resolves: rhbz#1209069\n[1:1.7.0.79-2.5.5.0]\n- Bump to 2.5.5 using OpenJDK 7u79 b14.\n- Resolves: rhbz#1209069", "edition": 4, "modified": "2015-04-15T00:00:00", "published": "2015-04-15T00:00:00", "id": "ELSA-2015-0807", "href": "http://linux.oracle.com/errata/ELSA-2015-0807.html", "title": "java-1.7.0-openjdk security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:34", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480"], "description": "[1:1.6.0.35-1.13.7.1]\n- Repackaged source files\n- Resolves: rhbz#1209067\n[1:1.6.0.35-1.13.7.0]\n- Update to IcedTea 1.13.7\n- Regenerate add-final-location-rpaths patch so as to be less disruptive.\n- Resolves: rhbz#1209067", "edition": 4, "modified": "2015-04-15T00:00:00", "published": "2015-04-15T00:00:00", "id": "ELSA-2015-0808", "href": "http://linux.oracle.com/errata/ELSA-2015-0808.html", "title": "java-1.6.0-openjdk security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:12", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480"], "description": "[1:1.7.0.75-2.5.5.1.0.1.el7_1]\n- Update DISTRO_NAME in specfile\n[1:1.7.0.75-2.5.5.1]\n- repacked sources\n- Resolves: rhbz#1209072\n[1:1.7.0.75-2.5.5.0]\n- Bump to 2.5.5 using OpenJDK 7u79 b14.\n- Update OpenJDK tarball creation comments\n- Remove test case for RH1191652 now fix has been verified.\n- Drop AArch64 version of RH1191652 HotSpot patch as included upstream.\n- Resolves: rhbz#1209072", "edition": 4, "modified": "2015-04-15T00:00:00", "published": "2015-04-15T00:00:00", "id": "ELSA-2015-0806", "href": "http://linux.oracle.com/errata/ELSA-2015-0806.html", "title": "java-1.7.0-openjdk security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:37", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0470", "CVE-2015-0480"], "description": "- CVE-2005-1080 CVE-2015-0480 (directory traversal)\n\nA directory traversal flaw was found in the way the jar tool extracted\nJAR archive files. A specially crafted JAR archive could cause jar to\noverwrite arbitrary files writable by the user running jar when the\narchive was extracted.\n\n- CVE-2015-0460 (arbitrary code execution)\n\nA flaw was found in the way the Hotspot component in OpenJDK handled\nphantom references. An untrusted Java application or applet could use\nthis flaw to corrupt the Java Virtual Machine memory and, possibly,\nexecute arbitrary code, bypassing Java sandbox restrictions.\n\n- CVE-2015-0469 (arbitrary code execution)\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the font\nparsing code in the 2D component in OpenJDK. A specially crafted font\nfile could possibly cause the Java Virtual Machine to execute arbitrary\ncode, allowing an untrusted Java application or applet to bypass Java\nsandbox restrictions.\n\n- CVE-2015-0470 (sandbox restriction bypass)\n\nA flaw was discovered in the Hotspot component in OpenJDK. An untrusted\nJava application or applet could use these flaws to bypass certain Java\nsandbox restrictions.\n\n- CVE-2015-0477 (sandbox restriction bypass)\n\nA flaw was discovered in the Beans component in OpenJDK. An untrusted\nJava application or applet could use these flaws to bypass certain Java\nsandbox restrictions.\n\n- CVE-2015-0478 (weak implementation)\n\nIt was found that the RSA implementation in the JCE component in OpenJDK\ndid not follow recommended practices for implementing RSA signatures.\n\n- CVE-2015-0488 (denial of service)\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509\ncertificate options. A specially crafted certificate could cause JSSE to\nraise an exception, possibly causing an application using JSSE to exit\nunexpectedly.", "modified": "2015-04-17T00:00:00", "published": "2015-04-17T00:00:00", "id": "ASA-201504-23", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-April/000302.html", "type": "archlinux", "title": "jre8-openjdk-headless: multiple issues", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-02T18:44:35", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0470", "CVE-2015-0480"], "description": "- CVE-2005-1080 CVE-2015-0480 (directory traversal)\n\nA directory traversal flaw was found in the way the jar tool extracted\nJAR archive files. A specially crafted JAR archive could cause jar to\noverwrite arbitrary files writable by the user running jar when the\narchive was extracted.\n\n- CVE-2015-0460 (arbitrary code execution)\n\nA flaw was found in the way the Hotspot component in OpenJDK handled\nphantom references. An untrusted Java application or applet could use\nthis flaw to corrupt the Java Virtual Machine memory and, possibly,\nexecute arbitrary code, bypassing Java sandbox restrictions.\n\n- CVE-2015-0469 (arbitrary code execution)\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the font\nparsing code in the 2D component in OpenJDK. A specially crafted font\nfile could possibly cause the Java Virtual Machine to execute arbitrary\ncode, allowing an untrusted Java application or applet to bypass Java\nsandbox restrictions.\n\n- CVE-2015-0470 (sandbox restriction bypass)\n\nA flaw was discovered in the Hotspot component in OpenJDK. An untrusted\nJava application or applet could use these flaws to bypass certain Java\nsandbox restrictions.\n\n- CVE-2015-0477 (sandbox restriction bypass)\n\nA flaw was discovered in the Beans component in OpenJDK. An untrusted\nJava application or applet could use these flaws to bypass certain Java\nsandbox restrictions.\n\n- CVE-2015-0478 (weak implementation)\n\nIt was found that the RSA implementation in the JCE component in OpenJDK\ndid not follow recommended practices for implementing RSA signatures.\n\n- CVE-2015-0488 (denial of service)\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509\ncertificate options. A specially crafted certificate could cause JSSE to\nraise an exception, possibly causing an application using JSSE to exit\nunexpectedly.", "modified": "2015-04-17T00:00:00", "published": "2015-04-17T00:00:00", "id": "ASA-201504-21", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-April/000300.html", "type": "archlinux", "title": "jdk8-openjdk: multiple issues", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-02T18:44:43", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0470", "CVE-2015-0480"], "description": "- CVE-2005-1080 CVE-2015-0480 (directory traversal)\n\nA directory traversal flaw was found in the way the jar tool extracted\nJAR archive files. A specially crafted JAR archive could cause jar to\noverwrite arbitrary files writable by the user running jar when the\narchive was extracted.\n\n- CVE-2015-0460 (arbitrary code execution)\n\nA flaw was found in the way the Hotspot component in OpenJDK handled\nphantom references. An untrusted Java application or applet could use\nthis flaw to corrupt the Java Virtual Machine memory and, possibly,\nexecute arbitrary code, bypassing Java sandbox restrictions.\n\n- CVE-2015-0469 (arbitrary code execution)\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the font\nparsing code in the 2D component in OpenJDK. A specially crafted font\nfile could possibly cause the Java Virtual Machine to execute arbitrary\ncode, allowing an untrusted Java application or applet to bypass Java\nsandbox restrictions.\n\n- CVE-2015-0470 (sandbox restriction bypass)\n\nA flaw was discovered in the Hotspot component in OpenJDK. An untrusted\nJava application or applet could use these flaws to bypass certain Java\nsandbox restrictions.\n\n- CVE-2015-0477 (sandbox restriction bypass)\n\nA flaw was discovered in the Beans component in OpenJDK. An untrusted\nJava application or applet could use these flaws to bypass certain Java\nsandbox restrictions.\n\n- CVE-2015-0478 (weak implementation)\n\nIt was found that the RSA implementation in the JCE component in OpenJDK\ndid not follow recommended practices for implementing RSA signatures.\n\n- CVE-2015-0488 (denial of service)\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509\ncertificate options. A specially crafted certificate could cause JSSE to\nraise an exception, possibly causing an application using JSSE to exit\nunexpectedly.", "modified": "2015-04-17T00:00:00", "published": "2015-04-17T00:00:00", "id": "ASA-201504-22", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-April/000301.html", "type": "archlinux", "title": "jre8-openjdk: multiple issues", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-02T18:44:37", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480"], "description": "- CVE-2005-1080 CVE-2015-0480 (directory traversal)\n\nA directory traversal flaw was found in the way the jar tool extracted\nJAR archive files. A specially crafted JAR archive could cause jar to\noverwrite arbitrary files writable by the user running jar when the\narchive was extracted.\n\n- CVE-2015-0460 (arbitrary code execution)\n\nA flaw was found in the way the Hotspot component in OpenJDK handled\nphantom references. An untrusted Java application or applet could use\nthis flaw to corrupt the Java Virtual Machine memory and, possibly,\nexecute arbitrary code, bypassing Java sandbox restrictions.\n\n- CVE-2015-0469 (arbitrary code execution)\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the font\nparsing code in the 2D component in OpenJDK. A specially crafted font\nfile could possibly cause the Java Virtual Machine to execute arbitrary\ncode, allowing an untrusted Java application or applet to bypass Java\nsandbox restrictions.\n\n- CVE-2015-0477 (sandbox restriction bypass)\n\nA flaw was discovered in the Beans component in OpenJDK. An untrusted\nJava application or applet could use these flaws to bypass certain Java\nsandbox restrictions.\n\n- CVE-2015-0478 (weak implementation)\n\nIt was found that the RSA implementation in the JCE component in OpenJDK\ndid not follow recommended practices for implementing RSA signatures.\n\n- CVE-2015-0488 (denial of service)\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509\ncertificate options. A specially crafted certificate could cause JSSE to\nraise an exception, possibly causing an application using JSSE to exit\nunexpectedly.", "modified": "2015-04-17T00:00:00", "published": "2015-04-17T00:00:00", "id": "ASA-201504-16", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-April/000295.html", "type": "archlinux", "title": "jre7-openjdk: multiple issues", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-02T18:44:42", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480"], "description": "- CVE-2005-1080 CVE-2015-0480 (directory traversal)\n\nA directory traversal flaw was found in the way the jar tool extracted\nJAR archive files. A specially crafted JAR archive could cause jar to\noverwrite arbitrary files writable by the user running jar when the\narchive was extracted.\n\n- CVE-2015-0460 (arbitrary code execution)\n\nA flaw was found in the way the Hotspot component in OpenJDK handled\nphantom references. An untrusted Java application or applet could use\nthis flaw to corrupt the Java Virtual Machine memory and, possibly,\nexecute arbitrary code, bypassing Java sandbox restrictions.\n\n- CVE-2015-0469 (arbitrary code execution)\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the font\nparsing code in the 2D component in OpenJDK. A specially crafted font\nfile could possibly cause the Java Virtual Machine to execute arbitrary\ncode, allowing an untrusted Java application or applet to bypass Java\nsandbox restrictions.\n\n- CVE-2015-0477 (sandbox restriction bypass)\n\nA flaw was discovered in the Beans component in OpenJDK. An untrusted\nJava application or applet could use these flaws to bypass certain Java\nsandbox restrictions.\n\n- CVE-2015-0478 (weak implementation)\n\nIt was found that the RSA implementation in the JCE component in OpenJDK\ndid not follow recommended practices for implementing RSA signatures.\n\n- CVE-2015-0488 (denial of service)\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509\ncertificate options. A specially crafted certificate could cause JSSE to\nraise an exception, possibly causing an application using JSSE to exit\nunexpectedly.", "modified": "2015-04-17T00:00:00", "published": "2015-04-17T00:00:00", "id": "ASA-201504-15", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-April/000294.html", "type": "archlinux", "title": "jdk7-openjdk: multiple issues", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2019-12-20T18:28:33", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0470", "CVE-2015-0480"], "description": "**CentOS Errata and Security Advisory** CESA-2015:0809\n\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime\nEnvironment and the OpenJDK 8 Java Software Development Kit.\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the font\nparsing code in the 2D component in OpenJDK. A specially crafted font file\ncould possibly cause the Java Virtual Machine to execute arbitrary code,\nallowing an untrusted Java application or applet to bypass Java sandbox\nrestrictions. (CVE-2015-0469)\n\nA flaw was found in the way the Hotspot component in OpenJDK handled\nphantom references. An untrusted Java application or applet could use this\nflaw to corrupt the Java Virtual Machine memory and, possibly, execute\narbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460)\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509\ncertificate options. A specially crafted certificate could cause JSSE to\nraise an exception, possibly causing an application using JSSE to exit\nunexpectedly. (CVE-2015-0488)\n\nMultiple flaws were discovered in the Beans and Hotspot components in\nOpenJDK. An untrusted Java application or applet could use these flaws to\nbypass certain Java sandbox restrictions. (CVE-2015-0477, CVE-2015-0470)\n\nA directory traversal flaw was found in the way the jar tool extracted JAR\narchive files. A specially crafted JAR archive could cause jar to overwrite\narbitrary files writable by the user running jar when the archive was\nextracted. (CVE-2005-1080, CVE-2015-0480)\n\nIt was found that the RSA implementation in the JCE component in OpenJDK\ndid not follow recommended practices for implementing RSA signatures.\n(CVE-2015-0478)\n\nThe CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nAll users of java-1.8.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-April/033105.html\nhttp://lists.centos.org/pipermail/centos-announce/2015-April/033108.html\n\n**Affected packages:**\njava-1.8.0-openjdk\njava-1.8.0-openjdk-accessibility\njava-1.8.0-openjdk-demo\njava-1.8.0-openjdk-devel\njava-1.8.0-openjdk-headless\njava-1.8.0-openjdk-javadoc\njava-1.8.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0809.html", "edition": 3, "modified": "2015-04-15T11:19:16", "published": "2015-04-15T11:10:56", "href": "http://lists.centos.org/pipermail/centos-announce/2015-April/033105.html", "id": "CESA-2015:0809", "title": "java security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:27:06", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480"], "description": "**CentOS Errata and Security Advisory** CESA-2015:0806\n\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the font\nparsing code in the 2D component in OpenJDK. A specially crafted font file\ncould possibly cause the Java Virtual Machine to execute arbitrary code,\nallowing an untrusted Java application or applet to bypass Java sandbox\nrestrictions. (CVE-2015-0469)\n\nA flaw was found in the way the Hotspot component in OpenJDK handled\nphantom references. An untrusted Java application or applet could use this\nflaw to corrupt the Java Virtual Machine memory and, possibly, execute\narbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460)\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509\ncertificate options. A specially crafted certificate could cause JSSE to\nraise an exception, possibly causing an application using JSSE to exit\nunexpectedly. (CVE-2015-0488)\n\nA flaw was discovered in the Beans component in OpenJDK. An untrusted Java\napplication or applet could use this flaw to bypass certain Java sandbox\nrestrictions. (CVE-2015-0477)\n\nA directory traversal flaw was found in the way the jar tool extracted JAR\narchive files. A specially crafted JAR archive could cause jar to overwrite\narbitrary files writable by the user running jar when the archive was\nextracted. (CVE-2005-1080, CVE-2015-0480)\n\nIt was found that the RSA implementation in the JCE component in OpenJDK\ndid not follow recommended practices for implementing RSA signatures.\n(CVE-2015-0478)\n\nThe CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nNote: If the web browser plug-in provided by the icedtea-web package was\ninstalled, the issues exposed via Java applets could have been exploited\nwithout user interaction if a user visited a malicious website.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-April/033104.html\nhttp://lists.centos.org/pipermail/centos-announce/2015-April/033107.html\n\n**Affected packages:**\njava-1.7.0-openjdk\njava-1.7.0-openjdk-accessibility\njava-1.7.0-openjdk-demo\njava-1.7.0-openjdk-devel\njava-1.7.0-openjdk-headless\njava-1.7.0-openjdk-javadoc\njava-1.7.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0806.html", "edition": 3, "modified": "2015-04-15T11:16:47", "published": "2015-04-15T11:09:51", "href": "http://lists.centos.org/pipermail/centos-announce/2015-April/033104.html", "id": "CESA-2015:0806", "title": "java security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-17T03:27:49", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480"], "description": "**CentOS Errata and Security Advisory** CESA-2015:0808\n\n\nThe java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime\nEnvironment and the OpenJDK 6 Java Software Development Kit.\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the font\nparsing code in the 2D component in OpenJDK. A specially crafted font file\ncould possibly cause the Java Virtual Machine to execute arbitrary code,\nallowing an untrusted Java application or applet to bypass Java sandbox\nrestrictions. (CVE-2015-0469)\n\nA flaw was found in the way the Hotspot component in OpenJDK handled\nphantom references. An untrusted Java application or applet could use this\nflaw to corrupt the Java Virtual Machine memory and, possibly, execute\narbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460)\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509\ncertificate options. A specially crafted certificate could cause JSSE to\nraise an exception, possibly causing an application using JSSE to exit\nunexpectedly. (CVE-2015-0488)\n\nA flaw was discovered in the Beans component in OpenJDK. An untrusted Java\napplication or applet could use this flaw to bypass certain Java sandbox\nrestrictions. (CVE-2015-0477)\n\nA directory traversal flaw was found in the way the jar tool extracted JAR\narchive files. A specially crafted JAR archive could cause jar to overwrite\narbitrary files writable by the user running jar when the archive was\nextracted. (CVE-2005-1080, CVE-2015-0480)\n\nIt was found that the RSA implementation in the JCE component in OpenJDK\ndid not follow recommended practices for implementing RSA signatures.\n(CVE-2015-0478)\n\nThe CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-April/033103.html\nhttp://lists.centos.org/pipermail/centos-announce/2015-April/033106.html\nhttp://lists.centos.org/pipermail/centos-announce/2015-April/033111.html\n\n**Affected packages:**\njava-1.6.0-openjdk\njava-1.6.0-openjdk-demo\njava-1.6.0-openjdk-devel\njava-1.6.0-openjdk-javadoc\njava-1.6.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0808.html", "edition": 5, "modified": "2015-04-15T11:35:10", "published": "2015-04-15T11:08:38", "href": "http://lists.centos.org/pipermail/centos-announce/2015-April/033103.html", "id": "CESA-2015:0808", "title": "java security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:28:12", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0477", "CVE-2015-0469", "CVE-2005-1080", "CVE-2015-0478", "CVE-2015-0460", "CVE-2015-0488", "CVE-2015-0480"], "description": "**CentOS Errata and Security Advisory** CESA-2015:0807\n\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nAn off-by-one flaw, leading to a buffer overflow, was found in the font\nparsing code in the 2D component in OpenJDK. A specially crafted font file\ncould possibly cause the Java Virtual Machine to execute arbitrary code,\nallowing an untrusted Java application or applet to bypass Java sandbox\nrestrictions. (CVE-2015-0469)\n\nA flaw was found in the way the Hotspot component in OpenJDK handled\nphantom references. An untrusted Java application or applet could use this\nflaw to corrupt the Java Virtual Machine memory and, possibly, execute\narbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460)\n\nA flaw was found in the way the JSSE component in OpenJDK parsed X.509\ncertificate options. A specially crafted certificate could cause JSSE to\nraise an exception, possibly causing an application using JSSE to exit\nunexpectedly. (CVE-2015-0488)\n\nA flaw was discovered in the Beans component in OpenJDK. An untrusted Java\napplication or applet could use this flaw to bypass certain Java sandbox\nrestrictions. (CVE-2015-0477)\n\nA directory traversal flaw was found in the way the jar tool extracted JAR\narchive files. A specially crafted JAR archive could cause jar to overwrite\narbitrary files writable by the user running jar when the archive was\nextracted. (CVE-2005-1080, CVE-2015-0480)\n\nIt was found that the RSA implementation in the JCE component in OpenJDK\ndid not follow recommended practices for implementing RSA signatures.\n(CVE-2015-0478)\n\nThe CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-April/033113.html\n\n**Affected packages:**\njava-1.7.0-openjdk\njava-1.7.0-openjdk-demo\njava-1.7.0-openjdk-devel\njava-1.7.0-openjdk-javadoc\njava-1.7.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0807.html", "edition": 3, "modified": "2015-04-15T11:47:27", "published": "2015-04-15T11:47:27", "href": "http://lists.centos.org/pipermail/centos-announce/2015-April/033113.html", "id": "CESA-2015:0807", "title": "java security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "aix": [{"lastseen": "2019-05-29T19:19:13", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0138", "CVE-2015-0192", "CVE-2015-0477", "CVE-2015-0469", "CVE-2015-0458", "CVE-2015-1914", "CVE-2015-0459", "CVE-2015-2808", "CVE-2015-0478", "CVE-2015-0204", "CVE-2015-0488", "CVE-2015-0480", "CVE-2015-0486", "CVE-2015-1916", "CVE-2015-0491"], "description": "IBM SECURITY ADVISORY\n\nFirst Issued: Wed Jun 3 12:58:42 CDT 2015 \n|Updated: Wed Jun 3 16:10:11 CDT 2015\n|Update: Corrected affected fileset levels \n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/java_april2015_advisory.asc\nhttps://aix.software.ibm.com/aix/efixes/security/java_april2015_advisory.asc\nftp://aix.software.ibm.com/aix/efixes/security/java_april2015_advisory.asc\n\n \nSecurity Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX\n CVE-2015-0491 CVE-2015-0459 CVE-2015-0469 CVE-2015-0458 CVE-2015-0480\n CVE-2015-0486 CVE-2015-0488 CVE-2015-0478 CVE-2015-0477 CVE-2015-2808\n CVE-2015-1916 CVE-2015-1914 CVE-2015-0192 CVE-2015-0204\n\n\n===============================================================================\n\nSUMMARY:\n\n There are multiple vulnerabilities in IBM SDK Java Technology Edition,\n Versions 5, 6, 7, 7.1 that are used by AIX. These issues were disclosed as\n part of the IBM Java SDK updates in April 2015.\n\n This bulletin also addresses FREAK: Factoring Attack on RSA-EXPORT keys'\n SSL/TLS vulnerability and RC4 Bar Mitzvah Attack for SSL/TLS vulnerability.\n\n\n===============================================================================\n\nVULNERABILITY DETAILS:\n\n\n CVE-2015-0204 was fixed in IBM SDK, Java Technology Edition under\n CVE-2015-0138. Both CVEs are included in this advisory for completeness. \n\n CVEID: CVE-2015-0491\n DESCRIPTION: An unspecified vulnerability related to the 2D component has\n complete confidentiality impact, complete integrity impact, and\n complete availability impact.\n CVSS Base Score: 10\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/102329 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n\n CVEID: CVE-2015-0459\n DESCRIPTION: An unspecified vulnerability related to the 2D component has\n complete confidentiality impact, complete integrity impact, and\n complete availability impact.\n CVSS Base Score: 10\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/102328 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n\n CVEID: CVE-2015-0469\n DESCRIPTION: An unspecified vulnerability related to the 2D component has\n complete confidentiality impact, complete integrity impact, and\n complete availability impact.\n CVSS Base Score: 10\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/102327 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n\n CVEID: CVE-2015-0458\n DESCRIPTION: An unspecified vulnerability related to the Deployment\n component has complete confidentiality impact, complete integrity\n impact, and complete availability impact.\n CVSS Base Score: 7.6\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/102332 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C) \n\n CVEID: CVE-2015-0480\n DESCRIPTION: A directory traversal vulnerability related to the Tools\n component and the extraction of JAR archive files could allow remote\n attacker to overwrite files on the system with privileges of another\n user.\n CVSS Base Score: 5.8\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/102334 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:P) \n\n CVEID: CVE-2015-0488\n DESCRIPTION: An unspecified vulnerability related to the JSSE component\n could allow a remote attacker to cause a denial of service.\n CVSS Base Score: 5\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/102336 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n CVEID: CVE-2015-0478\n DESCRIPTION: An unspecified vulnerability related to the JCE component\n could allow a remote attacker to obtain sensitive information.\n CVSS Base Score: 4.3\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/102339 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n CVEID: CVE-2015-0477\n DESCRIPTION: An unspecified vulnerability related to the Beans component\n has no confidentiality impact, partial integrity impact, and no\n availability impact.\n CVSS Base Score: 4.3\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/102337 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n\n CVEID: CVE-2015-0204\n DESCRIPTION: A vulnerability in the OpenSSL ssl3_get_key_exchange\n function could allow a remote attacker to downgrade the security of\n certain TLS connections. An OpenSSL client accepts the use of an RSA\n temporary key in a non-export RSA key exchange ciphersuite. This\n could allow a remote attacker using man-in-the-middle techniques to\n facilitate brute-force decryption of TLS/SSL traffic between\n vulnerable clients and servers. This vulnerability is also known as\n the FREAK attack.\n CVSS Base Score: 4.3\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/99707 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n CVEID: CVE-2015-0192\n DESCRIPTION: A vulnerability in the IBM implementation of the Java\n Virtual Machine may, under limited circumstances, allow untrusted\n code running under a security manager to elevate its privileges.\n CVSS Base Score: 6.8\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/101008 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P) \n\n CVEID: CVE-2015-0486\n DESCRIPTION: An unspecified vulnerability related to the Deployment\n component could allow a remote attacker to obtain sensitive\n information.\n CVSS Base Score: 5\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/102335 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n CVEID: CVE-2015-2808\n DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL\n protocol, could allow a remote attacker to obtain sensitive\n information. An attacker could exploit this vulnerability to remotely\n expose account credentials without requiring an active\n man-in-the-middle session. Successful exploitation could allow an\n attacker to retrieve credit card data or other sensitive information.\n This vulnerability is commonly referred to as \"Bar Mitzvah Attack\".\n CVSS Base Score: 5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/101851\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n\n CVEID: CVE-2015-1916\n DESCRIPTION: Server applications which use the IBM Java Secure Socket\n Extension provider to accept SSL/TLS connections are vulnerable to a\n denial of service attack due to an unspecified vulnerability.\n CVSS Base Score: 5\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/101995 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n CVEID: CVE-2015-1914\n DESCRIPTION: A vulnerability in the IBM implementation of the Java Virtual\n Machine may allow untrusted code running under a security manager to\n bypass permission checks and view sensitive information.\n CVSS Base Score: 4.3\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/101908 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n CVEID: CVE-2015-0138\n DESCRIPTION: A vulnerability in various IBM SSL/TLS implementations could\n allow a remote attacker to downgrade the security of certain SSL/TLS\n connections. An IBM SSL/TLS client implementation could accept the use\n of an RSA temporary key in a non-export RSA key exchange ciphersuite.\n This could allow a remote attacker using man-in-the-middle techniques\n to facilitate brute-force decryption of TLS/SSL traffic between\n vulnerable clients and servers. This vulnerability is also known as the\n FREAK attack.\n CVSS Base Score: 4.3\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/100691 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n AFFECTED PRODUCTS AND VERSIONS:\n \n AIX 5.3, 6.1, 7.1\n VIOS 2.2.x\n\n The following fileset levels (VRMF) are vulnerable, if the \n respective Java version is installed:\n For Java5: Less than 5.0.0.600\n For Java6: Less than 6.0.0.480\n For Java7: Less than 7.0.0.205\n For Java7.1: Less than 7.1.0.85\n\n Note: to find out whether the affected Java filesets are installed \n on your systems, refer to the lslpp command found in AIX user's guide.\n\n Example: lslpp -L | grep -i java\n\n\n REMEDIATION:\n \n IBM SDK, Java Technology Edition, Version 5.0 Service Refresh 16 \n Fix Pack 10 and subsequent releases:\n 32-bit: https://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=5.0.0.0&platform=AIX+32-bit,+pSeries&function=all\n 64-bit: https://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=5.0.0.0&platform=AIX+64-bit,+pSeries&function=all\n\n IBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix \n Pack 4 and subsequent releases:\n 32-bit: https://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=6.0.0.0&platform=AIX+32-bit,+pSeries&function=all\n 64-bit: https://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=6.0.0.0&platform=AIX+64-bit,+pSeries&function=all\n\n IBM SDK, Java Technology Edition, Version 7 Service Refresh 9 and\n subsequent releases:\n 32-bit: https://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.0.0.0&platform=AIX+32-bit,+pSeries&function=all \n 64-bit: https://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.0.0.0&platform=AIX+64-bit,+pSeries&function=all\n\n IBM SDK, Java Technology Edition, Version 7.1 Service Refresh 3 and\n subsequent releases:\n 32-bit: https://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.1.0.0&platform=AIX+32-bit,+pSeries&function=all\n 64-bit: https://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.1.0.0&platform=AIX+64-bit,+pSeries&function=all \n\n WORKAROUNDS AND MITIGATIONS:\n\n None.\n\n\n===============================================================================\n\nCONTACT US:\n\n If you would like to receive AIX Security Advisories via email,\n please visit \"My Notifications\":\n\n http://www.ibm.com/support/mynotifications\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n Comments regarding the content of this announcement can be\n directed to:\n\n security-alert@austin.ibm.com\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pubkey.txt\n\n To obtain the PGP public key that can be used to communicate\n securely with the AIX Security Team via security-alert@austin.ibm.com you\n can either:\n\n A. Download the key from our web page:\n\nhttp://www.ibm.com/systems/resources/systems_p_os_aix_security_pgppubkey.txt\n\n B. Download the key from a PGP Public Key Server. The key ID is:\n\n 0x28BFAA12\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n\nREFERENCES:\n \n Complete CVSS Guide: http://www.first.org/cvss/cvss-guide.html\n On-line Calculator V2:\n http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2\n IBM Java SDK Security Bulletin: \n http://www-01.ibm.com/support/docview.wss?uid=swg21883640 \n\n\nACKNOWLEDGEMENTS:\n\n CVE-2015-1916 and CVE-2015-0138 were reported to IBM by Karthikeyan\n Bhargavan of the PROSECCO team at INRIA \n\n\nCHANGE HISTORY:\n\n First Issued: Wed Jun 3 12:58:42 CDT 2015 \n| Updated: Wed Jun 3 16:10:11 CDT 2015\n| Update: Corrected affected fileset levels\n\n===============================================================================\n\n*The CVSS Environment Score is customer environment specific and will \nultimately impact the Overall CVSS Score. Customers can evaluate the impact \nof this vulnerability in their environments by accessing the links in the \nReference section of this Security Bulletin. \n\nDisclaimer\nAccording to the Forum of Incident Response and Security Teams (FIRST), the \nCommon Vulnerability Scoring System (CVSS) is an \"industry open standard \ndesigned to convey vulnerability severity and help to determine urgency and \npriority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY \nOF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS \nFOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT \nOF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n \n", "edition": 4, "modified": "2015-06-03T16:10:11", "published": "2015-06-03T12:58:42", "id": "JAVA_APRIL2015_ADVISORY.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/java_april2015_advisory.asc", "title": "Multiple vulnerabilities in IBM Java SDK affect AIX", "type": "aix", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}