Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2024 Tenable Network Security, Inc.ORACLE_JAVA_CPU_OCT_2015_UNIX.NASL
HistoryOct 22, 2015 - 12:00 a.m.

Oracle Java SE Multiple Vulnerabilities (October 2015 CPU) (Unix)

2015-10-2200:00:00
This script is Copyright (C) 2015-2024 Tenable Network Security, Inc.
www.tenable.com
99

6.4 Medium

AI Score

Confidence

Low

JSON

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 65, 7 Update 91, or 6 Update 105. It is, therefore, affected by security vulnerabilities in the following components :

  • 2D
  • CORBA
  • Deployment
  • JavaFX
  • JAXP
  • JGSS
  • Libraries
  • RMI
  • Security
  • Serialization
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(86543);
  script_version("1.14");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/19");

  script_cve_id(
    "CVE-2015-4734",
    "CVE-2015-4803",
    "CVE-2015-4805",
    "CVE-2015-4806",
    "CVE-2015-4810",
    "CVE-2015-4835",
    "CVE-2015-4840",
    "CVE-2015-4842",
    "CVE-2015-4843",
    "CVE-2015-4844",
    "CVE-2015-4860",
    "CVE-2015-4868",
    "CVE-2015-4871",
    "CVE-2015-4872",
    "CVE-2015-4881",
    "CVE-2015-4882",
    "CVE-2015-4883",
    "CVE-2015-4893",
    "CVE-2015-4901",
    "CVE-2015-4902",
    "CVE-2015-4903",
    "CVE-2015-4906",
    "CVE-2015-4908",
    "CVE-2015-4911",
    "CVE-2015-4916"
  );
  script_bugtraq_id(
    77126,
    77148,
    77159,
    77160,
    77162,
    77163,
    77164,
    77181,
    77192,
    77194,
    77200,
    77207,
    77209,
    77211,
    77214,
    77221,
    77223,
    77225,
    77226,
    77229,
    77238,
    77241,
    77242
  );
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/03/24");

  script_name(english:"Oracle Java SE Multiple Vulnerabilities (October 2015 CPU) (Unix)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Unix host contains a programming platform that is affected
by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Oracle (formerly Sun) Java SE or Java for Business
installed on the remote host is prior to 8 Update 65, 7 Update 91, or
6 Update 105. It is, therefore, affected by security vulnerabilities
in the following components :

  - 2D
  - CORBA
  - Deployment
  - JavaFX
  - JAXP
  - JGSS
  - Libraries
  - RMI
  - Security
  - Serialization");
  # http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2e5158e8");
  # https://www.oracle.com/technetwork/java/javase/8u65-relnotes-2687063.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?31d5ce9a");
  # https://www.oracle.com/technetwork/java/javase/7u91-relnotes-2687180.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4da55863");
  # https://www.oracle.com/technetwork/java/javase/6u105-relnotes-2703317.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?af476d66");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Oracle JDK / JRE 8 Update 65, 7 Update 91, 6 Update 105,
or later. If necessary, remove any affected versions.

Note that an Extended Support contract with Oracle is needed to obtain
JDK / JRE 6 Update 95 or later.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-4883");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/10/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/10/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/10/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jdk");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2015-2024 Tenable Network Security, Inc.");

  script_dependencies("sun_java_jre_installed.nasl", "sun_java_jre_installed_unix.nasl");
  script_require_keys("installed_sw/Java");

  exit(0);
}

include('vcf.inc');
include('vcf_extras.inc');

var app_list = ['Oracle Java'];

var app_info = vcf::java::get_app_info(app:app_list);

var constraints = [
  { 'min_version' : '6.0.0', 'fixed_version' : '6.0.105', 'fixed_display' : 'Upgrade to version 6.0.105 or greater' },
  { 'min_version' : '7.0.0', 'fixed_version' : '7.0.91', 'fixed_display' : 'Upgrade to version 7.0.91 or greater' },
  { 'min_version' : '8.0.0', 'fixed_version' : '8.0.65', 'fixed_display' : 'Upgrade to version 8.0.65 or greater' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
VendorProductVersionCPE
oraclejrecpe:/a:oracle:jre
oraclejdkcpe:/a:oracle:jdk

References

Related

nessus 52
freebsd 1
ibm 27
archlinux 6
f5 2
openvas 33
redhat 12
suse 17
amazon 3
oraclelinux 4
centos 4
ubuntu 2
debian 3
veracode 19
mageia 1
aix 1
prion 3
debiancve 3
ubuntucve 3
cve 3
nessus
nessus
Oracle Java SE Multiple Vulnerabilities (October 2015 CPU)
2015-10-22 00:00:00
FreeBSD : java -- multiple vulnerabilities (a5934ba8-a376-11e5-85e9-14dae9d210b8)
2015-12-16 00:00:00
openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2015-696)
2015-11-05 00:00:00
freebsd
freebsd
java -- multiple vulnerabilities
2015-10-20 00:00:00
ibm
ibm
Security Bulletin: October 2015 Java Platform Standard Edition Vulnerabilities in Multiple N Series Products
2018-06-18 00:32:30
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection
2018-06-16 21:38:16
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM i.
2019-12-18 14:26:38
archlinux
archlinux
jre8-openjdk-headless: multiple issues
2015-10-23 00:00:00
jre8-openjdk: multiple issues
2015-10-23 00:00:00
jdk8-openjdk: multiple issues
2015-10-23 00:00:00
f5
f5
SOL05200155 - Multiple Java vulnerabilities
2015-11-26 00:00:00
Multiple Java vulnerabilities
2015-11-26 18:23:00
openvas
openvas
openSUSE: Security Advisory for java-1_8_0-openjdk (openSUSE-SU-2015:1905-1)
2015-11-05 00:00:00
Oracle Java SE JRE Multiple Unspecified Vulnerabilities-02 Oct 2015 (Linux)
2015-10-27 00:00:00
Oracle Linux Local Check: ELSA-2015-1921
2015-10-22 00:00:00
redhat
redhat
(RHSA-2015:1926) Critical: java-1.8.0-oracle security update
2015-10-22 18:19:40
(RHSA-2015:1927) Critical: java-1.7.0-oracle security update
2015-10-22 18:20:48
(RHSA-2015:1928) Important: java-1.6.0-sun security update
2015-10-22 18:21:17
suse
suse
Security update for java-1_8_0-openjdk (important)
2015-11-04 17:12:12
Security update for java-1_7_0-openjdk (important)
2015-11-04 17:12:29
Security update for java-1_7_0-openjdk (important)
2015-11-02 17:11:48
amazon
amazon
Critical: java-1.7.0-openjdk
2015-10-27 13:52:00
Important: java-1.8.0-openjdk
2015-10-27 16:39:00
Important: java-1.6.0-openjdk
2015-12-14 10:00:00
oraclelinux
oraclelinux
java-1.7.0-openjdk security update
2015-10-21 00:00:00
java-1.7.0-openjdk security update
2015-10-21 00:00:00
java-1.8.0-openjdk security update
2015-10-21 00:00:00
centos
centos
java security update
2015-10-21 23:24:30
java security update
2015-10-21 23:14:14
java security update
2015-10-21 23:13:49
ubuntu
ubuntu
OpenJDK 7 vulnerabilities
2015-10-28 00:00:00
OpenJDK 6 vulnerabilities
2015-12-03 00:00:00
debian
debian
[SECURITY] [DSA 3381-2] openjdk-7 security update
2015-11-01 22:21:57
[SECURITY] [DSA 3381-1] openjdk-7 security update
2015-10-27 21:21:20
[SECURITY] [DLA 346-1] openjdk-6 security update
2015-11-24 08:56:52
veracode
veracode
Authentication Bypass
2019-05-02 05:19:32
Information Disclosure
2019-05-02 05:19:32
Authentication Bypass
2019-05-02 05:19:33
mageia
mageia
Updated java-1.8.0-openjdk packages fix security vulnerabilities
2015-10-25 19:34:48
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2015-12-10 08:51:54
prion
prion
Design/Logic Flaw
2015-10-22 00:00:00
Design/Logic Flaw
2015-10-22 00:00:00
Design/Logic Flaw
2015-10-22 00:00:00
debiancve
debiancve
CVE-2015-4906
2015-10-22 00:00:00
CVE-2015-4916
2015-10-22 00:00:00
CVE-2015-4908
2015-10-22 00:00:00
ubuntucve
ubuntucve
CVE-2015-4906
2015-10-22 00:00:00
CVE-2015-4908
2015-10-22 00:00:00
CVE-2015-4916
2015-10-22 00:00:00
cve
cve
CVE-2015-4908
2015-10-22 00:00:00
CVE-2015-4916
2015-10-22 00:00:00
CVE-2015-4906
2015-10-22 00:00:00

6.4 Medium

AI Score

Confidence

Low

JSON
Related for ORACLE_JAVA_CPU_OCT_2015_UNIX.NASL
nessus52freebsd1ibm27archlinux6f52openvas33redhat12suse17amazon3oraclelinux4centos4ubuntu2debian3veracode19mageia1aix1prion3debiancve3ubuntucve3cve3