Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2024 Tenable Network Security, Inc.ORACLE_JAVA_CPU_OCT_2014_UNIX.NASL
HistoryOct 15, 2014 - 12:00 a.m.

Oracle Java SE Multiple Vulnerabilities (October 2014 CPU) (Unix)

2014-10-1500:00:00
This script is Copyright (C) 2014-2024 Tenable Network Security, Inc.
www.tenable.com
29

5.1 Medium

AI Score

Confidence

Low

JSON

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 25, 7 Update 71, 6 Update 85, or 5 Update 75. It is, therefore, affected by security issues in the following components :

  • 2D
  • AWT
  • Deployment
  • Hotspot
  • JAXP
  • JSSE
  • JavaFX
  • Libraries
  • Security
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(78482);
  script_version("1.11");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/19");

  script_cve_id(
    "CVE-2014-4288",
    "CVE-2014-6456",
    "CVE-2014-6457",
    "CVE-2014-6458",
    "CVE-2014-6466",
    "CVE-2014-6468",
    "CVE-2014-6476",
    "CVE-2014-6485",
    "CVE-2014-6492",
    "CVE-2014-6493",
    "CVE-2014-6502",
    "CVE-2014-6503",
    "CVE-2014-6504",
    "CVE-2014-6506",
    "CVE-2014-6511",
    "CVE-2014-6512",
    "CVE-2014-6513",
    "CVE-2014-6515",
    "CVE-2014-6517",
    "CVE-2014-6519",
    "CVE-2014-6527",
    "CVE-2014-6531",
    "CVE-2014-6532",
    "CVE-2014-6558",
    "CVE-2014-6562"
  );
  script_bugtraq_id(
    70456,
    70460,
    70468,
    70470,
    70484,
    70488,
    70507,
    70518,
    70519,
    70522,
    70523,
    70531,
    70533,
    70538,
    70544,
    70548,
    70552,
    70556,
    70560,
    70564,
    70565,
    70567,
    70569,
    70570,
    70572
  );

  script_name(english:"Oracle Java SE Multiple Vulnerabilities (October 2014 CPU) (Unix)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Unix host contains a programming platform that is affected
by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Oracle (formerly Sun) Java SE or Java for Business
installed on the remote host is prior to 8 Update 25, 7 Update 71, 6
Update 85, or 5 Update 75. It is, therefore, affected by security
issues in the following components :

  - 2D
  - AWT
  - Deployment
  - Hotspot
  - JAXP
  - JSSE
  - JavaFX
  - Libraries
  - Security");
  # https://www.oracle.com/technetwork/topics/security/alerts-086861.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2b7fdf57");
  # https://www.oracle.com/technetwork/java/javase/8u25-relnotes-2296185.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?631ebd82");
  # https://www.oracle.com/technetwork/java/javase/7u71-relnotes-2296187.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?cd6e3a16");
  # http://www.oracle.com/technetwork/java/javase/documentation/overview-156328.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?726f7054");
  # https://www.oracle.com/technetwork/java/javase/documentation/overview-137139.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?84f3023c");
  script_set_attribute(attribute:"solution", value:
"Update to JDK / JRE 8 Update 25, 7 Update 71, 6 Update 85, or 5 Update
75 or later and, if necessary, remove any affected versions.

Note that an Extended Support contract with Oracle is needed to obtain
JDK / JRE 5 Update 75 or later or 6 Update 85 or later.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-6456");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/10/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/15");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jdk");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2014-2024 Tenable Network Security, Inc.");

  script_dependencies("sun_java_jre_installed.nasl", "sun_java_jre_installed_unix.nasl");
  script_require_keys("installed_sw/Java");

  exit(0);
}

include('vcf.inc');
include('vcf_extras.inc');

var app_list = ['Oracle Java'];

var app_info = vcf::java::get_app_info(app:app_list);

var constraints = [
  { 'min_version' : '5.0.0', 'fixed_version' : '5.0.75', 'fixed_display' : 'Upgrade to version 5.0.75 or greater' },
  { 'min_version' : '6.0.0', 'fixed_version' : '6.0.85', 'fixed_display' : 'Upgrade to version 6.0.85 or greater' },
  { 'min_version' : '7.0.0', 'fixed_version' : '7.0.71', 'fixed_display' : 'Upgrade to version 7.0.71 or greater' },
  { 'min_version' : '8.0.0', 'fixed_version' : '8.0.25', 'fixed_display' : 'Upgrade to version 8.0.25 or greater' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
VendorProductVersionCPE
oraclejrecpe:/a:oracle:jre
oraclejdkcpe:/a:oracle:jdk

References

Related

nessus 43
f5 2
ibm 32
kaspersky 1
redhat 12
suse 8
openvas 46
veracode 5
amazon 3
aix 1
oraclelinux 4
ubuntu 3
centos 4
debian 3
osv 3
mageia 1
securityvulns 1
ubuntucve 7
cve 7
prion 6
debiancve 6
gentoo 1
nessus
nessus
Oracle Java SE Multiple Vulnerabilities (October 2014 CPU)
2014-10-15 00:00:00
SuSE 11.3 Security Update : Java OpenJDK (SAT Patch Number 9906)
2014-11-12 00:00:00
RHEL 5 / 6 / 7 : java-1.7.0-oracle (RHSA-2014:1657)
2014-11-08 00:00:00
f5
f5
K15745 : Multiple Oracle Java vulnerabilities
2014-10-28 00:00:00
SOL15745 - Multiple Oracle Java vulnerabilities
2014-10-27 00:00:00
ibm
ibm
Security Bulletin: October 2014 Java Runtime Environment (JRE) Vulnerabilities in Multiple N series Products
2018-06-18 00:28:10
Security Bulletin: Multiple vulnerabilities in current releases of the IBM® SDK, Java™ Technology Edition
2018-06-15 07:01:54
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affecting IBM Tivoli Monitoring clients
2018-06-17 14:55:49
kaspersky
kaspersky
KLA10505 Multiple vulnerabilities in Oracle products
2014-10-15 00:00:00
redhat
redhat
(RHSA-2014:1657) Critical: java-1.7.0-oracle security update
2014-10-16 22:51:08
(RHSA-2014:1658) Important: java-1.6.0-sun security update
2014-10-16 22:52:46
(RHSA-2014:1636) Important: java-1.8.0-openjdk security update
2014-10-14 00:00:00
suse
suse
Security update for IBM Java (important)
2014-12-02 19:04:43
Security update for IBM Java (important)
2014-11-28 19:05:41
Security update for java-1_7_1-ibm (important)
2014-12-03 17:04:45
openvas
openvas
SUSE: Security Advisory for IBM Java (SUSE-SU-2014:1526-1)
2015-10-13 00:00:00
SUSE: Security Advisory for java-1_7_1-ibm (SUSE-SU-2014:1549-1)
2015-10-16 00:00:00
SUSE: Security Advisory (SUSE-SU-2014:1549-1)
2021-04-19 00:00:00
veracode
veracode
Improper Access Control
2019-05-02 05:12:56
Improper Access Control
2019-05-02 05:12:57
Privilege Escalation
2019-05-02 05:12:51
amazon
amazon
Important: java-1.8.0-openjdk
2014-10-16 22:16:00
Important: java-1.6.0-openjdk
2014-10-16 22:15:00
Important: java-1.7.0-openjdk
2014-10-16 22:16:00
aix
aix
Multiple vulnerabilities in current releases of the IBM SDK Java Technology Edition; issues in the Oracle October 2014 Critical Patch Update plus the POODLE SSLv3 vulnerability and
2014-11-14 15:40:48
oraclelinux
oraclelinux
java-1.8.0-openjdk security update
2014-10-22 00:00:00
java-1.7.0-openjdk security and bug fix update
2014-10-15 00:00:00
java-1.7.0-openjdk security and bug fix update
2014-10-15 00:00:00
ubuntu
ubuntu
OpenJDK 7 vulnerabilities
2014-10-23 00:00:00
OpenJDK 7 vulnerabilities
2014-10-23 00:00:00
OpenJDK 6 vulnerabilities
2014-10-17 00:00:00
centos
centos
java security update
2014-10-20 18:15:08
java security update
2014-10-15 11:42:17
java security update
2014-10-15 12:22:05
debian
debian
[SECURITY] [DSA 3080-1] openjdk-7 security update
2014-11-29 12:43:45
[SECURITY] [DSA 3077-1] openjdk-6 security update
2014-11-26 19:10:21
[SECURITY] [DLA 96-1] openjdk-6 security update
2014-11-28 10:25:51
osv
osv
openjdk-7 - security update
2014-11-29 00:00:00
openjdk-6 - security update
2014-11-26 00:00:00
openjdk-6 - security update
2014-11-28 00:00:00
mageia
mageia
Updated java-1.7.0-openjdk packages fix security vulnerabilities
2014-10-26 00:23:09
securityvulns
securityvulns
ESA-2015-004: EMC M&R (Watch4Net) Multiple Vulnerabilities
2015-01-25 00:00:00
ubuntucve
ubuntucve
CVE-2014-6503
2014-10-15 00:00:00
CVE-2014-6493
2014-10-15 00:00:00
CVE-2014-4288
2014-10-15 00:00:00
cve
cve
CVE-2014-6493
2014-10-15 22:55:00
CVE-2014-4288
2014-10-15 15:55:00
CVE-2014-6532
2014-10-15 22:55:00
prion
prion
Design/Logic Flaw
2014-10-15 22:55:00
Design/Logic Flaw
2014-10-15 22:55:00
Design/Logic Flaw
2014-10-15 22:55:00
debiancve
debiancve
CVE-2014-6532
2014-10-15 22:55:00
CVE-2014-4288
2014-10-15 15:55:00
CVE-2014-6493
2014-10-15 22:55:00
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2015-02-15 00:00:00

5.1 Medium

AI Score

Confidence

Low

JSON
Related for ORACLE_JAVA_CPU_OCT_2014_UNIX.NASL
nessus43f52ibm32kaspersky1redhat12suse8openvas46veracode5amazon3aix1oraclelinux4ubuntu3centos4debian3osv3mageia1securityvulns1ubuntucve7cve7prion6debiancve6gentoo1