Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2024 Tenable Network Security, Inc.ORACLE_JAVA_CPU_JUN_2013_UNIX.NASL
HistoryJun 20, 2013 - 12:00 a.m.

Oracle Java SE Multiple Vulnerabilities (June 2013 CPU) (Unix)

2013-06-2000:00:00
This script is Copyright (C) 2013-2024 Tenable Network Security, Inc.
www.tenable.com
134

8.1 High

AI Score

Confidence

Low

JSON

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than or equal to 7 Update 21, 6 Update 45 or 5 Update 45. It is, therefore, potentially affected by security issues in the following components :

  • 2D
  • AWT
  • CORBA
  • Deployment
  • Hotspot
  • Install
  • JDBC
  • JMX
  • Libraries
  • Networking
  • Serialization
  • Serviceability
  • Sound
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(66943);
  script_version("1.24");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/19");

  script_cve_id(
    "CVE-2013-1500",
    "CVE-2013-1571",
    "CVE-2013-2400",
    "CVE-2013-2407",
    "CVE-2013-2412",
    "CVE-2013-2437",
    "CVE-2013-2442",
    "CVE-2013-2443",
    "CVE-2013-2444",
    "CVE-2013-2445",
    "CVE-2013-2446",
    "CVE-2013-2447",
    "CVE-2013-2448",
    "CVE-2013-2449",
    "CVE-2013-2450",
    "CVE-2013-2451",
    "CVE-2013-2452",
    "CVE-2013-2453",
    "CVE-2013-2454",
    "CVE-2013-2455",
    "CVE-2013-2456",
    "CVE-2013-2457",
    "CVE-2013-2458",
    "CVE-2013-2459",
    "CVE-2013-2460",
    "CVE-2013-2461",
    "CVE-2013-2462",
    "CVE-2013-2463",
    "CVE-2013-2464",
    "CVE-2013-2465",
    "CVE-2013-2466",
    "CVE-2013-2467",
    "CVE-2013-2468",
    "CVE-2013-2469",
    "CVE-2013-2470",
    "CVE-2013-2471",
    "CVE-2013-2472",
    "CVE-2013-2473",
    "CVE-2013-3743",
    "CVE-2013-3744"
  );
  script_bugtraq_id(
    60617,
    60618,
    60619,
    60620,
    60621,
    60622,
    60623,
    60624,
    60625,
    60626,
    60627,
    60629,
    60630,
    60631,
    60632,
    60633,
    60634,
    60635,
    60636,
    60637,
    60638,
    60639,
    60640,
    60641,
    60643,
    60644,
    60645,
    60646,
    60647,
    60649,
    60650,
    60651,
    60652,
    60653,
    60654,
    60655,
    60656,
    60657,
    60658,
    60659
  );
  script_xref(name:"CERT", value:"225657");
  script_xref(name:"EDB-ID", value:"27754");
  script_xref(name:"EDB-ID", value:"27943");
  script_xref(name:"EDB-ID", value:"28050");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/04/18");

  script_name(english:"Oracle Java SE Multiple Vulnerabilities (June 2013 CPU) (Unix)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Unix host contains a programming platform that is
potentially affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Oracle (formerly Sun) Java SE or Java for Business
installed on the remote host is earlier than or equal to 7 Update 21,
6 Update 45 or 5 Update 45.  It is, therefore, potentially affected by
security issues in the following components :

  - 2D
  - AWT
  - CORBA
  - Deployment
  - Hotspot
  - Install
  - JDBC
  - JMX
  - Libraries
  - Networking
  - Serialization
  - Serviceability
  - Sound");
  script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-132/");
  script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-151/");
  script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-152/");
  script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-153/");
  script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-154/");
  script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-155/");
  script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-156/");
  script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-157/");
  script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-158/");
  script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-159/");
  script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-160/");
  script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2013/Aug/211");
  script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2013/Aug/276");
  # http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a094a6d7");
  script_set_attribute(attribute:"see_also", value:"http://www.oracle.com/technetwork/java/eol-135779.html");
  script_set_attribute(attribute:"solution", value:
"Update to JDK / JRE 5 Update 51, 6 Update 51, 7 Update 25 or later
and, if necessary, remove any affected versions.

Note that an Extended Support contract with Oracle is needed to obtain
JDK / JRE 5 Update 51 or later or 6 Update 51 or later.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-2473");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Java storeImageArray() Invalid Array Indexing Vulnerability');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/06/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/06/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/06/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jdk");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2013-2024 Tenable Network Security, Inc.");

  script_dependencies("sun_java_jre_installed.nasl", "sun_java_jre_installed_unix.nasl");
  script_require_keys("installed_sw/Java");

  exit(0);
}

include('vcf.inc');
include('vcf_extras.inc');

var app_list = ['Oracle Java'];

var app_info = vcf::java::get_app_info(app:app_list);

var constraints = [
  { 'min_version' : '5.0.0', 'fixed_version' : '5.0.51', 'fixed_display' : 'Upgrade to version 5.0.51 or greater' },
  { 'min_version' : '6.0.0', 'fixed_version' : '6.0.51', 'fixed_display' : 'Upgrade to version 6.0.51 or greater' },
  { 'min_version' : '7.0.0', 'fixed_version' : '7.0.25', 'fixed_display' : 'Upgrade to version 7.0.25 or greater' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
VendorProductVersionCPE
oraclejrecpe:/a:oracle:jre
oraclejdkcpe:/a:oracle:jdk

References

Related

veracode 11
nessus 45
ibm 17
redhat 8
openvas 48
ubuntu 3
securityvulns 1
oraclelinux 3
mageia 2
centos 3
amazon 2
suse 13
debian 2
cvelist 9
cve 9
prion 10
attackerkb 1
ubuntucve 9
threatpost 1
thn 2
veracode
veracode
Privilege Escalation
2019-05-02 04:46:30
Memory Corruption
2019-05-02 04:46:31
Privilege Escalation
2019-05-02 04:46:31
nessus
nessus
Mac OS X : Java for OS X 2013-004
2013-06-19 00:00:00
Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20130620)
2013-06-21 00:00:00
Oracle Linux 5 : java-1.7.0-openjdk (ELSA-2013-0958)
2013-07-12 00:00:00
ibm
ibm
Security Bulletin: Potential security vulnerabilities with JavaTM SDKs
2022-09-25 21:06:56
Security Bulletin: Multiple vulnerabilities in IBM WebSphere Real Time
2022-09-25 21:06:56
Security Bulletin: WebSphere Application Server - IBM SDK for Java June 2013 CPU
2022-09-25 21:06:56
redhat
redhat
(RHSA-2013:0963) Critical: java-1.7.0-oracle security update
2013-06-20 00:00:00
(RHSA-2013:0958) Important: java-1.7.0-openjdk security update
2013-06-19 00:00:00
(RHSA-2013:0957) Critical: java-1.7.0-openjdk security update
2013-06-19 00:00:00
openvas
openvas
CentOS Update for java CESA-2013:0958 centos5
2013-06-24 00:00:00
RedHat Update for java-1.7.0-openjdk RHSA-2013:0957-01
2013-06-24 00:00:00
Oracle: Security Advisory (ELSA-2013-0958)
2015-10-06 00:00:00
ubuntu
ubuntu
OpenJDK 7 vulnerabilities
2013-07-16 00:00:00
IcedTea Web update
2013-07-16 00:00:00
OpenJDK 6 vulnerabilities
2013-07-23 00:00:00
securityvulns
securityvulns
Oracle Java multiple security vulnerabilities
2013-08-28 00:00:00
oraclelinux
oraclelinux
java-1.7.0-openjdk security update
2013-06-19 00:00:00
java-1.7.0-openjdk security update
2013-06-19 00:00:00
java-1.6.0-openjdk security update
2013-07-03 00:00:00
mageia
mageia
Updated java-1.7.0-openjdk packages fix multiple security vulnerabilities
2013-06-26 22:13:26
Updated java-1.6.0-openjdk packages fix security vulnerabilities
2013-07-16 11:26:07
centos
centos
java security update
2013-06-20 06:46:44
java security update
2013-06-20 06:43:01
java security update
2013-07-04 10:07:44
amazon
amazon
Important: java-1.7.0-openjdk
2013-06-20 14:14:00
Important: java-1.6.0-openjdk
2013-07-12 15:31:00
suse
suse
Security update for java-1_7_0-openjdk (important)
2013-07-25 16:04:14
Security update for java-1_6_0-openjdk (important)
2013-07-23 22:04:14
Security update for java-1_6_0-ibm (important)
2013-07-25 20:04:13
debian
debian
[SECURITY] [DSA 2722-1] openjdk-7 security update
2013-07-15 15:53:07
[SECURITY] [DSA 2727-1] openjdk-6 security update
2013-07-25 21:12:25
cvelist
cvelist
CVE-2013-2464
2013-06-18 22:00:00
CVE-2013-2468
2013-06-18 22:00:00
CVE-2013-2466
2013-06-18 22:00:00
cve
cve
CVE-2013-2464
2013-06-18 22:55:00
CVE-2013-2468
2013-06-18 22:55:00
CVE-2013-2466
2013-06-18 22:55:00
prion
prion
Design/Logic Flaw
2013-06-18 22:55:00
Design/Logic Flaw
2013-06-18 22:55:00
Design/Logic Flaw
2013-06-18 22:55:00
attackerkb
attackerkb
CVE-2013-2464
2013-06-18 00:00:00
ubuntucve
ubuntucve
CVE-2013-2464
2013-06-18 00:00:00
CVE-2013-2468
2013-06-18 00:00:00
CVE-2013-2442
2013-06-18 00:00:00
threatpost
threatpost
Many Flash, Java Users Running Older, Vulnerable Versions
2013-09-06 07:40:52
thn
thn
New Mac OS Malware exploited two known Java vulnerabilities
2013-09-24 04:15:00
New Mac OS Malware exploited two known Java vulnerabilities
2013-09-24 15:15:00

8.1 High

AI Score

Confidence

Low

JSON
Related for ORACLE_JAVA_CPU_JUN_2013_UNIX.NASL
veracode11nessus45ibm17redhat8openvas48ubuntu3securityvulns1oraclelinux3mageia2centos3amazon2suse13debian2cvelist9cve9prion10attackerkb1ubuntucve9threatpost1thn2