Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2023 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2014-1881.NASL
HistoryNov 21, 2014 - 12:00 a.m.

RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2014:1881) (POODLE)

2014-11-2100:00:00
This script is Copyright (C) 2014-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
23
JSON

Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary.

Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.

This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-3065, CVE-2014-3566, CVE-2014-6457, CVE-2014-6502, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6531, CVE-2014-6558)

The CVE-2014-6512 issue was discovered by Florian Weimer of Red Hat Product Security.

Note: With this update, the IBM SDK now disables the SSL 3.0 protocol to address the CVE-2014-3566 issue (also known as POODLE). Refer to the IBM article linked to in the References section for additional details about this change and instructions on how to re-enable SSL 3.0 support if needed.

All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16-FP8 release. All running instances of IBM Java must be restarted for this update to take effect.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2014:1881. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(79378);
  script_version("1.28");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/06/23");

  script_cve_id(
    "CVE-2014-3065",
    "CVE-2014-3566",
    "CVE-2014-6457",
    "CVE-2014-6502",
    "CVE-2014-6506",
    "CVE-2014-6511",
    "CVE-2014-6512",
    "CVE-2014-6531",
    "CVE-2014-6558"
  );
  script_bugtraq_id(
    70533,
    70538,
    70544,
    70548,
    70556,
    70567,
    70572,
    70574,
    71147
  );
  script_xref(name:"RHSA", value:"2014:1881");

  script_name(english:"RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2014:1881) (POODLE)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"Updated java-1.5.0-ibm packages that fix several security issues are
now available for Red Hat Enterprise Linux 5 and 6 Supplementary.

Red Hat Product Security has rated this update as having Important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the
IBM Java Software Development Kit.

This update fixes several vulnerabilities in the IBM Java Runtime
Environment and the IBM Java Software Development Kit. Detailed
vulnerability descriptions are linked from the IBM Security alerts
page, listed in the References section. (CVE-2014-3065, CVE-2014-3566,
CVE-2014-6457, CVE-2014-6502, CVE-2014-6506, CVE-2014-6511,
CVE-2014-6512, CVE-2014-6531, CVE-2014-6558)

The CVE-2014-6512 issue was discovered by Florian Weimer of Red Hat
Product Security.

Note: With this update, the IBM SDK now disables the SSL 3.0 protocol
to address the CVE-2014-3566 issue (also known as POODLE). Refer to
the IBM article linked to in the References section for additional
details about this change and instructions on how to re-enable SSL 3.0
support if needed.

All users of java-1.5.0-ibm are advised to upgrade to these updated
packages, containing the IBM J2SE 5.0 SR16-FP8 release. All running
instances of IBM Java must be restarted for this update to take
effect.");
  script_set_attribute(attribute:"see_also", value:"https://developer.ibm.com/javasdk/support/security-vulnerabilities/");
  script_set_attribute(attribute:"see_also", value:"https://www-01.ibm.com/support/docview.wss?uid=swg21688165");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2014:1881");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-6502");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-6457");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-6506");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-6531");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-6558");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-6511");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-6512");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-3566");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-3065");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-3065");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2014-3566");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"in_the_news", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/11/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/21");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.6");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2014-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x / 6.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2014:1881";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL5", reference:"java-1.5.0-ibm-1.5.0.16.8-1jpp.1.el5")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.5.0-ibm-accessibility-1.5.0.16.8-1jpp.1.el5")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"java-1.5.0-ibm-accessibility-1.5.0.16.8-1jpp.1.el5")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.5.0-ibm-accessibility-1.5.0.16.8-1jpp.1.el5")) flag++;

  if (rpm_check(release:"RHEL5", reference:"java-1.5.0-ibm-demo-1.5.0.16.8-1jpp.1.el5")) flag++;

  if (rpm_check(release:"RHEL5", reference:"java-1.5.0-ibm-devel-1.5.0.16.8-1jpp.1.el5")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.5.0-ibm-javacomm-1.5.0.16.8-1jpp.1.el5")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.5.0-ibm-javacomm-1.5.0.16.8-1jpp.1.el5")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.5.0-ibm-jdbc-1.5.0.16.8-1jpp.1.el5")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"s390", reference:"java-1.5.0-ibm-jdbc-1.5.0.16.8-1jpp.1.el5")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.5.0-ibm-plugin-1.5.0.16.8-1jpp.1.el5")) flag++;

  if (rpm_check(release:"RHEL5", reference:"java-1.5.0-ibm-src-1.5.0.16.8-1jpp.1.el5")) flag++;


  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.5.0-ibm-1.5.0.16.8-1jpp.1.el6_6")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.5.0-ibm-1.5.0.16.8-1jpp.1.el6_6")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.5.0-ibm-1.5.0.16.8-1jpp.1.el6_6")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.5.0-ibm-demo-1.5.0.16.8-1jpp.1.el6_6")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.5.0-ibm-demo-1.5.0.16.8-1jpp.1.el6_6")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.5.0-ibm-demo-1.5.0.16.8-1jpp.1.el6_6")) flag++;

  if (rpm_check(release:"RHEL6", reference:"java-1.5.0-ibm-devel-1.5.0.16.8-1jpp.1.el6_6")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.5.0-ibm-javacomm-1.5.0.16.8-1jpp.1.el6_6")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.5.0-ibm-javacomm-1.5.0.16.8-1jpp.1.el6_6")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.5.0-ibm-jdbc-1.5.0.16.8-1jpp.1.el6_6")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"s390", reference:"java-1.5.0-ibm-jdbc-1.5.0.16.8-1jpp.1.el6_6")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.5.0-ibm-plugin-1.5.0.16.8-1jpp.1.el6_6")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.5.0-ibm-src-1.5.0.16.8-1jpp.1.el6_6")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.5.0-ibm-src-1.5.0.16.8-1jpp.1.el6_6")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.5.0-ibm-src-1.5.0.16.8-1jpp.1.el6_6")) flag++;


  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.5.0-ibm / java-1.5.0-ibm-accessibility / java-1.5.0-ibm-demo / etc");
  }
}
VendorProductVersionCPE
redhatenterprise_linuxjava-1.5.0-ibmp-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm
redhatenterprise_linuxjava-1.5.0-ibm-accessibilityp-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility
redhatenterprise_linuxjava-1.5.0-ibm-demop-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo
redhatenterprise_linuxjava-1.5.0-ibm-develp-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel
redhatenterprise_linuxjava-1.5.0-ibm-javacommp-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm
redhatenterprise_linuxjava-1.5.0-ibm-jdbcp-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc
redhatenterprise_linuxjava-1.5.0-ibm-pluginp-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin
redhatenterprise_linuxjava-1.5.0-ibm-srcp-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src
redhatenterprise_linux5cpe:/o:redhat:enterprise_linux:5
redhatenterprise_linux6cpe:/o:redhat:enterprise_linux:6
Rows per page:
1-10 of 111

References

Related

redhat 11
openvas 38
ibm 58
nessus 42
veracode 10
debian 3
osv 3
centos 4
amazon 3
oraclelinux 4
mageia 1
suse 7
ubuntu 3
aix 1
f5 2
kaspersky 1
cve 3
prion 2
debiancve 2
ubuntucve 1
redhat
redhat
(RHSA-2014:1881) Important: java-1.5.0-ibm security update
2014-11-20 00:00:00
(RHSA-2014:1633) Important: java-1.7.0-openjdk security and bug fix update
2014-10-14 00:00:00
(RHSA-2014:1634) Important: java-1.6.0-openjdk security and bug fix update
2014-10-14 00:00:00
openvas
openvas
Oracle Java SE JRE Multiple Unspecified Vulnerabilities-01 (Oct 2014) - Windows
2014-10-20 00:00:00
Oracle Java SE JRE Multiple Unspecified Vulnerabilities-01 (Oct 2014) - Linux
2014-10-20 00:00:00
Debian Security Advisory DSA 3077-1 (openjdk-6 - security update)
2014-11-26 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection (CVE-2014-6512, CVE-2014-6457, CVE-2014-6558, CVE-2014-3065)
2018-06-16 21:22:21
Security Bulletin: Multiple vulnerabilities in IBM SDK for Java Technology Edition affect WebSphere Dynamic Process Edition (CVE-2014-6512, CVE-2014-6457, CVE-2014-6558, CVE-2014-3566)
2018-06-15 07:02:19
Security Bulletin: : Multiple vulnerabilities in IBM Java SDK affect Identity Insight 8.0 & 8.1 (CVE-2014-6512, CVE-2014-6457, CVE-2014-6558 and CVE-2014-3566)
2018-06-16 13:08:43
nessus
nessus
CentOS 5 / 6 / 7 : java-1.6.0-openjdk (CESA-2014:1634)
2014-10-16 00:00:00
Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x, SL7.x i386/x86_64 (20141015)
2014-10-23 00:00:00
CentOS 6 / 7 : java-1.7.0-openjdk (CESA-2014:1620)
2014-10-16 00:00:00
veracode
veracode
Privilege Escalation
2019-05-02 05:12:51
Information Disclosure
2019-05-02 05:12:51
Information Disclosure
2019-05-02 05:12:50
debian
debian
[SECURITY] [DSA 3077-1] openjdk-6 security update
2014-11-26 19:10:21
[SECURITY] [DSA 3080-1] openjdk-7 security update
2014-11-29 12:43:45
[SECURITY] [DLA 96-1] openjdk-6 security update
2014-11-28 10:25:51
osv
osv
openjdk-6 - security update
2014-11-26 00:00:00
openjdk-7 - security update
2014-11-29 00:00:00
openjdk-6 - security update
2014-11-28 00:00:00
centos
centos
java security update
2014-10-15 11:42:17
java security update
2014-10-15 12:22:05
java security update
2014-10-15 11:48:47
amazon
amazon
Important: java-1.6.0-openjdk
2014-10-16 22:15:00
Important: java-1.7.0-openjdk
2014-10-16 22:16:00
Important: java-1.8.0-openjdk
2014-10-16 22:16:00
oraclelinux
oraclelinux
java-1.7.0-openjdk security and bug fix update
2014-10-15 00:00:00
java-1.6.0-openjdk security and bug fix update
2014-10-14 00:00:00
java-1.7.0-openjdk security and bug fix update
2014-10-15 00:00:00
mageia
mageia
Updated java-1.7.0-openjdk packages fix security vulnerabilities
2014-10-26 00:23:09
suse
suse
Security update for java-1_7_0-openjdk (important)
2014-11-13 17:04:46
Security update for java-1_5_0-ibm (important)
2015-02-25 19:05:32
Security update for java-1_6_0-ibm (important)
2015-02-21 01:07:10
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2014-10-17 00:00:00
OpenJDK 7 vulnerabilities
2014-10-23 00:00:00
OpenJDK 7 vulnerabilities
2014-10-23 00:00:00
aix
aix
Multiple vulnerabilities in current releases of the IBM SDK Java Technology Edition; issues in the Oracle October 2014 Critical Patch Update plus the POODLE SSLv3 vulnerability and
2014-11-14 15:40:48
f5
f5
SOL15745 - Multiple Oracle Java vulnerabilities
2014-10-27 00:00:00
K15745 : Multiple Oracle Java vulnerabilities
2014-10-28 00:00:00
kaspersky
kaspersky
KLA10505 Multiple vulnerabilities in Oracle products
2014-10-15 00:00:00
cve
cve
CVE-2014-3065
2014-12-02 01:59:00
CVE-2014-6558
2014-10-15 22:55:00
CVE-2014-6511
2014-10-15 22:55:00
prion
prion
Design/Logic Flaw
2014-10-15 22:55:00
Design/Logic Flaw
2014-10-15 15:55:00
debiancve
debiancve
CVE-2014-6558
2014-10-15 22:55:00
CVE-2014-6502
2014-10-15 22:55:00
ubuntucve
ubuntucve
CVE-2014-6511
2014-10-15 00:00:00
JSON
Related for REDHAT-RHSA-2014-1881.NASL
redhat11openvas38ibm58nessus42veracode10debian3osv3centos4amazon3oraclelinux4mageia1suse7ubuntu3aix1f52kaspersky1cve3prion2debiancve2ubuntucve1