ID REDHAT-RHSA-2016-0676.NASL Type nessus Reporter Tenable Modified 2017-01-10T00:00:00
Description
An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.
Security Fix(es) :
Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions.
(CVE-2016-0686, CVE-2016-0687)
It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws. (CVE-2016-3427)
It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed.
(CVE-2016-3425)
It was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures.
The use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected.
(CVE-2016-0695)
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2016:0676. The text
# itself is copyright (C) Red Hat, Inc.
#
include("compat.inc");
if (description)
{
script_id(90669);
script_version("$Revision: 2.6 $");
script_cvs_date("$Date: 2017/01/10 20:34:12 $");
script_cve_id("CVE-2016-0686", "CVE-2016-0687", "CVE-2016-0695", "CVE-2016-3425", "CVE-2016-3427");
script_osvdb_id(137301, 137302, 137303, 137305, 137306);
script_xref(name:"RHSA", value:"2016:0676");
script_name(english:"RHEL 5 / 7 : java-1.7.0-openjdk (RHSA-2016:0676)");
script_summary(english:"Checks the rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Red Hat host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"An update for java-1.7.0-openjdk is now available for Red Hat
Enterprise Linux 5 and Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security
impact of Critical. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime
Environment and the OpenJDK 7 Java Software Development Kit.
Security Fix(es) :
* Multiple flaws were discovered in the Serialization and Hotspot
components in OpenJDK. An untrusted Java application or applet could
use these flaws to completely bypass Java sandbox restrictions.
(CVE-2016-0686, CVE-2016-0687)
* It was discovered that the RMI server implementation in the JMX
component in OpenJDK did not restrict which classes can be
deserialized when deserializing authentication credentials. A remote,
unauthenticated attacker able to connect to a JMX port could possibly
use this flaw to trigger deserialization flaws. (CVE-2016-3427)
* It was discovered that the JAXP component in OpenJDK failed to
properly handle Unicode surrogate pairs used as part of the XML
attribute values. Specially crafted XML input could cause a Java
application to use an excessive amount of memory when parsed.
(CVE-2016-3425)
* It was discovered that the Security component in OpenJDK failed to
check the digest algorithm strength when generating DSA signatures.
The use of a digest weaker than the key strength could lead to the
generation of signatures that were weaker than expected.
(CVE-2016-0695)"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.redhat.com/security/data/cve/CVE-2016-0686.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.redhat.com/security/data/cve/CVE-2016-0687.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.redhat.com/security/data/cve/CVE-2016-0695.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.redhat.com/security/data/cve/CVE-2016-3425.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.redhat.com/security/data/cve/CVE-2016-3427.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://rhn.redhat.com/errata/RHSA-2016-0676.html"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-accessibility");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-headless");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.2");
script_set_attribute(attribute:"patch_publication_date", value:"2016/04/21");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/22");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.");
script_family(english:"Red Hat Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! ereg(pattern:"^(5|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x / 7.x", "Red Hat " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo))
{
rhsa = "RHSA-2016:0676";
yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
if (!empty_or_null(yum_report))
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : yum_report
);
exit(0);
}
else
{
audit_message = "affected by Red Hat security advisory " + rhsa;
audit(AUDIT_OS_NOT, audit_message);
}
}
else
{
flag = 0;
if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el5_11")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el5_11")) flag++;
if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el5_11")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el5_11")) flag++;
if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.7.0-openjdk-demo-1.7.0.101-2.6.6.1.el5_11")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.7.0-openjdk-demo-1.7.0.101-2.6.6.1.el5_11")) flag++;
if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.7.0-openjdk-devel-1.7.0.101-2.6.6.1.el5_11")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.7.0-openjdk-devel-1.7.0.101-2.6.6.1.el5_11")) flag++;
if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.7.0-openjdk-javadoc-1.7.0.101-2.6.6.1.el5_11")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.7.0-openjdk-javadoc-1.7.0.101-2.6.6.1.el5_11")) flag++;
if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.7.0-openjdk-src-1.7.0.101-2.6.6.1.el5_11")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.7.0-openjdk-src-1.7.0.101-2.6.6.1.el5_11")) flag++;
if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2")) flag++;
if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"java-1.7.0-openjdk-accessibility-1.7.0.101-2.6.6.1.el7_2")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.7.0-openjdk-accessibility-1.7.0.101-2.6.6.1.el7_2")) flag++;
if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el7_2")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el7_2")) flag++;
if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"java-1.7.0-openjdk-demo-1.7.0.101-2.6.6.1.el7_2")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.7.0-openjdk-demo-1.7.0.101-2.6.6.1.el7_2")) flag++;
if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"java-1.7.0-openjdk-devel-1.7.0.101-2.6.6.1.el7_2")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.7.0-openjdk-devel-1.7.0.101-2.6.6.1.el7_2")) flag++;
if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"java-1.7.0-openjdk-headless-1.7.0.101-2.6.6.1.el7_2")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.7.0-openjdk-headless-1.7.0.101-2.6.6.1.el7_2")) flag++;
if (rpm_check(release:"RHEL7", reference:"java-1.7.0-openjdk-javadoc-1.7.0.101-2.6.6.1.el7_2")) flag++;
if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"java-1.7.0-openjdk-src-1.7.0.101-2.6.6.1.el7_2")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.7.0-openjdk-src-1.7.0.101-2.6.6.1.el7_2")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get() + redhat_report_package_caveat()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.7.0-openjdk / java-1.7.0-openjdk-accessibility / etc");
}
}
{"hash": "66aec7d1aa0f6cec699174a38ea52f3e8552a9d939f2ff32a4bde1c9a078abe3", "naslFamily": "Red Hat Local Security Checks", "id": "REDHAT-RHSA-2016-0676.NASL", "lastseen": "2017-10-29T13:42:25", "viewCount": 6, "hashmap": [{"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "8ba1e684b780dc52a57bcdc1dac37e85", "key": "cpe"}, {"hash": "021694f00fd95bf0fceae0586db4b9dd", "key": "cvelist"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "a8590f76513324184fd68caa42d7ab44", "key": "description"}, {"hash": "49553d40f5f960148e6fd1193c8953f1", "key": "href"}, {"hash": "a6e487b241db96af61fe671a1b90b041", "key": "modified"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "c4b0356fbadbd9947c9663274e19bd7c", "key": "pluginID"}, {"hash": "c0e81b6a5237a82ca7ea8b939802ff49", "key": "published"}, {"hash": "8aa36e61d2685d517995270759254f3f", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "09b7dcce44513dbef34bb0bdf1788bc4", "key": "sourceData"}, {"hash": "283835715fe22d272a5e9307322428a5", "key": "title"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}], "bulletinFamily": "scanner", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-accessibility", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo", "cpe:/o:redhat:enterprise_linux:7.2", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-headless", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "edition": 4, "enchantments": {"vulnersScore": 5.0}, "type": "nessus", "description": "An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions.\n(CVE-2016-0686, CVE-2016-0687)\n\n* It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws. (CVE-2016-3427)\n\n* It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed.\n(CVE-2016-3425)\n\n* It was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures.\nThe use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected.\n(CVE-2016-0695)", "title": "RHEL 5 / 7 : java-1.7.0-openjdk (RHSA-2016:0676)", "history": [{"bulletin": {"hash": "2c3ff1b97b6992605741a20b599832d556d37aa5bced8e72a278744384007c29", "naslFamily": "Red Hat Local Security Checks", "edition": 3, "lastseen": "2017-01-11T06:11:12", "enchantments": {}, "hashmap": [{"hash": "8aa36e61d2685d517995270759254f3f", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "a6e487b241db96af61fe671a1b90b041", "key": "modified"}, {"hash": "283835715fe22d272a5e9307322428a5", "key": "title"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "09b7dcce44513dbef34bb0bdf1788bc4", "key": "sourceData"}, {"hash": "a8590f76513324184fd68caa42d7ab44", "key": "description"}, {"hash": "021694f00fd95bf0fceae0586db4b9dd", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "c0e81b6a5237a82ca7ea8b939802ff49", "key": "published"}, {"hash": "c4b0356fbadbd9947c9663274e19bd7c", "key": "pluginID"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "49553d40f5f960148e6fd1193c8953f1", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "bulletinFamily": "scanner", "cpe": [], "history": [], "id": "REDHAT-RHSA-2016-0676.NASL", "type": "nessus", "description": "An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions.\n(CVE-2016-0686, CVE-2016-0687)\n\n* It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws. (CVE-2016-3427)\n\n* It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed.\n(CVE-2016-3425)\n\n* It was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures.\nThe use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected.\n(CVE-2016-0695)", "viewCount": 5, "title": "RHEL 5 / 7 : java-1.7.0-openjdk (RHSA-2016:0676)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "objectVersion": "1.2", "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0676. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90669);\n script_version(\"$Revision: 2.6 $\");\n script_cvs_date(\"$Date: 2017/01/10 20:34:12 $\");\n\n script_cve_id(\"CVE-2016-0686\", \"CVE-2016-0687\", \"CVE-2016-0695\", \"CVE-2016-3425\", \"CVE-2016-3427\");\n script_osvdb_id(137301, 137302, 137303, 137305, 137306);\n script_xref(name:\"RHSA\", value:\"2016:0676\");\n\n script_name(english:\"RHEL 5 / 7 : java-1.7.0-openjdk (RHSA-2016:0676)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.7.0-openjdk is now available for Red Hat\nEnterprise Linux 5 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* Multiple flaws were discovered in the Serialization and Hotspot\ncomponents in OpenJDK. An untrusted Java application or applet could\nuse these flaws to completely bypass Java sandbox restrictions.\n(CVE-2016-0686, CVE-2016-0687)\n\n* It was discovered that the RMI server implementation in the JMX\ncomponent in OpenJDK did not restrict which classes can be\ndeserialized when deserializing authentication credentials. A remote,\nunauthenticated attacker able to connect to a JMX port could possibly\nuse this flaw to trigger deserialization flaws. (CVE-2016-3427)\n\n* It was discovered that the JAXP component in OpenJDK failed to\nproperly handle Unicode surrogate pairs used as part of the XML\nattribute values. Specially crafted XML input could cause a Java\napplication to use an excessive amount of memory when parsed.\n(CVE-2016-3425)\n\n* It was discovered that the Security component in OpenJDK failed to\ncheck the digest algorithm strength when generating DSA signatures.\nThe use of a digest weaker than the key strength could lead to the\ngeneration of signatures that were weaker than expected.\n(CVE-2016-0695)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2016-0686.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2016-0687.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2016-0695.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2016-3425.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2016-3427.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2016-0676.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0676\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-demo-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-devel-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-src-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-accessibility-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-accessibility-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-demo-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-devel-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-headless-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-headless-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-src-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-accessibility / etc\");\n }\n}\n", "published": "2016-04-22T00:00:00", "pluginID": "90669", "references": ["https://www.redhat.com/security/data/cve/CVE-2016-3425.html", "http://rhn.redhat.com/errata/RHSA-2016-0676.html", "https://www.redhat.com/security/data/cve/CVE-2016-3427.html", "https://www.redhat.com/security/data/cve/CVE-2016-0686.html", "https://www.redhat.com/security/data/cve/CVE-2016-0695.html", "https://www.redhat.com/security/data/cve/CVE-2016-0687.html"], "reporter": "Tenable", "modified": "2017-01-10T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=90669"}, "lastseen": "2017-01-11T06:11:12", "edition": 3, "differentElements": ["cpe"]}, {"bulletin": {"hash": "56020f1fa364a2cd27f6ffc5b78c680f0b5696a6c3985c955c12496533dcde04", "naslFamily": "Red Hat Local Security Checks", "edition": 2, "lastseen": "2016-10-14T21:26:07", "viewCount": 1, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "8aa36e61d2685d517995270759254f3f", "key": "references"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "283835715fe22d272a5e9307322428a5", "key": "title"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "53de945eef2e379c588a969fd3167714", "key": "modified"}, {"hash": "a8590f76513324184fd68caa42d7ab44", "key": "description"}, {"hash": "fe6739a3841b61a38de29b8e459a37a7", "key": "sourceData"}, {"hash": "021694f00fd95bf0fceae0586db4b9dd", "key": "cvelist"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "c0e81b6a5237a82ca7ea8b939802ff49", "key": "published"}, {"hash": "c4b0356fbadbd9947c9663274e19bd7c", "key": "pluginID"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "49553d40f5f960148e6fd1193c8953f1", "key": "href"}], "bulletinFamily": "exploit", "history": [], "id": "REDHAT-RHSA-2016-0676.NASL", "type": "nessus", "description": "An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions.\n(CVE-2016-0686, CVE-2016-0687)\n\n* It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws. (CVE-2016-3427)\n\n* It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed.\n(CVE-2016-3425)\n\n* It was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures.\nThe use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected.\n(CVE-2016-0695)", "title": "RHEL 5 / 7 : java-1.7.0-openjdk (RHSA-2016:0676)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "objectVersion": "1.2", "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0676. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90669);\n script_version(\"$Revision: 2.5 $\");\n script_cvs_date(\"$Date: 2016/10/14 13:45:04 $\");\n\n script_cve_id(\"CVE-2016-0686\", \"CVE-2016-0687\", \"CVE-2016-0695\", \"CVE-2016-3425\", \"CVE-2016-3427\");\n script_osvdb_id(137301, 137302, 137303, 137305, 137306);\n script_xref(name:\"RHSA\", value:\"2016:0676\");\n\n script_name(english:\"RHEL 5 / 7 : java-1.7.0-openjdk (RHSA-2016:0676)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.7.0-openjdk is now available for Red Hat\nEnterprise Linux 5 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* Multiple flaws were discovered in the Serialization and Hotspot\ncomponents in OpenJDK. An untrusted Java application or applet could\nuse these flaws to completely bypass Java sandbox restrictions.\n(CVE-2016-0686, CVE-2016-0687)\n\n* It was discovered that the RMI server implementation in the JMX\ncomponent in OpenJDK did not restrict which classes can be\ndeserialized when deserializing authentication credentials. A remote,\nunauthenticated attacker able to connect to a JMX port could possibly\nuse this flaw to trigger deserialization flaws. (CVE-2016-3427)\n\n* It was discovered that the JAXP component in OpenJDK failed to\nproperly handle Unicode surrogate pairs used as part of the XML\nattribute values. Specially crafted XML input could cause a Java\napplication to use an excessive amount of memory when parsed.\n(CVE-2016-3425)\n\n* It was discovered that the Security component in OpenJDK failed to\ncheck the digest algorithm strength when generating DSA signatures.\nThe use of a digest weaker than the key strength could lead to the\ngeneration of signatures that were weaker than expected.\n(CVE-2016-0695)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2016-0686.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2016-0687.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2016-0695.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2016-3425.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2016-3427.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2016-0676.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-demo-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-devel-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-src-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\n\nif (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\nif (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\nif (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-accessibility-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\nif (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-accessibility-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\nif (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\nif (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\nif (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-demo-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\nif (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\nif (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-devel-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\nif (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\nif (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-headless-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\nif (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-headless-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\nif (rpm_check(release:\"RHEL7\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\nif (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-src-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\nif (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-accessibility / etc\");\n}\n", "published": "2016-04-22T00:00:00", "pluginID": "90669", "references": ["https://www.redhat.com/security/data/cve/CVE-2016-3425.html", "http://rhn.redhat.com/errata/RHSA-2016-0676.html", "https://www.redhat.com/security/data/cve/CVE-2016-3427.html", "https://www.redhat.com/security/data/cve/CVE-2016-0686.html", "https://www.redhat.com/security/data/cve/CVE-2016-0695.html", "https://www.redhat.com/security/data/cve/CVE-2016-0687.html"], "reporter": "Tenable", "modified": "2016-10-14T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=90669"}, "lastseen": "2016-10-14T21:26:07", "edition": 2, "differentElements": ["modified", "sourceData"]}, {"bulletin": {"hash": "15eedd6bc51ec5b82c15aac8e6e709a204231bcc597edc815f3d8349cdb734ae", "naslFamily": "Red Hat Local Security Checks", "edition": 1, "lastseen": "2016-09-26T17:25:47", "viewCount": 0, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "aff19e7d2f5800fbf65dc3d944df032a", "key": "cvss"}, {"hash": "8aa36e61d2685d517995270759254f3f", "key": "references"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "283835715fe22d272a5e9307322428a5", "key": "title"}, {"hash": "a8590f76513324184fd68caa42d7ab44", "key": "description"}, {"hash": "58f2519bd3a4fe8d8f0f9109992681e9", "key": "sourceData"}, {"hash": "021694f00fd95bf0fceae0586db4b9dd", "key": "cvelist"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "c0e81b6a5237a82ca7ea8b939802ff49", "key": "published"}, {"hash": "c4b0356fbadbd9947c9663274e19bd7c", "key": "pluginID"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "49553d40f5f960148e6fd1193c8953f1", "key": "href"}, {"hash": "fac73efdbca315c41813649495552f62", "key": "modified"}], "bulletinFamily": "exploit", "history": [], "id": "REDHAT-RHSA-2016-0676.NASL", "type": "nessus", "description": "An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions.\n(CVE-2016-0686, CVE-2016-0687)\n\n* It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws. (CVE-2016-3427)\n\n* It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed.\n(CVE-2016-3425)\n\n* It was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures.\nThe use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected.\n(CVE-2016-0695)", "title": "RHEL 5 / 7 : java-1.7.0-openjdk (RHSA-2016:0676)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "objectVersion": "1.2", "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0676. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90669);\n script_version(\"$Revision: 2.4 $\");\n script_cvs_date(\"$Date: 2016/04/29 19:33:18 $\");\n\n script_cve_id(\"CVE-2016-0686\", \"CVE-2016-0687\", \"CVE-2016-0695\", \"CVE-2016-3425\", \"CVE-2016-3427\");\n script_osvdb_id(137301, 137302, 137303, 137305, 137306);\n script_xref(name:\"RHSA\", value:\"2016:0676\");\n\n script_name(english:\"RHEL 5 / 7 : java-1.7.0-openjdk (RHSA-2016:0676)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.7.0-openjdk is now available for Red Hat\nEnterprise Linux 5 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* Multiple flaws were discovered in the Serialization and Hotspot\ncomponents in OpenJDK. An untrusted Java application or applet could\nuse these flaws to completely bypass Java sandbox restrictions.\n(CVE-2016-0686, CVE-2016-0687)\n\n* It was discovered that the RMI server implementation in the JMX\ncomponent in OpenJDK did not restrict which classes can be\ndeserialized when deserializing authentication credentials. A remote,\nunauthenticated attacker able to connect to a JMX port could possibly\nuse this flaw to trigger deserialization flaws. (CVE-2016-3427)\n\n* It was discovered that the JAXP component in OpenJDK failed to\nproperly handle Unicode surrogate pairs used as part of the XML\nattribute values. Specially crafted XML input could cause a Java\napplication to use an excessive amount of memory when parsed.\n(CVE-2016-3425)\n\n* It was discovered that the Security component in OpenJDK failed to\ncheck the digest algorithm strength when generating DSA signatures.\nThe use of a digest weaker than the key strength could lead to the\ngeneration of signatures that were weaker than expected.\n(CVE-2016-0695)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2016-0686.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2016-0687.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2016-0695.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2016-3425.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2016-3427.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2016-0676.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-demo-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-devel-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-src-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\n\nif (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\nif (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\nif (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-accessibility-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\nif (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-accessibility-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\nif (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\nif (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\nif (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-demo-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\nif (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\nif (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-devel-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\nif (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\nif (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-headless-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\nif (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-headless-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\nif (rpm_check(release:\"RHEL7\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\nif (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-src-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\nif (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-accessibility / etc\");\n}\n", "published": "2016-04-22T00:00:00", "pluginID": "90669", "references": ["https://www.redhat.com/security/data/cve/CVE-2016-3425.html", "http://rhn.redhat.com/errata/RHSA-2016-0676.html", "https://www.redhat.com/security/data/cve/CVE-2016-3427.html", "https://www.redhat.com/security/data/cve/CVE-2016-0686.html", "https://www.redhat.com/security/data/cve/CVE-2016-0695.html", "https://www.redhat.com/security/data/cve/CVE-2016-0687.html"], "reporter": "Tenable", "modified": "2016-04-29T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=90669"}, "lastseen": "2016-09-26T17:25:47", "edition": 1, "differentElements": ["modified", "sourceData"]}], "objectVersion": "1.3", "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0676. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90669);\n script_version(\"$Revision: 2.6 $\");\n script_cvs_date(\"$Date: 2017/01/10 20:34:12 $\");\n\n script_cve_id(\"CVE-2016-0686\", \"CVE-2016-0687\", \"CVE-2016-0695\", \"CVE-2016-3425\", \"CVE-2016-3427\");\n script_osvdb_id(137301, 137302, 137303, 137305, 137306);\n script_xref(name:\"RHSA\", value:\"2016:0676\");\n\n script_name(english:\"RHEL 5 / 7 : java-1.7.0-openjdk (RHSA-2016:0676)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.7.0-openjdk is now available for Red Hat\nEnterprise Linux 5 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* Multiple flaws were discovered in the Serialization and Hotspot\ncomponents in OpenJDK. An untrusted Java application or applet could\nuse these flaws to completely bypass Java sandbox restrictions.\n(CVE-2016-0686, CVE-2016-0687)\n\n* It was discovered that the RMI server implementation in the JMX\ncomponent in OpenJDK did not restrict which classes can be\ndeserialized when deserializing authentication credentials. A remote,\nunauthenticated attacker able to connect to a JMX port could possibly\nuse this flaw to trigger deserialization flaws. (CVE-2016-3427)\n\n* It was discovered that the JAXP component in OpenJDK failed to\nproperly handle Unicode surrogate pairs used as part of the XML\nattribute values. Specially crafted XML input could cause a Java\napplication to use an excessive amount of memory when parsed.\n(CVE-2016-3425)\n\n* It was discovered that the Security component in OpenJDK failed to\ncheck the digest algorithm strength when generating DSA signatures.\nThe use of a digest weaker than the key strength could lead to the\ngeneration of signatures that were weaker than expected.\n(CVE-2016-0695)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2016-0686.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2016-0687.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2016-0695.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2016-3425.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2016-3427.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2016-0676.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0676\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-demo-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-devel-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-src-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.101-2.6.6.1.el5_11\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-accessibility-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-accessibility-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-demo-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-devel-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-headless-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-headless-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-src-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.101-2.6.6.1.el7_2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-accessibility / etc\");\n }\n}\n", "published": "2016-04-22T00:00:00", "pluginID": "90669", "references": ["https://www.redhat.com/security/data/cve/CVE-2016-3425.html", "http://rhn.redhat.com/errata/RHSA-2016-0676.html", "https://www.redhat.com/security/data/cve/CVE-2016-3427.html", "https://www.redhat.com/security/data/cve/CVE-2016-0686.html", "https://www.redhat.com/security/data/cve/CVE-2016-0695.html", "https://www.redhat.com/security/data/cve/CVE-2016-0687.html"], "reporter": "Tenable", "modified": "2017-01-10T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=90669"}
{"result": {"cve": [{"id": "CVE-2016-0695", "type": "cve", "title": "CVE-2016-0695", "description": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security.", "published": "2016-04-21T06:59:55", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0695", "cvelist": ["CVE-2016-0695"], "lastseen": "2017-11-10T11:54:08"}, {"id": "CVE-2016-3427", "type": "cve", "title": "CVE-2016-3427", "description": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.", "published": "2016-04-21T07:00:21", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3427", "cvelist": ["CVE-2016-3427"], "lastseen": "2018-01-05T11:52:10"}, {"id": "CVE-2016-0687", "type": "cve", "title": "CVE-2016-0687", "description": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component.", "published": "2016-04-21T06:59:47", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0687", "cvelist": ["CVE-2016-0687"], "lastseen": "2018-01-05T11:52:00"}, {"id": "CVE-2016-3425", "type": "cve", "title": "CVE-2016-3425", "description": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect availability via vectors related to JAXP.", "published": "2016-04-21T07:00:19", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3425", "cvelist": ["CVE-2016-3425"], "lastseen": "2017-11-10T11:54:17"}, {"id": "CVE-2016-0686", "type": "cve", "title": "CVE-2016-0686", "description": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization.", "published": "2016-04-21T06:59:47", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0686", "cvelist": ["CVE-2016-0686"], "lastseen": "2018-01-05T11:52:00"}], "f5": [{"id": "F5:K33285044", "type": "f5", "title": "Oracle Java SE vulnerability CVE-2016-0695", "description": "\nF5 Product Development has assigned ID 591358 (BIG-IP), ID 594415 (BIG-IQ), ID 594418 (Enterprise Manager), ID 552323 (ARX), and INSTALLER-2441 (Traffix SDC) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth>) may list Heuristic H595913 on the **Diagnostics** >** Identified** >** Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| 12.1.2| Low| Base operating system \nBIG-IP AAM| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| 12.1.2| Low| Base operating system \nBIG-IP AFM| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| 12.1.2| Low| Base operating system \nBIG-IP Analytics| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1| 12.1.2| Low| Base operating system \nBIG-IP APM| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| 12.1.2| Low| Base operating system \nBIG-IP ASM| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| 12.1.2| Low| Base operating system \nBIG-IP DNS| 12.0.0 - 12.1.1| 12.1.2| Low| Base operating system \nBIG-IP Edge Gateway| 11.2.1 \n10.2.1 - 10.2.4 \nNone| None| Low| Base operating system \nBIG-IP GTM| 11.4.0 - 11.6.1 \n11.2.1 \n10.1.0 - 10.2.4 \nNone| None| Low| Base operating system \nBIG-IP Link Controller| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| 12.1.2| Low| Base operating system \nBIG-IP PEM| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| 12.1.2| Low| Base operating system \nBIG-IP PSM| 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4| None| Low| Base operating system \nBIG-IP WebAccelerator| 11.2.1 \n10.2.1 - 10.2.4| None| Low| Base operating system \nBIG-IP WOM| 11.2.1 \n10.2.1 - 10.2.4| None| Low| Base operating system \nARX| 6.2.0 - 6.4.0| None| Low| Java SE \nEnterprise Manager| 3.1.1| None| Low| JRE \nFirePass| None| 7.0.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Low| JRE \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Low| JRE \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Low| JRE \nBIG-IQ ADC| 4.5.0| None| Low| JRE \nBIG-IQ Centralized Management| 5.0.0 - 5.1.0 \n4.6.0| None| Low| JRE \nBIG-IQ Cloud and Orchestration| 1.0.0| None| Low| JRE \nF5 iWorkflow| 2.0.0 - 2.0.2| None| Low| JRE \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 MobileSafe| None| 1.0.0| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| 5.0.0 \n4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| None| Low| Java SE\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "published": "2016-06-01T21:39:00", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://support.f5.com/csp/article/K33285044", "cvelist": ["CVE-2016-0695"], "lastseen": "2017-06-08T00:16:30"}, {"id": "SOL33285044", "type": "f5", "title": "SOL33285044 - Oracle Java SE vulnerability CVE-2016-0695", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "published": "2016-06-01T00:00:00", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://support.f5.com/kb/en-us/solutions/public/k/33/sol33285044.html", "cvelist": ["CVE-2016-0695"], "lastseen": "2016-09-26T17:23:01"}, {"id": "F5:K73112451", "type": "f5", "title": "Oracle Java SE vulnerability CVE-2016-3427", "description": "\nF5 Product Development has assigned ID 591358 (BIG-IP), ID 594415 (BIG-IQ), ID 594418 (Enterprise Manager), ID 552323 (ARX), and INSTALLER-2440 (Traffix SDC) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth>) may list Heuristic H595913-1 on the **Diagnostics** > **Identified** > **Medium** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| 12.1.2| Medium| Tomcat, Configuration utility \nBIG-IP AAM| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| 12.1.2| Medium| Tomcat, Configuration utility \nBIG-IP AFM| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| 12.1.2| Medium| Tomcat, Configuration utility \nBIG-IP Analytics| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1| 12.1.2| Medium| Tomcat, Configuration utility \nBIG-IP APM| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| 12.1.2| Medium| Tomcat, Configuration utility \nBIG-IP ASM| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| 12.1.2| Medium| Tomcat, Configuration utility \nBIG-IP DNS| 12.0.0 - 12.1.1| 12.1.2| Medium| Tomcat, Configuration utility \nBIG-IP Edge Gateway| 11.2.1 \n10.2.1 - 10.2.4| None| Medium| Tomcat, Configuration utility \nBIG-IP GTM| 11.4.0 - 11.6.1 \n11.2.1 \n10.1.0 - 10.2.4| None| Medium| Tomcat, Configuration utility \nBIG-IP Link Controller| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| 12.1.2| Medium| Tomcat, Configuration utility \nBIG-IP PEM| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| 12.1.2| Medium| Tomcat, Configuration utility \nBIG-IP PSM| 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4| None| Medium| Tomcat, Configuration utility \nBIG-IP WebAccelerator| 11.2.1 \n10.2.1 - 10.2.4| None| Medium| Tomcat, Configuration utility \nBIG-IP WOM| 11.2.1 \n10.2.1 - 10.2.4| None| Medium| Tomcat, Configuration utility \nARX| 6.2.0 - 6.4.0| None| Low| Java SE \nEnterprise Manager| 3.1.1| None| Medium| JRE \nFirePass| None| 7.0.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Medium| JRE \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Medium| JRE \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Medium| JRE \nBIG-IQ ADC| 4.5.0| None| Medium| JRE \nBIG-IQ Centralized Management| 5.0.0 - 5.1.0 \n4.6.0| None| Medium| JRE \nBIG-IQ Cloud and Orchestration| 1.0.0| None| Medium| JRE \nF5 iWorkflow| 2.0.0 - 2.0.2| None| Medium| JRE \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 MobileSafe| None| 1.0.0| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| 5.0.0 \n4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| None| Low| Java SE\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, F5 recommends that you avoid exposing JMX RMI ports through management or data interfaces.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "published": "2016-05-28T08:22:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://support.f5.com/csp/article/K73112451", "cvelist": ["CVE-2016-3427"], "lastseen": "2017-06-08T00:16:08"}, {"id": "SOL73112451", "type": "f5", "title": "SOL73112451 - Oracle Java SE vulnerability CVE-2016-3427", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability, F5 recommends that you avoid exposing JMX RMI ports through management or data interfaces.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "published": "2016-05-27T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://support.f5.com/kb/en-us/solutions/public/k/73/sol73112451.html", "cvelist": ["CVE-2016-3427"], "lastseen": "2016-09-26T17:23:05"}, {"id": "F5:K49820145", "type": "f5", "title": "Apache Tomcat vulnerability CVE-2016-8735", "description": "\nF5 Product Development has assigned ID 466436 (ARX) and INSTALLER-2832 (Traffix SDC) to this vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.1| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebSafe| None| 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1| Not vulnerable| None \nARX| 6.2.0 - 6.4.0| None| Medium| Apache Tomcat \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.1.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.0.2| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nTraffix SDC| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| None| Medium| Apache Tomcat\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nTo mitigate this vulnerability, you can limit access to the ARX GUI and Traffix SDC Management Console to only use secure networks.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "published": "2016-12-02T01:34:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://support.f5.com/csp/article/K49820145", "cvelist": ["CVE-2016-3427", "CVE-2016-8735"], "lastseen": "2017-06-08T00:16:31"}, {"id": "SOL77535578", "type": "f5", "title": "SOL77535578 - Multiple Java SE client-side vulnerabilities", "description": "Vulnerability Recommended Actions\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "published": "2016-05-26T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://support.f5.com/kb/en-us/solutions/public/k/77/sol77535578.html", "cvelist": ["CVE-2016-3426", "CVE-2016-3449", "CVE-2016-3422", "CVE-2016-0636", "CVE-2016-3443", "CVE-2016-0687", "CVE-2016-0686"], "lastseen": "2016-11-09T00:09:56"}, {"id": "F5:K77535578", "type": "f5", "title": "Multiple Java SE client-side vulnerabilities", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.0 \n11.3.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.0| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.0 \n11.3.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.0.0 - 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 MobileSafe| None| 1.0.0| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 5.0.0 \n4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 \n| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "published": "2016-05-26T22:43:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://support.f5.com/csp/article/K77535578", "cvelist": ["CVE-2016-3426", "CVE-2016-3449", "CVE-2016-3422", "CVE-2016-0636", "CVE-2016-3443", "CVE-2016-0687", "CVE-2016-0686"], "lastseen": "2017-06-08T00:16:17"}, {"id": "F5:K81223200", "type": "f5", "title": "Oracle Java SE vulnerability CVE-2016-3425", "description": "\nF5 Product Development has assigned ID 591358 (BIG-IP), ID 594415 (BIG-IQ), ID 594418 (Enterprise Manager), ID 552323 (ARX), and INSTALLER-2442 (Traffix SDC) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth>) may list Heuristic H595913-2 on the **Diagnostics** > **Identified** > **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| 12.1.2| Low| Configuration utility \nBIG-IP AAM| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| 12.1.2| Low| Configuration utility \nBIG-IP AFM| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| 12.1.2| Low| Configuration utility \nBIG-IP Analytics| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1| 12.1.2| Low| Configuration utility \nBIG-IP APM| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| 12.1.2| Low| Configuration utility \nBIG-IP ASM| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| 12.1.2| Low| Configuration utility \nBIG-IP DNS| 12.0.0 - 12.1.1| 12.1.2| Low| Configuration utility \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 \nNone| None| Low| Configuration utility \nBIG-IP GTM| 11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| None| Low| Configuration utility \nBIG-IP Link Controller| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| 12.1.2| Low| Configuration utility \nBIG-IP PEM| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| 12.1.2| Low| Configuration utility \nBIG-IP PSM| 11.4.0 - 11.4.1 \n11.2.1 \n10.2.1 - 10.2.4| None| Low| Configuration utility \nBIG-IP WebAccelerator| 11.2.1 \n10.2.1 - 10.2.4| None| Low| Configuration utility \nBIG-IP WOM| 11.2.1 \n10.2.1 - 10.2.4| None| Low| Configuration utility \nARX| 6.2.0 - 6.4.0| None| Low| Java SE \nEnterprise Manager| 3.1.1| None| Low| JRE \nFirePass| None| 7.0.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Low| JRE \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Low| JRE \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Low| JRE \nBIG-IQ ADC| 4.5.0| None| Low| JRE \nBIG-IQ Centralized Management| 5.0.0 - 5.1.0 \n4.6.0| None| Low| JRE \nBIG-IQ Cloud and Orchestration| 1.0.0| None| Low| JRE \nF5 iWorkflow| 2.0.0 - 2.0.2| None| Low| JRE \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 MobileSafe| None| 1.0.0| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| 5.0.0 \n4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| None| Low| Java SE\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "published": "2016-05-28T08:20:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://support.f5.com/csp/article/K81223200", "cvelist": ["CVE-2016-3425"], "lastseen": "2017-06-08T00:16:31"}, {"id": "SOL81223200", "type": "f5", "title": "SOL81223200 - Oracle Java SE vulnerability CVE-2016-3425", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "published": "2016-05-27T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://support.f5.com/kb/en-us/solutions/public/k/81/sol81223200.html", "cvelist": ["CVE-2016-3425"], "lastseen": "2016-09-26T17:23:10"}], "nessus": [{"id": "ORACLE_JROCKIT_CPU_APR_2016.NASL", "type": "nessus", "title": "Oracle JRockit R28.3.9 Multiple Vulnerabilities (April 2016 CPU)", "description": "The version of Oracle JRockit installed on the remote Windows host is 28.3.9. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists related to the Security subcomponent that allows a remote attacker to access potentially sensitive information. No other details are available. (CVE-2016-0695)\n\n - An unspecified flaw exists related to the JAXP subcomponent that allows a remote attacker to cause a denial of service. No other details are available.\n (CVE-2016-3425)\n\n - An unspecified flaw exists related to the JMX subcomponent that allows a remote attacker to execute arbitrary code. No other details are available.\n (CVE-2016-3427)", "published": "2016-04-20T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=90604", "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-3425"], "lastseen": "2017-10-29T13:42:41"}, {"id": "ORACLELINUX_ELSA-2016-0675.NASL", "type": "nessus", "title": "Oracle Linux 6 : java-1.7.0-openjdk (ELSA-2016-0675)", "description": "From Red Hat Security Advisory 2016:0675 :\n\nAn update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions.\n(CVE-2016-0686, CVE-2016-0687)\n\n* It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws. (CVE-2016-3427)\n\n* It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed.\n(CVE-2016-3425)\n\n* It was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures.\nThe use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected.\n(CVE-2016-0695)\n\nNote: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.", "published": "2016-04-22T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=90666", "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "lastseen": "2017-10-29T13:39:59"}, {"id": "REDHAT-RHSA-2016-0675.NASL", "type": "nessus", "title": "RHEL 6 : java-1.7.0-openjdk (RHSA-2016:0675)", "description": "An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions.\n(CVE-2016-0686, CVE-2016-0687)\n\n* It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws. (CVE-2016-3427)\n\n* It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed.\n(CVE-2016-3425)\n\n* It was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures.\nThe use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected.\n(CVE-2016-0695)\n\nNote: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.", "published": "2016-04-22T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=90668", "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "lastseen": "2017-10-29T13:36:57"}, {"id": "OPENSUSE-2016-553.NASL", "type": "nessus", "title": "openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-553)", "description": "This update for java-1_7_0-openjdk to version 2.6.6 fixes five security issues.\n\nThese security issues were fixed :\n\n - CVE-2016-0686: Ensure thread consistency (bsc#976340).\n\n - CVE-2016-0687: Better byte behavior (bsc#976340).\n\n - CVE-2016-0695: Make DSA more fair (bsc#976340).\n\n - CVE-2016-3425: Better buffering of XML strings (bsc#976340).\n\n - CVE-2016-3427: Improve JMX connections (bsc#976340).", "published": "2016-05-05T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=90905", "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "lastseen": "2017-10-29T13:38:20"}, {"id": "SUSE_SU-2016-1250-1.NASL", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2016:1250-1)", "description": "This update for java-1_7_0-openjdk to version 2.6.6 fixes five security issues.\n\nThese security issues were fixed :\n\n - CVE-2016-0686: Ensure thread consistency (bsc#976340).\n\n - CVE-2016-0687: Better byte behavior (bsc#976340).\n\n - CVE-2016-0695: Make DSA more fair (bsc#976340).\n\n - CVE-2016-3425: Better buffering of XML strings (bsc#976340).\n\n - CVE-2016-3427: Improve JMX connections (bsc#976340).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2016-05-09T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=90993", "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "lastseen": "2017-10-29T13:45:14"}, {"id": "ALA_ALAS-2016-693.NASL", "type": "nessus", "title": "Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2016-693)", "description": "It was discovered that the ObjectInputStream class in the Serialization component of OpenJDK failed to properly ensure thread consistency when deserializing serialized input. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2016-0686)\n\nIt was discovered that the Hotspot component of OpenJDK did not properly handle byte types. An untrusted Java application or applet could use this flaw to corrupt Java virtual machine memory and possibly execute arbitrary code, bypassing Java sandbox restrictions.\n(CVE-2016-0687)\n\nIt was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws. (CVE-2016-3427)\n\nIt was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed.\n(CVE-2016-3425)\n\nIt was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures.\nThe use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected.\n(CVE-2016-0695)", "published": "2016-04-29T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=90777", "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "lastseen": "2018-04-19T07:53:56"}, {"id": "OPENSUSE-2016-573.NASL", "type": "nessus", "title": "openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-573)", "description": "This update for java-1_7_0-openjdk to version 2.6.6 fixes five security issues.\n\nThese security issues were fixed :\n\n - CVE-2016-0686: Ensure thread consistency (bsc#976340).\n\n - CVE-2016-0687: Better byte behavior (bsc#976340).\n\n - CVE-2016-0695: Make DSA more fair (bsc#976340).\n\n - CVE-2016-3425: Better buffering of XML strings (bsc#976340).\n\n - CVE-2016-3427: Improve JMX connections (bsc#976340).\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "published": "2016-05-09T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=90985", "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "lastseen": "2017-10-29T13:36:14"}, {"id": "SL_20160421_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x, SL7.x i386/x86_64", "description": "Security Fix(es) :\n\n - Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions.\n (CVE-2016-0686, CVE-2016-0687)\n\n - It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws.\n (CVE-2016-3427)\n\n - It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed. (CVE-2016-3425)\n\n - It was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures. The use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected.\n (CVE-2016-0695)", "published": "2016-04-22T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=90673", "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "lastseen": "2017-10-29T13:33:17"}, {"id": "EULEROS_SA-2016-1015.NASL", "type": "nessus", "title": "EulerOS 2.0 SP1 : java-1.7.0-openjdk (EulerOS-SA-2016-1015)", "description": "According to the versions of the java-1.7.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions.(CVE-2016-0686, CVE-2016-0687)\n\n - It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws.\n (CVE-2016-3427)\n\n - It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed.(CVE-2016-3425)\n\n - It was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures.The use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected.(CVE-2016-0695)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2017-05-01T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=99778", "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "lastseen": "2018-06-14T07:15:11"}, {"id": "CENTOS_RHSA-2016-0723.NASL", "type": "nessus", "title": "CentOS 5 / 6 / 7 : java-1.6.0-openjdk (CESA-2016:0723)", "description": "An update for java-1.6.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions.\n(CVE-2016-0686, CVE-2016-0687)\n\n* It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws. (CVE-2016-3427)\n\n* It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed.\n(CVE-2016-3425)\n\n* It was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures.\nThe use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected.\n(CVE-2016-0695)", "published": "2016-05-11T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=91018", "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "lastseen": "2017-10-29T13:41:11"}], "openvas": [{"id": "OPENVAS:1361412562310120682", "type": "openvas", "title": "Amazon Linux Local Check: alas-2016-693", "description": "Amazon Linux Local Security Checks", "published": "2016-05-09T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120682", "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "lastseen": "2017-07-24T12:54:03"}, {"id": "OPENVAS:1361412562310871601", "type": "openvas", "title": "RedHat Update for java-1.7.0-openjdk RHSA-2016:0676-01", "description": "Check the version of java-1.7.0-openjdk", "published": "2016-04-22T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871601", "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "lastseen": "2017-07-27T10:54:28"}, {"id": "OPENVAS:1361412562310120689", "type": "openvas", "title": "Amazon Linux Local Check: alas-2016-700", "description": "Amazon Linux Local Security Checks", "published": "2016-10-26T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120689", "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "lastseen": "2017-07-24T12:54:14"}, {"id": "OPENVAS:1361412562310882468", "type": "openvas", "title": "CentOS Update for java CESA-2016:0675 centos6 ", "description": "Check the version of java", "published": "2016-04-22T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882468", "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "lastseen": "2017-07-25T10:54:59"}, {"id": "OPENVAS:1361412562310871600", "type": "openvas", "title": "RedHat Update for java-1.7.0-openjdk RHSA-2016:0675-01", "description": "Check the version of java-1.7.0-openjdk", "published": "2016-04-22T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871600", "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "lastseen": "2017-07-27T10:54:44"}, {"id": "OPENVAS:1361412562310882467", "type": "openvas", "title": "CentOS Update for java CESA-2016:0676 centos7 ", "description": "Check the version of java", "published": "2016-04-22T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882467", "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "lastseen": "2017-07-25T10:54:47"}, {"id": "OPENVAS:1361412562310851303", "type": "openvas", "title": "SuSE Update for java-1_7_0-openjdk openSUSE-SU-2016:1265-1 (java-1_7_0-openjdk)", "description": "Check the version of java-1_7_0-openjdk", "published": "2016-05-08T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851303", "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "lastseen": "2017-12-12T11:18:03"}, {"id": "OPENVAS:1361412562310882487", "type": "openvas", "title": "CentOS Update for java CESA-2016:0723 centos7 ", "description": "Check the version of java", "published": "2016-05-10T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882487", "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "lastseen": "2017-07-25T10:55:01"}, {"id": "OPENVAS:1361412562310842733", "type": "openvas", "title": "Ubuntu Update for openjdk-7 USN-2964-1", "description": "Check the version of openjdk-7", "published": "2016-05-06T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842733", "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "lastseen": "2018-04-30T14:09:36"}, {"id": "OPENVAS:1361412562310882485", "type": "openvas", "title": "CentOS Update for java CESA-2016:0723 centos5 ", "description": "Check the version of java", "published": "2016-05-10T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882485", "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "lastseen": "2017-07-25T10:54:50"}], "ubuntu": [{"id": "USN-2972-1", "type": "ubuntu", "title": "OpenJDK 6 vulnerabilities", "description": "Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code. (CVE-2016-0686, CVE-2016-0687, CVE-2016-3427)\n\nA vulnerability was discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit this to expose sensitive data over the network. (CVE-2016-0695)\n\nA vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could exploit this to cause a denial of service. (CVE-2016-3425)", "published": "2016-05-10T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/2972-1/", "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "lastseen": "2018-03-29T18:17:49"}, {"id": "USN-2964-1", "type": "ubuntu", "title": "OpenJDK 7 vulnerabilities", "description": "Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code. (CVE-2016-0686, CVE-2016-0687, CVE-2016-3427)\n\nA vulnerability was discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit this to expose sensitive data over the network. (CVE-2016-0695)\n\nA vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could exploit this to cause a denial of service. (CVE-2016-3425)", "published": "2016-05-05T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/2964-1/", "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "lastseen": "2018-03-29T18:17:12"}, {"id": "USN-2963-1", "type": "ubuntu", "title": "OpenJDK 8 vulnerabilities", "description": "Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code. (CVE-2016-0686, CVE-2016-0687, CVE-2016-3427)\n\nMultiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit this to expose sensitive data over the network. (CVE-2016-0695, CVE-2016-3426)\n\nA vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could exploit this to cause a denial of service. (CVE-2016-3425)", "published": "2016-05-05T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/2963-1/", "cvelist": ["CVE-2016-3426", "CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "lastseen": "2018-03-29T18:21:29"}], "suse": [{"id": "OPENSUSE-SU-2016:1230-1", "type": "suse", "title": "Security update for java-1_7_0-openjdk (important)", "description": "This update for java-1_7_0-openjdk to version 2.6.6 fixes five security\n issues.\n\n These security issues were fixed:\n - CVE-2016-0686: Ensure thread consistency (bsc#976340).\n - CVE-2016-0687: Better byte behavior (bsc#976340).\n - CVE-2016-0695: Make DSA more fair (bsc#976340).\n - CVE-2016-3425: Better buffering of XML strings (bsc#976340).\n - CVE-2016-3427: Improve JMX connections (bsc#976340).\n\n", "published": "2016-05-04T16:15:53", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.html", "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "lastseen": "2016-09-04T11:35:13"}, {"id": "OPENSUSE-SU-2016:1265-1", "type": "suse", "title": "Security update for java-1_7_0-openjdk (important)", "description": "This update for java-1_7_0-openjdk to version 2.6.6 fixes five security\n issues.\n\n These security issues were fixed:\n - CVE-2016-0686: Ensure thread consistency (bsc#976340).\n - CVE-2016-0687: Better byte behavior (bsc#976340).\n - CVE-2016-0695: Make DSA more fair (bsc#976340).\n - CVE-2016-3425: Better buffering of XML strings (bsc#976340).\n - CVE-2016-3427: Improve JMX connections (bsc#976340).\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "published": "2016-05-07T15:09:13", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00027.html", "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "lastseen": "2016-09-04T11:50:20"}, {"id": "OPENSUSE-SU-2016:1235-1", "type": "suse", "title": "Security update for java-1_7_0-openjdk (important)", "description": "This update for java-1_7_0-openjdk to version 2.6.6 fixes five security\n issues.\n\n These security issues were fixed:\n - CVE-2016-0686: Ensure thread consistency (bsc#976340).\n - CVE-2016-0687: Better byte behavior (bsc#976340).\n - CVE-2016-0695: Make DSA more fair (bsc#976340).\n - CVE-2016-3425: Better buffering of XML strings (bsc#976340).\n - CVE-2016-3427: Improve JMX connections (bsc#976340).\n\n", "published": "2016-05-04T21:07:57", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.html", "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "lastseen": "2016-09-04T11:56:36"}, {"id": "SUSE-SU-2016:1250-1", "type": "suse", "title": "Security update for java-1_7_0-openjdk (important)", "description": "This update for java-1_7_0-openjdk to version 2.6.6 fixes five security\n issues.\n\n These security issues were fixed:\n - CVE-2016-0686: Ensure thread consistency (bsc#976340).\n - CVE-2016-0687: Better byte behavior (bsc#976340).\n - CVE-2016-0695: Make DSA more fair (bsc#976340).\n - CVE-2016-3425: Better buffering of XML strings (bsc#976340).\n - CVE-2016-3427: Improve JMX connections (bsc#976340).\n\n", "published": "2016-05-06T13:14:05", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00022.html", "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "lastseen": "2016-09-04T11:43:03"}, {"id": "SUSE-SU-2016:1248-1", "type": "suse", "title": "Security update for java-1_8_0-openjdk (important)", "description": "This update for java-1_8_0-openjdk fixes the following security issues -\n April 2016 Oracle CPU (bsc#976340):\n\n - CVE-2016-0686: Unspecified vulnerability allowed remote attackers to\n affect confidentiality, integrity, and availability via vectors related\n to Serialization.\n - CVE-2016-0687: Unspecified vulnerability allowed remote attackers to\n affect confidentiality, integrity, and availability via vectors related\n to the Hotspot sub-component\n - CVE-2016-0695: Unspecified vulnerability allowed remote attackers to\n affect confidentiality via vectors related to the Security Component\n - CVE-2016-3425: Unspecified vulnerability allowed remote attackers to\n affect availability via vectors related to JAXP\n - CVE-2016-3426: Unspecified vulnerability allowed remote attackers to\n affect confidentiality via vectors related to JCE\n - CVE-2016-3427: Unspecified vulnerability allowed remote attackers to\n affect confidentiality, integrity, and availability via vectors related\n to JMX\n\n", "published": "2016-05-06T13:13:04", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.html", "cvelist": ["CVE-2016-3426", "CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "lastseen": "2016-09-04T12:46:49"}, {"id": "OPENSUSE-SU-2016:1222-1", "type": "suse", "title": "Security update for java-1_8_0-openjdk (important)", "description": "This update for java-1_8_0-openjdk fixes the following security issues -\n April 2016 Oracle CPU (bsc#976340):\n\n - CVE-2016-0686: Unspecified vulnerability allowed remote attackers to\n affect confidentiality, integrity, and availability via vectors related\n to Serialization.\n - CVE-2016-0687: Unspecified vulnerability allowed remote attackers to\n affect confidentiality, integrity, and availability via vectors related\n to the Hotspot sub-component\n - CVE-2016-0695: Unspecified vulnerability allowed remote attackers to\n affect confidentiality via vectors related to the Security Component\n - CVE-2016-3425: Unspecified vulnerability allowed remote attackers to\n affect availability via vectors related to JAXP\n - CVE-2016-3426: Unspecified vulnerability allowed remote attackers to\n affect confidentiality via vectors related to JCE\n - CVE-2016-3427: Unspecified vulnerability allowed remote attackers to\n affect confidentiality, integrity, and availability via vectors related\n to JMX\n\n", "published": "2016-05-04T16:11:55", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html", "cvelist": ["CVE-2016-3426", "CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "lastseen": "2016-09-04T12:07:54"}, {"id": "OPENSUSE-SU-2016:1262-1", "type": "suse", "title": "Security update for java-1_8_0-openjdk (important)", "description": "This update for java-1_8_0-openjdk fixes the following security issues -\n April 2016 Oracle CPU (bsc#976340):\n\n - CVE-2016-0686: Unspecified vulnerability allowed remote attackers to\n affect confidentiality, integrity, and availability via vectors related\n to Serialization.\n - CVE-2016-0687: Unspecified vulnerability allowed remote attackers to\n affect confidentiality, integrity, and availability via vectors related\n to the Hotspot sub-component\n - CVE-2016-0695: Unspecified vulnerability allowed remote attackers to\n affect confidentiality via vectors related to the Security Component\n - CVE-2016-3425: Unspecified vulnerability allowed remote attackers to\n affect availability via vectors related to JAXP\n - CVE-2016-3426: Unspecified vulnerability allowed remote attackers to\n affect confidentiality via vectors related to JCE\n - CVE-2016-3427: Unspecified vulnerability allowed remote attackers to\n affect confidentiality, integrity, and availability via vectors related\n to JMX\n\n This update was imported from the SUSE:SLE-12-SP1:Update update project.\n\n", "published": "2016-05-07T15:07:42", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.html", "cvelist": ["CVE-2016-3426", "CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "lastseen": "2016-09-04T12:05:54"}, {"id": "SUSE-SU-2016:1303-1", "type": "suse", "title": "Security update for java-1_6_0-ibm (important)", "description": "This IBM Java 1.6.0 SR16 FP25 release fixes the following issues:\n\n Security issues fixed:\n - CVE-2016-0264: buffer overflow vulnerability in the IBM JVM (bsc#977648)\n - CVE-2016-0363: insecure use of invoke method in CORBA component,\n incorrect CVE-2013-3009 fix (bsc#977650)\n - CVE-2016-0376: insecure deserialization in CORBA, incorrect\n CVE-2013-5456 fix (bsc#977646)\n - The following CVEs got also fixed during this update. (bsc#979252)\n CVE-2016-3443, CVE-2016-0687, CVE-2016-0686, CVE-2016-3427,\n CVE-2016-3449, CVE-2016-3422, CVE-2016-3426\n\n", "published": "2016-05-13T21:07:55", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html", "cvelist": ["CVE-2016-3426", "CVE-2016-3427", "CVE-2016-3449", "CVE-2016-0363", "CVE-2016-3422", "CVE-2013-3009", "CVE-2016-3443", "CVE-2016-0687", "CVE-2016-0376", "CVE-2013-5456", "CVE-2016-0686", "CVE-2016-0264"], "lastseen": "2016-09-04T12:46:24"}, {"id": "SUSE-SU-2016:1378-1", "type": "suse", "title": "Security update for java-1_7_0-ibm (important)", "description": "This IBM Java 1.7.0 SR9 FP40 release fixes the following issues:\n\n Security issues fixed:\n - CVE-2016-0264: buffer overflow vulnerability in the IBM JVM (bsc#977648)\n - CVE-2016-0363: insecure use of invoke method in CORBA component,\n incorrect CVE-2013-3009 fix (bsc#977650)\n - CVE-2016-0376: insecure deserialization in CORBA, incorrect\n CVE-2013-5456 fix (bsc#977646)\n - The following CVEs got also fixed during this update. (bsc#979252)\n CVE-2016-3443, CVE-2016-0687, CVE-2016-0686, CVE-2016-3427,\n CVE-2016-3449, CVE-2016-3422, CVE-2016-3426\n\n", "published": "2016-05-21T02:07:49", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html", "cvelist": ["CVE-2016-3426", "CVE-2016-3427", "CVE-2016-3449", "CVE-2016-0363", "CVE-2016-3422", "CVE-2013-3009", "CVE-2016-3443", "CVE-2016-0687", "CVE-2016-0376", "CVE-2013-5456", "CVE-2016-0686", "CVE-2016-0264"], "lastseen": "2016-09-04T12:05:46"}, {"id": "SUSE-SU-2016:1475-1", "type": "suse", "title": "Security update for java-1_8_0-ibm (important)", "description": "This update for java-1_8_0-ibm fixes the following issues:\n\n - IBM Java 80-3.0 released: (bsc#977646 bsc#977648 bsc#977650 bsc#979252)\n CVE-2016-0376 CVE-2016-0264 CVE-2016-0363 CVE-2016-3443 CVE-2016-0687\n CVE-2016-0686 CVE-2016-3427 CVE-2016-3449 CVE-2016-3422 CVE-2016-3426\n\n - There is no HtmlConverter and apt provided by jdk8 bsc#965665\n\n", "published": "2016-06-02T11:08:13", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html", "cvelist": ["CVE-2016-3426", "CVE-2016-3427", "CVE-2016-3449", "CVE-2016-0363", "CVE-2016-3422", "CVE-2016-3443", "CVE-2016-0687", "CVE-2016-0376", "CVE-2016-0686", "CVE-2016-0264"], "lastseen": "2016-09-04T11:56:09"}], "centos": [{"id": "CESA-2016:0676", "type": "centos", "title": "java security update", "description": "**CentOS Errata and Security Advisory** CESA-2016:0676\n\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment\nand the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es):\n\n* Multiple flaws were discovered in the Serialization and Hotspot components in\nOpenJDK. An untrusted Java application or applet could use these flaws to\ncompletely bypass Java sandbox restrictions. (CVE-2016-0686, CVE-2016-0687)\n\n* It was discovered that the RMI server implementation in the JMX component in\nOpenJDK did not restrict which classes can be deserialized when deserializing\nauthentication credentials. A remote, unauthenticated attacker able to connect\nto a JMX port could possibly use this flaw to trigger deserialization flaws.\n(CVE-2016-3427)\n\n* It was discovered that the JAXP component in OpenJDK failed to properly handle\nUnicode surrogate pairs used as part of the XML attribute values. Specially\ncrafted XML input could cause a Java application to use an excessive amount of\nmemory when parsed. (CVE-2016-3425)\n\n* It was discovered that the Security component in OpenJDK failed to check the\ndigest algorithm strength when generating DSA signatures. The use of a digest\nweaker than the key strength could lead to the generation of signatures that\nwere weaker than expected. (CVE-2016-0695)\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-April/021840.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-April/021841.html\n\n**Affected packages:**\njava-1.7.0-openjdk\njava-1.7.0-openjdk-accessibility\njava-1.7.0-openjdk-demo\njava-1.7.0-openjdk-devel\njava-1.7.0-openjdk-headless\njava-1.7.0-openjdk-javadoc\njava-1.7.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-0676.html", "published": "2016-04-21T15:42:31", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2016-April/021840.html", "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "lastseen": "2017-10-03T18:25:53"}, {"id": "CESA-2016:0723", "type": "centos", "title": "java security update", "description": "**CentOS Errata and Security Advisory** CESA-2016:0723\n\n\nThe java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment\nand the OpenJDK 6 Java Software Development Kit.\n\nSecurity Fix(es):\n\n* Multiple flaws were discovered in the Serialization and Hotspot components in\nOpenJDK. An untrusted Java application or applet could use these flaws to\ncompletely bypass Java sandbox restrictions. (CVE-2016-0686, CVE-2016-0687)\n\n* It was discovered that the RMI server implementation in the JMX component in\nOpenJDK did not restrict which classes can be deserialized when deserializing\nauthentication credentials. A remote, unauthenticated attacker able to connect\nto a JMX port could possibly use this flaw to trigger deserialization flaws.\n(CVE-2016-3427)\n\n* It was discovered that the JAXP component in OpenJDK failed to properly handle\nUnicode surrogate pairs used as part of the XML attribute values. Specially\ncrafted XML input could cause a Java application to use an excessive amount of\nmemory when parsed. (CVE-2016-3425)\n\n* It was discovered that the Security component in OpenJDK failed to check the\ndigest algorithm strength when generating DSA signatures. The use of a digest\nweaker than the key strength could lead to the generation of signatures that\nwere weaker than expected. (CVE-2016-0695)\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-May/021861.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-May/021862.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-May/021863.html\n\n**Affected packages:**\njava-1.6.0-openjdk\njava-1.6.0-openjdk-demo\njava-1.6.0-openjdk-devel\njava-1.6.0-openjdk-javadoc\njava-1.6.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-0723.html", "published": "2016-05-09T15:12:42", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2016-May/021862.html", "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "lastseen": "2017-10-03T18:25:53"}, {"id": "CESA-2016:0675", "type": "centos", "title": "java security update", "description": "**CentOS Errata and Security Advisory** CESA-2016:0675\n\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es):\n\n* Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2016-0686, CVE-2016-0687)\n\n* It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws. (CVE-2016-3427)\n\n* It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed. (CVE-2016-3425)\n\n* It was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures. The use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected. (CVE-2016-0695)\n\nNote: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-April/021837.html\n\n**Affected packages:**\njava-1.7.0-openjdk\njava-1.7.0-openjdk-demo\njava-1.7.0-openjdk-devel\njava-1.7.0-openjdk-javadoc\njava-1.7.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-0675.html", "published": "2016-04-21T14:18:59", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2016-April/021837.html", "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "lastseen": "2017-10-03T18:24:34"}, {"id": "CESA-2016:0651", "type": "centos", "title": "java security update", "description": "**CentOS Errata and Security Advisory** CESA-2016:0651\n\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es):\n\n* Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2016-0686, CVE-2016-0687)\n\n* It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws. (CVE-2016-3427)\n\n* It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed. (CVE-2016-3425)\n\n* It was discovered that the GCM (Galois/Counter Mode) implementation in the JCE component in OpenJDK used a non-constant time comparison when comparing GCM authentication tags. A remote attacker could possibly use this flaw to determine the value of the authentication tag. (CVE-2016-3426)\n\n* It was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures. The use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected. (CVE-2016-0695)\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-April/021838.html\n\n**Affected packages:**\njava-1.8.0-openjdk\njava-1.8.0-openjdk-debug\njava-1.8.0-openjdk-demo\njava-1.8.0-openjdk-demo-debug\njava-1.8.0-openjdk-devel\njava-1.8.0-openjdk-devel-debug\njava-1.8.0-openjdk-headless\njava-1.8.0-openjdk-headless-debug\njava-1.8.0-openjdk-javadoc\njava-1.8.0-openjdk-javadoc-debug\njava-1.8.0-openjdk-src\njava-1.8.0-openjdk-src-debug\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-0651.html", "published": "2016-04-21T14:19:29", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2016-April/021838.html", "cvelist": ["CVE-2016-3426", "CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "lastseen": "2017-10-03T18:24:25"}, {"id": "CESA-2016:0650", "type": "centos", "title": "java security update", "description": "**CentOS Errata and Security Advisory** CESA-2016:0650\n\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es):\n\n* Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2016-0686, CVE-2016-0687)\n\n* It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws. (CVE-2016-3427)\n\n* It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed. (CVE-2016-3425)\n\n* It was discovered that the GCM (Galois/Counter Mode) implementation in the JCE component in OpenJDK used a non-constant time comparison when comparing GCM authentication tags. A remote attacker could possibly use this flaw to determine the value of the authentication tag. (CVE-2016-3426)\n\n* It was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures. The use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected. (CVE-2016-0695)\n\nNote: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-April/021839.html\n\n**Affected packages:**\njava-1.8.0-openjdk\njava-1.8.0-openjdk-accessibility\njava-1.8.0-openjdk-accessibility-debug\njava-1.8.0-openjdk-debug\njava-1.8.0-openjdk-demo\njava-1.8.0-openjdk-demo-debug\njava-1.8.0-openjdk-devel\njava-1.8.0-openjdk-devel-debug\njava-1.8.0-openjdk-headless\njava-1.8.0-openjdk-headless-debug\njava-1.8.0-openjdk-javadoc\njava-1.8.0-openjdk-javadoc-debug\njava-1.8.0-openjdk-src\njava-1.8.0-openjdk-src-debug\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-0650.html", "published": "2016-04-21T15:30:55", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2016-April/021839.html", "cvelist": ["CVE-2016-3426", "CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "lastseen": "2017-10-03T18:26:10"}], "amazon": [{"id": "ALAS-2016-693", "type": "amazon", "title": "Critical: java-1.7.0-openjdk", "description": "**Issue Overview:**\n\nIt was discovered that the ObjectInputStream class in the Serialization component of OpenJDK failed to properly ensure thread consistency when deserializing serialized input. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. ([CVE-2016-0686 __](<https://access.redhat.com/security/cve/CVE-2016-0686>))\n\nIt was discovered that the Hotspot component of OpenJDK did not properly handle byte types. An untrusted Java application or applet could use this flaw to corrupt Java virtual machine memory and possibly execute arbitrary code, bypassing Java sandbox restrictions. ([CVE-2016-0687 __](<https://access.redhat.com/security/cve/CVE-2016-0687>))\n\nIt was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws. ([CVE-2016-3427 __](<https://access.redhat.com/security/cve/CVE-2016-3427>))\n\nIt was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed. ([CVE-2016-3425 __](<https://access.redhat.com/security/cve/CVE-2016-3425>))\n\nIt was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures. The use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected. ([CVE-2016-0695 __](<https://access.redhat.com/security/cve/CVE-2016-0695>))\n\n \n**Affected Packages:** \n\n\njava-1.7.0-openjdk\n\n \n**Issue Correction:** \nRun _yum update java-1.7.0-openjdk_ to update your system. \n\n\n \n**New Packages:**\n \n \n i686: \n java-1.7.0-openjdk-demo-1.7.0.101-2.6.6.1.67.amzn1.i686 \n java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.67.amzn1.i686 \n java-1.7.0-openjdk-devel-1.7.0.101-2.6.6.1.67.amzn1.i686 \n java-1.7.0-openjdk-src-1.7.0.101-2.6.6.1.67.amzn1.i686 \n java-1.7.0-openjdk-1.7.0.101-2.6.6.1.67.amzn1.i686 \n \n noarch: \n java-1.7.0-openjdk-javadoc-1.7.0.101-2.6.6.1.67.amzn1.noarch \n \n src: \n java-1.7.0-openjdk-1.7.0.101-2.6.6.1.67.amzn1.src \n \n x86_64: \n java-1.7.0-openjdk-1.7.0.101-2.6.6.1.67.amzn1.x86_64 \n java-1.7.0-openjdk-debuginfo-1.7.0.101-2.6.6.1.67.amzn1.x86_64 \n java-1.7.0-openjdk-devel-1.7.0.101-2.6.6.1.67.amzn1.x86_64 \n java-1.7.0-openjdk-src-1.7.0.101-2.6.6.1.67.amzn1.x86_64 \n java-1.7.0-openjdk-demo-1.7.0.101-2.6.6.1.67.amzn1.x86_64 \n \n \n", "published": "2016-04-27T16:15:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://alas.aws.amazon.com/ALAS-2016-693.html", "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "lastseen": "2016-09-28T21:04:07"}, {"id": "ALAS-2016-700", "type": "amazon", "title": "Critical: java-1.6.0-openjdk", "description": "**Issue Overview:**\n\nMultiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. ([CVE-2016-0686 __](<https://access.redhat.com/security/cve/CVE-2016-0686>), [CVE-2016-0687 __](<https://access.redhat.com/security/cve/CVE-2016-0687>))\n\nIt was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws. ([CVE-2016-3427 __](<https://access.redhat.com/security/cve/CVE-2016-3427>))\n\nIt was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed. ([CVE-2016-3425 __](<https://access.redhat.com/security/cve/CVE-2016-3425>))\n\nIt was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures. The use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected. ([CVE-2016-0695 __](<https://access.redhat.com/security/cve/CVE-2016-0695>))\n\n \n**Affected Packages:** \n\n\njava-1.6.0-openjdk\n\n \n**Issue Correction:** \nRun _yum update java-1.6.0-openjdk_ to update your system. \n\n\n \n**New Packages:**\n \n \n i686: \n java-1.6.0-openjdk-devel-1.6.0.39-1.13.11.1.74.amzn1.i686 \n java-1.6.0-openjdk-debuginfo-1.6.0.39-1.13.11.1.74.amzn1.i686 \n java-1.6.0-openjdk-demo-1.6.0.39-1.13.11.1.74.amzn1.i686 \n java-1.6.0-openjdk-src-1.6.0.39-1.13.11.1.74.amzn1.i686 \n java-1.6.0-openjdk-1.6.0.39-1.13.11.1.74.amzn1.i686 \n java-1.6.0-openjdk-javadoc-1.6.0.39-1.13.11.1.74.amzn1.i686 \n \n src: \n java-1.6.0-openjdk-1.6.0.39-1.13.11.1.74.amzn1.src \n \n x86_64: \n java-1.6.0-openjdk-src-1.6.0.39-1.13.11.1.74.amzn1.x86_64 \n java-1.6.0-openjdk-javadoc-1.6.0.39-1.13.11.1.74.amzn1.x86_64 \n java-1.6.0-openjdk-demo-1.6.0.39-1.13.11.1.74.amzn1.x86_64 \n java-1.6.0-openjdk-debuginfo-1.6.0.39-1.13.11.1.74.amzn1.x86_64 \n java-1.6.0-openjdk-devel-1.6.0.39-1.13.11.1.74.amzn1.x86_64 \n java-1.6.0-openjdk-1.6.0.39-1.13.11.1.74.amzn1.x86_64 \n \n \n", "published": "2016-05-11T11:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://alas.aws.amazon.com/ALAS-2016-700.html", "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "lastseen": "2016-09-28T21:03:57"}, {"id": "ALAS-2016-688", "type": "amazon", "title": "Critical: java-1.8.0-openjdk", "description": "**Issue Overview:**\n\nIt was discovered that the ObjectInputStream class in the Serialization component of OpenJDK failed to properly ensure thread consistency when deserializing serialized input. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. ([CVE-2016-0686 __](<https://access.redhat.com/security/cve/CVE-2016-0686>))\n\nIt was discovered that the Hotspot component of OpenJDK did not properly handle byte types. An untrusted Java application or applet could use this flaw to corrupt Java virtual machine memory and possibly execute arbitrary code, bypassing Java sandbox restrictions. ([CVE-2016-0687 __](<https://access.redhat.com/security/cve/CVE-2016-0687>))\n\nIt was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws. ([CVE-2016-3427 __](<https://access.redhat.com/security/cve/CVE-2016-3427>))\n\nIt was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed. ([CVE-2016-3425 __](<https://access.redhat.com/security/cve/CVE-2016-3425>))\n\nIt was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures. The use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected. ([CVE-2016-0695 __](<https://access.redhat.com/security/cve/CVE-2016-0695>))\n\nIt was discovered that the GCM (Galois/Counter Mode) implementation in the JCE component of OpenJDK used non-constant time comparison when comparing GCM authentication tag. A remote attacker could possibly use this flaw to determine correct value of the authentication tag and bypass authentication protections of GCM. ([CVE-2016-3426 __](<https://access.redhat.com/security/cve/CVE-2016-3426>)) \n\n\n \n**Affected Packages:** \n\n\njava-1.8.0-openjdk\n\n \n**Issue Correction:** \nRun _yum update java-1.8.0-openjdk_ to update your system. \n\n\n \n**New Packages:**\n \n \n i686: \n java-1.8.0-openjdk-headless-1.8.0.91-0.b14.10.amzn1.i686 \n java-1.8.0-openjdk-devel-1.8.0.91-0.b14.10.amzn1.i686 \n java-1.8.0-openjdk-debuginfo-1.8.0.91-0.b14.10.amzn1.i686 \n java-1.8.0-openjdk-src-1.8.0.91-0.b14.10.amzn1.i686 \n java-1.8.0-openjdk-demo-1.8.0.91-0.b14.10.amzn1.i686 \n java-1.8.0-openjdk-1.8.0.91-0.b14.10.amzn1.i686 \n \n noarch: \n java-1.8.0-openjdk-javadoc-1.8.0.91-0.b14.10.amzn1.noarch \n \n src: \n java-1.8.0-openjdk-1.8.0.91-0.b14.10.amzn1.src \n \n x86_64: \n java-1.8.0-openjdk-headless-1.8.0.91-0.b14.10.amzn1.x86_64 \n java-1.8.0-openjdk-1.8.0.91-0.b14.10.amzn1.x86_64 \n java-1.8.0-openjdk-src-1.8.0.91-0.b14.10.amzn1.x86_64 \n java-1.8.0-openjdk-debuginfo-1.8.0.91-0.b14.10.amzn1.x86_64 \n java-1.8.0-openjdk-devel-1.8.0.91-0.b14.10.amzn1.x86_64 \n java-1.8.0-openjdk-demo-1.8.0.91-0.b14.10.amzn1.x86_64 \n \n \n", "published": "2016-04-21T16:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://alas.aws.amazon.com/ALAS-2016-688.html", "cvelist": ["CVE-2016-3426", "CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "lastseen": "2016-09-28T21:04:00"}], "oraclelinux": [{"id": "ELSA-2016-0723", "type": "oraclelinux", "title": "java-1.6.0-openjdk security update", "description": "[1:1.6.0.39-1.13.11.0]\n- Update to IcedTea 1.13.11 & OpenJDK 6 b39.\n- Resolves: rhbz#1325432", "published": "2016-05-09T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2016-0723.html", "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "lastseen": "2016-09-04T11:16:26"}, {"id": "ELSA-2016-0675", "type": "oraclelinux", "title": "java-1.7.0-openjdk security update", "description": "[1:1.7.0.101-2.6.6.1.0.1]\n- Update DISTRO_NAME in specfile\n[1:1.7.0.101-2.6.6.1]\n- added Patch666 fontpath.patch to fix tck regressions\n- Resolves: rhbz#1325425\n[1:1.7.0.101-2.6.6.0]\n- Fix ztos handling in templateTable_ppc_64.cpp to be same as others in 7.\n- Resolves: rhbz#1325425\n[1:1.7.0.101-2.6.6.0]\n- Bump to 2.6.6 and u101b00.\n- Drop a leading zero from the priority as the update version is now three digits\n- Resolves: rhbz#1325425", "published": "2016-04-21T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2016-0675.html", "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "lastseen": "2016-09-04T11:16:35"}, {"id": "ELSA-2016-0676", "type": "oraclelinux", "title": "java-1.7.0-openjdk security update", "description": "[1:1.7.0.101-2.6.6.1.0.1]\n- Update DISTRO_NAME in specfile\n[1:1.7.0.101-2.6.6.1]\n- added Patch666 fontpath.patch to fix tck regressions\n- Resolves: rhbz#1325427\n[1:1.7.0.101-2.6.6.0]\n- Fix ztos handling in templateTable_ppc_64.cpp to be same as others in 7.\n- Resolves: rhbz#1325427\n[1:1.7.0.101-2.6.6.0]\n- Bump to 2.6.6 and u101b00.\n- Drop AArch64 patch (PR2914) included in 2.6.6\n- Drop a leading zero from the priority as the update version is now three digits\n- Update PR2809 patch to apply against 2.6.6.\n- Resolves: rhbz#1325427", "published": "2016-04-21T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2016-0676.html", "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "lastseen": "2016-09-04T11:16:21"}, {"id": "ELSA-2016-0651", "type": "oraclelinux", "title": "java-1.8.0-openjdk security update", "description": "[1:1.8.0.91-1.b03]\n- Update to u91b14.\n- Resolves: rhbz#1325420", "published": "2016-04-20T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2016-0651.html", "cvelist": ["CVE-2016-3426", "CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "lastseen": "2016-09-04T11:16:37"}, {"id": "ELSA-2016-0650", "type": "oraclelinux", "title": "java-1.8.0-openjdk security update", "description": "[1:1.8.0.91-0.b14]\n- Add additional fix to Zero patch to properly handle result on 64-bit big-endian\n- Resolves: rhbz#1325422\n[1:1.8.0.91-0.b14]\n- Revert settings to production defaults so we can at least get a build.\n- Resolves: rhbz#1325422\n[1:1.8.0.91-0.b14]\n- Switch to a slowdebug build to try and unearth remaining issue on s390x.\n- Resolves: rhbz#1325422\n[1:1.8.0.91-0.b14]\n- Add missing comma in 8132051 patch.\n- Resolves: rhbz#1325422\n[1:1.8.0.91-0.b14]\n- Add 8132051 port to Zero.\n- Turn on bootstrap build for all to ensure we are now good to go.\n- Resolves: rhbz#1325422\n[1:1.8.0.91-0.b14]\n- Add 8132051 port to AArch64.\n- Resolves: rhbz#1325422\n[1:1.8.0.91-0.b14]\n- Enable a full bootstrap on JIT archs. Full build held back by Zero archs anyway.\n- Resolves: rhbz#1325422\n[1:1.8.0.91-0.b14]\n- Update to u91b14.\n- Resolves: rhbz#1325422", "published": "2016-04-20T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2016-0650.html", "cvelist": ["CVE-2016-3426", "CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "lastseen": "2016-09-04T11:16:46"}], "redhat": [{"id": "RHSA-2016:0723", "type": "redhat", "title": "(RHSA-2016:0723) Critical: java-1.6.0-openjdk security update", "description": "The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment\nand the OpenJDK 6 Java Software Development Kit.\n\nSecurity Fix(es):\n\n* Multiple flaws were discovered in the Serialization and Hotspot components in\nOpenJDK. An untrusted Java application or applet could use these flaws to\ncompletely bypass Java sandbox restrictions. (CVE-2016-0686, CVE-2016-0687)\n\n* It was discovered that the RMI server implementation in the JMX component in\nOpenJDK did not restrict which classes can be deserialized when deserializing\nauthentication credentials. A remote, unauthenticated attacker able to connect\nto a JMX port could possibly use this flaw to trigger deserialization flaws.\n(CVE-2016-3427)\n\n* It was discovered that the JAXP component in OpenJDK failed to properly handle\nUnicode surrogate pairs used as part of the XML attribute values. Specially\ncrafted XML input could cause a Java application to use an excessive amount of\nmemory when parsed. (CVE-2016-3425)\n\n* It was discovered that the Security component in OpenJDK failed to check the\ndigest algorithm strength when generating DSA signatures. The use of a digest\nweaker than the key strength could lead to the generation of signatures that\nwere weaker than expected. (CVE-2016-0695)\n", "published": "2016-05-09T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2016:0723", "cvelist": ["CVE-2016-0686", "CVE-2016-0687", "CVE-2016-0695", "CVE-2016-3425", "CVE-2016-3427"], "lastseen": "2018-06-06T18:05:39"}, {"id": "RHSA-2016:0676", "type": "redhat", "title": "(RHSA-2016:0676) Critical: java-1.7.0-openjdk security update", "description": "The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment\nand the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es):\n\n* Multiple flaws were discovered in the Serialization and Hotspot components in\nOpenJDK. An untrusted Java application or applet could use these flaws to\ncompletely bypass Java sandbox restrictions. (CVE-2016-0686, CVE-2016-0687)\n\n* It was discovered that the RMI server implementation in the JMX component in\nOpenJDK did not restrict which classes can be deserialized when deserializing\nauthentication credentials. A remote, unauthenticated attacker able to connect\nto a JMX port could possibly use this flaw to trigger deserialization flaws.\n(CVE-2016-3427)\n\n* It was discovered that the JAXP component in OpenJDK failed to properly handle\nUnicode surrogate pairs used as part of the XML attribute values. Specially\ncrafted XML input could cause a Java application to use an excessive amount of\nmemory when parsed. (CVE-2016-3425)\n\n* It was discovered that the Security component in OpenJDK failed to check the\ndigest algorithm strength when generating DSA signatures. The use of a digest\nweaker than the key strength could lead to the generation of signatures that\nwere weaker than expected. (CVE-2016-0695)\n", "published": "2016-04-21T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2016:0676", "cvelist": ["CVE-2016-0686", "CVE-2016-0687", "CVE-2016-0695", "CVE-2016-3425", "CVE-2016-3427"], "lastseen": "2018-04-15T16:21:28"}, {"id": "RHSA-2016:0675", "type": "redhat", "title": "(RHSA-2016:0675) Critical: java-1.7.0-openjdk security update", "description": "The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es):\n\n* Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2016-0686, CVE-2016-0687)\n\n* It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws. (CVE-2016-3427)\n\n* It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed. (CVE-2016-3425)\n\n* It was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures. The use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected. (CVE-2016-0695)\n\nNote: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.", "published": "2016-04-21T16:21:58", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2016:0675", "cvelist": ["CVE-2016-0686", "CVE-2016-0687", "CVE-2016-0695", "CVE-2016-3425", "CVE-2016-3427"], "lastseen": "2018-06-12T21:10:42"}, {"id": "RHSA-2016:0650", "type": "redhat", "title": "(RHSA-2016:0650) Critical: java-1.8.0-openjdk security update", "description": "The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es):\n\n* Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2016-0686, CVE-2016-0687)\n\n* It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws. (CVE-2016-3427)\n\n* It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed. (CVE-2016-3425)\n\n* It was discovered that the GCM (Galois/Counter Mode) implementation in the JCE component in OpenJDK used a non-constant time comparison when comparing GCM authentication tags. A remote attacker could possibly use this flaw to determine the value of the authentication tag. (CVE-2016-3426)\n\n* It was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures. The use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected. (CVE-2016-0695)\n\nNote: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.", "published": "2016-04-20T16:51:49", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2016:0650", "cvelist": ["CVE-2016-0686", "CVE-2016-0687", "CVE-2016-0695", "CVE-2016-3425", "CVE-2016-3426", "CVE-2016-3427"], "lastseen": "2018-04-15T14:24:39"}, {"id": "RHSA-2016:0651", "type": "redhat", "title": "(RHSA-2016:0651) Critical: java-1.8.0-openjdk security update", "description": "The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es):\n\n* Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2016-0686, CVE-2016-0687)\n\n* It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws. (CVE-2016-3427)\n\n* It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed. (CVE-2016-3425)\n\n* It was discovered that the GCM (Galois/Counter Mode) implementation in the JCE component in OpenJDK used a non-constant time comparison when comparing GCM authentication tags. A remote attacker could possibly use this flaw to determine the value of the authentication tag. (CVE-2016-3426)\n\n* It was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures. The use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected. (CVE-2016-0695)", "published": "2016-04-20T16:52:15", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2016:0651", "cvelist": ["CVE-2016-0686", "CVE-2016-0687", "CVE-2016-0695", "CVE-2016-3425", "CVE-2016-3426", "CVE-2016-3427"], "lastseen": "2018-06-06T18:05:07"}, {"id": "RHSA-2016:0677", "type": "redhat", "title": "(RHSA-2016:0677) Critical: java-1.8.0-oracle security update", "description": "Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.\n\nThis update upgrades Oracle Java SE 8 to version 8 Update 91.\n\nSecurity Fix(es):\n\n* This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2016-0686, CVE-2016-0687, CVE-2016-0695, CVE-2016-3422, CVE-2016-3425, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449)", "published": "2016-04-21T18:26:11", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2016:0677", "cvelist": ["CVE-2016-0686", "CVE-2016-0687", "CVE-2016-0695", "CVE-2016-3422", "CVE-2016-3425", "CVE-2016-3426", "CVE-2016-3427", "CVE-2016-3443", "CVE-2016-3449"], "lastseen": "2018-06-07T16:11:14"}, {"id": "RHSA-2016:0678", "type": "redhat", "title": "(RHSA-2016:0678) Critical: java-1.7.0-oracle security update", "description": "Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.\n\nThis update upgrades Oracle Java SE 7 to version 7 Update 101.\n\nSecurity Fix(es):\n\n* This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2016-0686, CVE-2016-0687, CVE-2016-0695, CVE-2016-3422, CVE-2016-3425, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449)", "published": "2016-04-21T18:26:45", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2016:0678", "cvelist": ["CVE-2016-0686", "CVE-2016-0687", "CVE-2016-0695", "CVE-2016-3422", "CVE-2016-3425", "CVE-2016-3427", "CVE-2016-3443", "CVE-2016-3449"], "lastseen": "2018-06-13T00:00:20"}, {"id": "RHSA-2016:0679", "type": "redhat", "title": "(RHSA-2016:0679) Critical: java-1.6.0-sun security update", "description": "Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.\n\nThis update upgrades Oracle Java SE 6 to version 6 Update 115.\n\nSecurity Fix(es):\n\n* This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2016-0686, CVE-2016-0687, CVE-2016-0695, CVE-2016-3422, CVE-2016-3425, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449)", "published": "2016-04-21T18:26:55", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2016:0679", "cvelist": ["CVE-2016-0686", "CVE-2016-0687", "CVE-2016-0695", "CVE-2016-3422", "CVE-2016-3425", "CVE-2016-3427", "CVE-2016-3443", "CVE-2016-3449"], "lastseen": "2018-06-13T00:00:03"}, {"id": "RHSA-2017:0456", "type": "redhat", "title": "(RHSA-2017:0456) Important: Red Hat JBoss Web Server 3.1.0 security and enhancement update", "description": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for Red Hat JBoss Web Server 3.0.3, and includes enhancements.\n\nSecurity Fix(es):\n\n* It was reported that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation. (CVE-2016-1240)\n\n* It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325)\n\n* The JmxRemoteLifecycleListener was not updated to take account of Oracle's fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included in EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat instance built from source, using the EWS 2.x, or JWS 3.x distributions, an attacker could use this flaw to launch a remote code execution attack on your deployed instance. (CVE-2016-8735)\n\n* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\n* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)\n\n* The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-0762)\n\n* It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018)\n\n* It was discovered that when a SecurityManager is configured Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. (CVE-2016-6794)\n\n* It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)\n\n* It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. (CVE-2016-6797)\n\nThe CVE-2016-6325 issue was discovered by Red Hat Product Security.\n\nEnhancement(s):\n\n* This enhancement update adds the Red Hat JBoss Web Server 3.1.0 packages to Red Hat Enterprise Linux 7. These packages provide a number of enhancements over the previous version of Red Hat JBoss Web Server. (JIRA#JWS-268)", "published": "2015-11-13T00:12:07", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2017:0456", "cvelist": ["CVE-2016-0762", "CVE-2016-1240", "CVE-2016-3092", "CVE-2016-3427", "CVE-2016-5018", "CVE-2016-6325", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797", "CVE-2016-6816", "CVE-2016-8735", "CVE-2016-8745"], "lastseen": "2018-03-19T12:36:24"}, {"id": "RHSA-2016:0702", "type": "redhat", "title": "(RHSA-2016:0702) Critical: java-1.7.0-ibm security update", "description": "IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java\nSoftware Development Kit.\n\nThis update upgrades IBM Java SE 7 to version 7 SR9-FP40.\n\nSecurity Fix(es):\n\n* This update fixes multiple vulnerabilities in the IBM Java Runtime Environment\nand the IBM Java Software Development Kit. Further information about these flaws\ncan be found on the IBM Java Security alerts page, listed in the References\nsection. (CVE-2016-0264, CVE-2016-0363, CVE-2016-0376, CVE-2016-0686,\nCVE-2016-0687, CVE-2016-3422, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443,\nCVE-2016-3449)\n", "published": "2016-04-29T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2016:0702", "cvelist": ["CVE-2016-0264", "CVE-2016-0363", "CVE-2016-0376", "CVE-2016-0686", "CVE-2016-0687", "CVE-2016-3422", "CVE-2016-3426", "CVE-2016-3427", "CVE-2016-3443", "CVE-2016-3449"], "lastseen": "2017-09-09T07:19:19"}], "kaspersky": [{"id": "KLA10793", "type": "kaspersky", "title": "\r KLA10793Multiple vulnerabilities in Oracle Java SE\t\t\t ", "description": "### *CVSS*:\n10.0\n\n### *Detect date*:\n04/19/2016\n\n### *Severity*:\nCritical\n\n### *Description*:\nAn unspecified vulnerabilities were found in Oracle Java SE. By exploiting these vulnerabilities malicious users can cause denial of service and loss of integrity or obtain sensitive vulnerability. These vulnerabilities can be exploited remotely via a multiple vectors related to 2D, Hotspot, Serialization, JMX, Deployment, Security, JAXP and JCE sub-components.\n\n### *Affected products*:\nOracle Java SE 6 update 113 \nOracle Java SE 7 update 99 \nOracle Java SE 8 update 77 \nOracle Java SE Embedded 8 update 77 \nOracle JRockit R28.3.9\n\n### *Solution*:\nUpdate to the latest version \n[Get Java SE](<http://www.oracle.com/technetwork/java/javase/downloads/index.html>)\n\n### *Original advisories*:\n[Oracle bulletin](<http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html#AppendixJAVA>) \n\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[Oracle JRockit](<https://threats.kaspersky.com/en/product/Oracle-JRockit/>)\n\n### *CVE-IDS*:\n[CVE-2016-3449](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3449>) \n[CVE-2016-3443](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3443>) \n[CVE-2016-3427](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3427>) \n[CVE-2016-3426](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3426>) \n[CVE-2016-3425](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3425>) \n[CVE-2016-3422](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3422>) \n[CVE-2016-0695](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0695>) \n[CVE-2016-0687](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0687>) \n[CVE-2016-0686](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0686>)", "published": "2016-04-19T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://threats.kaspersky.com/en/vulnerability/KLA10793", "cvelist": ["CVE-2016-3426", "CVE-2016-0695", "CVE-2016-3427", "CVE-2016-3449", "CVE-2016-3422", "CVE-2016-3443", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "lastseen": "2018-03-30T14:10:50"}], "debian": [{"id": "DSA-3558", "type": "debian", "title": "openjdk-7 -- security update", "description": "Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox, denial of service or information disclosure.\n\nFor the stable distribution (jessie), these problems have been fixed in version 7u101-2.6.6-1~deb8u1.\n\nWe recommend that you upgrade your openjdk-7 packages.", "published": "2016-04-26T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-3558", "cvelist": ["CVE-2016-3426", "CVE-2016-0695", "CVE-2016-3427", "CVE-2016-0636", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "lastseen": "2016-09-02T18:36:17"}], "gentoo": [{"id": "GLSA-201606-18", "type": "gentoo", "title": "IcedTea: Multiple vulnerabilities", "description": "### Background\n\nIcedTea\u2019s aim is to provide OpenJDK in a form suitable for easy configuration, compilation and distribution with the primary goal of allowing inclusion in GNU/Linux distributions. \n\n### Description\n\nVarious OpenJDK attack vectors in IcedTea, such as 2D, Corba, Hotspot, Libraries, and JAXP, exist which allows remote attackers to affect the confidentiality, integrity, and availability of vulnerable systems. Many of the vulnerabilities can only be exploited through sandboxed Java Web Start applications and java applets. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nRemote attackers may execute arbitrary code, compromise information, or cause Denial of Service. \n\n### Workaround\n\nThere is no known work around at this time.\n\n### Resolution\n\nGentoo Security is no longer supporting dev-java/icedtea, as it has been officially dropped from the stable tree. \n\nUsers of the IcedTea 3.x binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-java/icedtea-bin-3.0.1\"\n \n\nUsers of the IcedTea 7.x binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-java/icedtea-7.2.6.6\"", "published": "2016-06-27T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/201606-18", "cvelist": ["CVE-2016-0695", "CVE-2016-3427", "CVE-2016-3449", "CVE-2016-3422", "CVE-2016-0636", "CVE-2016-3443", "CVE-2016-0687", "CVE-2016-3425", "CVE-2016-0686"], "lastseen": "2016-09-06T19:46:28"}], "oracle": [{"id": "ORACLE:CPUAPR2016V3-2985753", "type": "oracle", "title": "cpuapr2016v3", "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\nThis Critical Patch Update contains 136 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\n** Please note that on March 23, 2016, Oracle released [Security Alert for Java SE for CVE-2016-0636](<http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0636-2949497.html>). Customers of affected Oracle product(s) are strongly advised to apply the fixes that were announced for CVE-2016-0636. **\n\nPlease also note that the vulnerabilities in this Critical Patch Update are scored using versions 3.0 and 2.0 of Common Vulnerability Scoring Standard (CVSS). Future Critical Patch Updates and Security Alerts will be scored using CVSS version 3.0 only.\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available [here](<http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>).\n", "published": "2016-04-19T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "", "cvelist": ["CVE-2015-4000", "CVE-2016-0647", "CVE-2016-0648", "CVE-2016-0681", "CVE-2016-0641", "CVE-2014-3566", "CVE-2016-3436", "CVE-2011-4461", "CVE-2016-0697", "CVE-2015-1793", "CVE-2015-7236", "CVE-2015-3197", "CVE-2016-3457", "CVE-2016-3417", "CVE-2016-3441", "CVE-2016-3426", "CVE-2016-0699", "CVE-2016-0407", "CVE-2016-0623", "CVE-2016-0705", "CVE-2016-3423", "CVE-2013-4786", "CVE-2016-3418", "CVE-2016-0695", "CVE-2015-7181", "CVE-2015-1789", "CVE-2015-1794", "CVE-2016-3427", "CVE-2016-0682", "CVE-2016-2047", "CVE-2015-3195", "CVE-2016-0798", "CVE-2016-0677", "CVE-2014-3576", "CVE-2016-0649", "CVE-2016-0698", "CVE-2016-3462", "CVE-2016-0639", "CVE-2016-0696", "CVE-2016-0669", "CVE-2016-0692", "CVE-2016-0799", "CVE-2016-0694", "CVE-2016-3449", "CVE-2016-0469", "CVE-2016-0662", "CVE-2016-0680", "CVE-2016-0678", "CVE-2015-3194", "CVE-2015-7501", "CVE-2015-3253", "CVE-2016-3463", "CVE-2016-0646", "CVE-2016-3420", "CVE-2016-3422", "CVE-2016-3416", "CVE-2016-0674", "CVE-2016-0668", "CVE-2016-3431", "CVE-2015-3238", "CVE-2016-0797", "CVE-2015-7182", "CVE-2016-0702", "CVE-2015-2808", "CVE-2016-3419", "CVE-2015-7575", "CVE-2016-3456", "CVE-2014-2532", "CVE-2016-0679", "CVE-2016-0685", "CVE-2015-3196", "CVE-2016-0666", "CVE-2015-2721", "CVE-2015-3193", "CVE-2016-0479", "CVE-2016-0659", "CVE-2016-0636", "CVE-2016-0643", "CVE-2016-3454", "CVE-2016-0672", "CVE-2016-0642", "CVE-2016-3428", "CVE-2016-3443", "CVE-2016-3460", "CVE-2016-0675", "CVE-2016-0687", "CVE-2016-0652", "CVE-2016-0640", "CVE-2016-0700", "CVE-2015-7183", "CVE-2016-0638", "CVE-2016-0408", "CVE-2016-3442", "CVE-2016-0651", "CVE-2016-3461", "CVE-2016-0673", "CVE-2016-3447", "CVE-2016-0690", "CVE-2016-0665", "CVE-2016-0800", "CVE-2016-0655", "CVE-2016-0657", "CVE-2016-0684", "CVE-2016-3425", "CVE-2016-0468", "CVE-2013-2566", "CVE-2016-3464", "CVE-2015-1790", "CVE-2016-0691", "CVE-2016-3438", "CVE-2016-0686", "CVE-2016-3435", "CVE-2016-3434", "CVE-2016-0654", "CVE-2016-3455", "CVE-2016-3421", "CVE-2016-3465", "CVE-2016-3439", "CVE-2016-3429", "CVE-2016-0658", "CVE-2016-0650", "CVE-2016-0644", "CVE-2016-3437", "CVE-2016-0676", "CVE-2016-0656", "CVE-2016-0667", "CVE-2016-0683", "CVE-2016-0653", "CVE-2016-0671", "CVE-2016-0661", "CVE-2016-3466", "CVE-2016-0693", "CVE-2015-7547", "CVE-2015-4923", "CVE-2016-0688", "CVE-2016-0689", "CVE-2016-0663"], "lastseen": "2018-04-18T20:23:56"}], "myhack58": [{"id": "MYHACK58:62201681747", "type": "myhack58", "title": "Apache Tomcat multiple versions of a remote code execution CVE-2016-8735(POC)-vulnerability warning-the black bar safety net", "description": "Background description\nTomcat is by Apache Software Foundation subordinate's Jakarta a project development Servlet vessel, in accordance with Sun Microsystems to provide the technical specifications, the realization of the Servlet and JavaServer Page\uff08JSP\uff09support, and provides as a[Web server](<http://www.myhack58.com/Article/sort099/sort0100/Article_100_1.htm>)some unique functions, like Tomcat managed and controls the platform, secure domain management and the Tomcat valve and so on. Tomcat is very popular with the majority of programmers like it, because it runs out system resources occupied by small, scalable, support load balancing and Mail Service, etc. the development of the application system commonly used functions. \nVulnerability description\nOracle fixes JmxRemoteLifecycleListener deserialization Vulnerability(CVE-2016-3427)\u3002 Tomcat also uses the JmxRemoteLifecycleListener this listener,but the Tomcat did not timely upgrade, so there is this remote code execution vulnerability. \nAffected version: \nApache Tomcat 9.0.0. M1 to 9.0.0. M11 \nApache Tomcat 8.5.0 to 8.5.6 \nApache Tomcat 8.0.0. RC1 to 8.0.38 \nApache Tomcat 7.0.0 to 7.0.72 \nApache Tomcat 6.0.0 to 6.0.47 \n\nThe impact of the scene: \nZabbix 2.0 has been the JMX monitoring added to the system, itself, is no longer dependent on third-party tools. This is on a Tomcat application and other Java application monitoring easier. Herein, a simple description Zabbix use JMX to monitor Tomcat process. \nVulnerability verification code\uff08POC\uff09: \nTested version: tomcat version 8. 0. 36 \nconf/server. xml to increase the configuration, add the catalina-jmx-remote. jar package, modify the catalina configuration file\n! [](/Article/UploadPic/2016-12/2016123165437471. png? www. myhack58. com) \n! [](/Article/UploadPic/2016-12/2016123165437789. png? www. myhack58. com) \nF:\\HackTools\\EXP>java-cp ysoserial-master-v0.0.4.jar ysoserial. exploit. RMIRegistryExploit localhost 10001 Groovy1 calc.exe \n! [](/Article/UploadPic/2016-12/2016123165437478. png? www. myhack58. com) \nThis vulnerability, there are other use posture, the harm is huge, so to change the JMX password authentication is very necessary! \nPatch code: \nDiff of /tomcat/trunk/webapps/docs/changelog.xml \n! [](http://mmbiz.qpic.cn/mmbiz_png?www.myhack58.com/kjV6I7ricq6PBVL3l6EL6f9c8SoI4wqMssZ6ib2jHichpQZPKzXxyC4OOV1BOduzZShTCllbIINUL8AJzyMcEPrAA/0?wx_fmt=png?www.myhack58.com) \nParent Directory | \n! [](http://mmbiz.qpic.cn/mmbiz_png?www.myhack58.com/kjV6I7ricq6PBVL3l6EL6f9c8SoI4wqMsxA7UdVzFs14K6cDMyEOpvxZpdRC7Mk3lxBGeicR22j3745Gv1Fp2y9Q/0?wx_fmt=png?www.myhack58.com) \nRevision Log | \n! [](http://mmbiz.qpic.cn/mmbiz_png?www.myhack58.com/kjV6I7ricq6PBVL3l6EL6f9c8SoI4wqMs9Lu69oUq1a4myu0Zq8iajeqm48FVkLlNRP0cfuyiaqNiclqg82Uyj4iayw/0?wx_fmt=png?www.myhack58.com) \nPatch \n\\--- tomcat/trunk/webapps/docs/changelog.xml 2016/11/02 11:57:28 1767643 \n+++ tomcat/trunk/webapps/docs/changelog.xml 2016/11/02 11:57:36 1767644 \n@@ -97,6 +97,10 @@ \nStoreConfig component includes the executor name when writing the \nThe Connector configuration. (markt) \n\n\\+ \n\\+ When configuring the JMX remote listener, specify the allowed types for \n\\+ the credentials. (markt) \n\\+ \n\n\n/tomcat/trunk/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java \n! [](http://mmbiz.qpic.cn/mmbiz_png?www.myhack58.com/kjV6I7ricq6PBVL3l6EL6f9c8SoI4wqMssZ6ib2jHichpQZPKzXxyC4OOV1BOduzZShTCllbIINUL8AJzyMcEPrAA/0?wx_fmt=png?www.myhack58.com) \nParent Directory | \n! [](http://mmbiz.qpic.cn/mmbiz_png?www.myhack58.com/kjV6I7ricq6PBVL3l6EL6f9c8SoI4wqMsxA7UdVzFs14K6cDMyEOpvxZpdRC7Mk3lxBGeicR22j3745Gv1Fp2y9Q/0?wx_fmt=png?www.myhack58.com) \nRevision Log | \n! [](http://mmbiz.qpic.cn/mmbiz_png?www.myhack58.com/kjV6I7ricq6PBVL3l6EL6f9c8SoI4wqMs9Lu69oUq1a4myu0Zq8iajeqm48FVkLlNRP0cfuyiaqNiclqg82Uyj4iayw/0?wx_fmt=png?www.myhack58.com) \nPatch \n\\--- tomcat/trunk/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java 2016/11/02 11:57:28 1767643 \n\n\n**[1] [[2]](<81747_2.htm>) [next](<81747_2.htm>)**\n", "published": "2016-12-03T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.myhack58.com/Article/html/3/62/2016/81747.htm", "cvelist": ["CVE-2016-3427"], "lastseen": "2016-12-03T17:43:53"}], "vmware": [{"id": "VMSA-2016-0005", "type": "vmware", "title": "VMware product updates address critical and important security issues.", "description": "**a. Critical JMX issue when deserializing authentication credentials**\n\nThe RMI server of Oracle JRE JMX deserializes any class when deserializing authentication credentials. This may allow a remote, unauthenticated attacker to cause deserialization flaws and execute their commands.\n\n**Workarounds CVE-2016-3427**\n\nvCenter Server\n\nApply the steps of VMware Knowledge Base article 2145343 to vCenterServer 6.0 on Windows. See the table below for the specific vCenterServer 6.0 versions on Windows this applies to.\n\nvCloud Director\n\nNo workaround identified\n\nvSphere Replication\n\nNo workaround identified\n\nvRealize Operations Manager (non-appliance)\n\nThe non-appliance version of vRealize Operations Manager (vROps), which can be installed on Windows and Linux has no default firewall. In order to remove the remote exploitation possibility, access to the following external ports will need to be blocked on the system where the non-appliance version of vROps is installed:\n\n\\- vROps 6.2.x: port 9004, 9005, 9006, 9007, 9008\n\n\\- vROps 6.1.x: port 9004, 9005, 9007, 9008\n\n\\- vROps 6.0.x: port 9004, 9005\n\nNote: These ports are already blocked by default in the applianceversion of vROps.\n\nvRealize Infrastructure Navigator\n\nNo workaround identified\n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2016-3427 to this issue.\n\nColumn 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.\n", "published": "2016-05-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.vmware.com/security/advisories/VMSA-2016-0005.html", "cvelist": ["CVE-2016-3427", "CVE-2016-2077"], "lastseen": "2016-11-22T21:24:55"}], "seebug": [{"id": "SSV:92553", "type": "seebug", "title": "Apache Tomcat Remote Code Execution\uff08CVE-2016-8735\uff09", "description": "**Update 12/04** : the need to note that in conf/server,xml to increase the configuration, you need the catalina-jmx-remote. the jar and the groovy-2.3.9. jar package into lib directory And modify the CATALINA_OPTS\"-Dcom. sun. management. jmxremote. ssl=false-Dcom. sun. management. jmxremote. authenticate=false\"\n\nThe following details of the reference source: [0c0c0f](<https://mp.weixin.qq.com/s?__biz=MzAwMzI0MTMwOQ==&mid=2650173865&idx=1&sn=431e634a1350b070b54f9b5becd9a143&key=9ed31d4918c154c8af360e3955a9c76c2d28b7b700fce01b12fe1d3fe878a810323d81b26788da6aa2b6338bc6796969265d165d6a7384351359a6a75a1e5e68a3aeaa96554e3fedbc2e722d1637fcd8>)\n\nOracle fixes JmxRemoteLifecycleListener deserialization Vulnerability(CVE-2016-3427)\u3002 Tomcat also uses the JmxRemoteLifecycleListener this listener,but the Tomcat did not timely upgrade, so there is this remote code execution vulnerability.\n\nAffected version: Apache Tomcat 9.0.0. M1 to 9.0.0. M11 Apache Tomcat 8.5.0 to 8.5.6 Apache Tomcat 8.0.0. RC1 to 8.0.38 Apache Tomcat 7.0.0 to 7.0.72 Apache Tomcat 6.0.0 to 6.0.47\n\nNot affected version:\n\n * Upgrade to Apache Tomcat 9.0.0. M13 or later (Apache Tomcat 9.0.0. M12 has the fix but was not released)\n * Upgrade to Apache Tomcat 8.5.8 or later (Apache Tomcat 8.5.7 has the fix but was not released)\n * Upgrade to Apache Tomcat 8.0.39 or later\n * Upgrade to Apache Tomcat 7.0.73 or later\n * Upgrade to Apache Tomcat 6.0.48 or later\n\nUsage scenarios: Zabbix 2.0 has been the JMX monitoring added to the system, itself, is no longer dependent on third-party tools. This is on a Tomcat application and other Java application monitoring easier. Herein, a simple description Zabbix use JMX to monitor Tomcat process.\n\npoc: https://github.com/frohoff/ysoserial\n\ntomcat version 8. 0. 36\n\nconf/server. xml increase the configuration:\n\n\n\n\n\n`` F:\\HackTools\\EXP>java-cp ysoserial-master-v0.0.4.jar ysoserial. exploit. RMIRegis tryExploit localhost 10001 Groovy1 calc.exe\n\n``\n\n\n\nPatch code:\n\nDiff of /tomcat/trunk/webapps/docs/changelog.xml `Parent Directory | Revision Log | Patch --- tomcat/trunk/webapps/docs/changelog.xml 2016/11/02 11:57:28 1767643 +++ tomcat/trunk/webapps/docs/changelog.xml 2016/11/02 11:57:36 1767644 @@ -97,6 +97,10 @@ StoreConfig component includes the executor name when writing the The Connector configuration. (markt) </fix> + <fix> + When configuring the JMX remote listener, specify the allowed types for + the credentials. (markt) + </fix> </changelog> </subsection>`\n\n/tomcat/trunk/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java `` Parent Directory | Revision Log | Patch \\--- tomcat/trunk/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java 2016/11/02 11:57:28 1767643 +++ tomcat/trunk/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java 2016/11/02 11:57:36 1767644 @@ -264,6 +264,10 @@ serverCsf = new RmiClientLocalhostSocketFactory(serverCsf); }\n\n * env. put(\"jmx. remote. rmi. server. credential. types\", new String[] {\n * String[]. class. getName(),\n * String. class. getName() }); \\+ // Populate the env properties used to create the server if (serverCsf != null) { env. put(RMIConnectorServer. RMI_CLIENT_SOCKET_FACTORY_ATTRIBUTE, serverCsf); @@ -328,7 +332,7 @@ cs = new RMIConnectorServer(serviceUrl, theEnv, server, The ManagementFactory. getPlatformMBeanServer()); cs. start();\n * registry. bind(\"jmxrmi\", server);\n * registry. bind(\"jmxrmi\", server. toStub()); log. info(sm. getString(\"jmxRemoteLifecycleListener. start\", Integer. toString(theRmiRegistryPort), Integer. toString(theRmiServerPort), serverName)); ``\n\nThis vulnerability, there are other use posture, the harm is huge, so to change the JMX password authentication is necessary now!\n", "published": "2016-11-25T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.seebug.org/vuldb/ssvid-92553", "cvelist": ["CVE-2016-3427", "CVE-2016-8735"], "lastseen": "2017-11-19T12:02:44"}], "archlinux": [{"id": "ASA-201611-22", "type": "archlinux", "title": "tomcat6: multiple issues", "description": "- CVE-2016-6816 (information disclosure)\n\nThe code that parsed the HTTP request line permitted invalid\ncharacters. This could be exploited, in conjunction with a proxy that\nalso permitted the invalid characters but with a different\ninterpretation, to inject data into the HTTP response. By manipulating\nthe HTTP response, the attacker could poison a web-cache, perform an\nXSS attack and/or obtain sensitive information from requests other then\ntheir own.\n\n- CVE-2016-8735 (arbitrary code execution)\n\nThe JmxRemoteLifecycleListener was not updated to take account of\nOracle's fix for CVE-2016-3427. Therefore, Tomcat installations using\nthis listener remained vulnerable to a similar remote code execution\nvulnerability.", "published": "2016-11-23T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://lists.archlinux.org/pipermail/arch-security/2016-November/000769.html", "cvelist": ["CVE-2016-3427", "CVE-2016-6816", "CVE-2016-8735"], "lastseen": "2016-11-25T13:23:06"}], "pentestit": [{"id": "PENTESTIT:C47AA6D1808026ACA45B1AD1CF25CA3B", "type": "pentestit", "title": "JexBoss: Java Deserialization Verification & EXploitation Tool!", "description": "PenTestIT RSS Feed\n\nI was working with a customers Red Hat JBoss server today and wanted to test for affected deserialization vulnerabilities. Though my favourite go-to tool - the Burp Suite has many extensions, I wanted to try something that I had not before. That's when I stumbled across **JexBoss**, which turned out to be a pretty decent [open source](<http://pentestit.com/tag/open-source/>) tool. I think _JexBoss_ is a play on Java EXploitation like a Boss wording.\n\n\n\n## What is JexBoss?\n\nJexBoss is an open source tool in Python to help you exploit and verify Java and Red Hat JBoss deserialization vulnerabilities. As we all know, serialization converts and objects state to a byte stream so that a copy of the same object can be obtained by reverting the byte stream itself. Presumably, to deserialize is to reverse serialization, ie. taking the serialized data to rebuild it into the original object. This problem is trivial in Java as there are no checks on the classes that can be deserialized.\n\n## Features of JexBoss:\n\nThe tool and exploits were developed and tested for:\n\n * JBoss Application Server versions: 3, 4, 5 and 6.\n * Java Deserialization Vulnerabilities in multiple java frameworks, platforms and applications (e.g., Java Server Faces - JSF, Seam Framework, RMI over HTTP, Jenkins CLI RCE (CVE-2015-5317), DNS gadget, Remote JMX (CVE-2016-3427, CVE-2016-8735), Apache Struts2 Jakarta Multipart parser CVE-2017-5638, etc.)\n * Supported exploitation vectors are: \n * /_admin-console_: Tested and working in JBoss versions 5 and 6.\n * /_jmx-console_: Tested and working in JBoss versions 4, 5 and 6.\n * /_jmx-console_/_HtmlAdaptor_: Tested and working in JBoss versions 4, 5 and 6.\n * /_web-console_/_Invoker_: Tested and working in JBoss versions 4, 5 and 6.\n * /_invoker_/_JMXInvokerServlet_: Tested and working in JBoss versions 4, 5 and 6.\n * Application Deserialization: Tested and working against multiple java applications, platforms, etc, via HTTP POST Parameters.\n * Servlet Deserialization: Tested and working against multiple java applications, platforms, etc, via servlets that process serialized objects.\n * Apache Struts2 Jakarta Multipart ([CVE-2017-5638](<http://pentestit.com/tag/CVE-2017-5638/>)): Tested against Apache Struts 2 applications.\n * Tries to authenticate to /_admin-console_/_login.seam_ using default user name and password - admin:admin.\n * Sends exploits with proper headers alternating with random User-Agent string.\n * Proxy support.\n * Auto scan and file scan modes.\n\nWith the auto scan and file scan modes, you can leverage this tool to launch a mass-scan against your own network in a short duration of time. Additionally, a payload also allows you to gain access to a reverse shell with Metasploit meterpreter support. Another good news is that it JexBoss is Python 2 & Python 3 compatible. It also includes an auto-updater.\n\n## Download JexBoss:\n\nAs always, the current version - JexBoss version 1.2.4 - can be obtained by checking out the GIT repository from [**here**](<https://github.com/joaomatosf/jexboss>).\n\nThe post [JexBoss: Java Deserialization Verification & EXploitation Tool!](<http://pentestit.com/jexboss-java-deserialization-verification-exploitation-tool/>) appeared first on [PenTestIT](<http://pentestit.com>).", "published": "2017-08-11T06:52:45", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://pentestit.com/jexboss-java-deserialization-verification-exploitation-tool/", "cvelist": ["CVE-2015-5317", "CVE-2016-3427", "CVE-2016-8735", "CVE-2017-5638"], "lastseen": "2017-08-11T08:07:48"}], "aix": [{"id": "JAVA_APRIL2016_ADVISORY.ASC", "type": "aix", "title": "Multiple vulnerabilities in IBM Java SDK affect AIX", "description": "IBM SECURITY ADVISORY\n\nFirst Issued: Fri May 6 09:00:55 CDT 2016\n|Updated: Wed May 18 16:18:05 CDT 2016 \n|Update: New Java 6 packages provided with version number 6.0.16.26.\n| Fileset levels less than 6.0.0.561 are vulnerable.\n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/java_april2016_advisory.asc\nhttps://aix.software.ibm.com/aix/efixes/security/java_april2016_advisory.asc\nftp://aix.software.ibm.com/aix/efixes/security/java_april2016_advisory.asc\n\n \nSecurity Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX\n CVE-2016-3443 CVE-2016-0687 CVE-2016-0686 CVE-2016-3427 CVE-2016-3449\n CVE-2016-3422 CVE-2016-3426 CVE-2016-0264 CVE-2016-0363 CVE-2016-0376\n\n===============================================================================\n\nSUMMARY:\n\n There are multiple vulnerabilities in IBM SDK Java Technology Edition,\n Versions 6, 7, 7.1, 8 that are used by AIX. These issues were disclosed\n as part of the IBM Java SDK updates in April 2016.\n\n\n===============================================================================\n\nVULNERABILITY DETAILS:\n\n CVEID: CVE-2016-3443 \n DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the\n 2D component has complete confidentiality impact, complete integrity\n impact, and complete availability impact.\n CVSS Base Score: 10 \n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/112452 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n CVEID: CVE-2016-0687\n DESCRIPTION: An unspecified vulnerability in Oracle Java SE and Java SE\n Embedded related to the Hotspot component has complete\n confidentiality impact, complete integrity impact, and complete\n availability impact.\n CVSS Base Score: 10\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/112455 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n CVEID: CVE-2016-0686\n DESCRIPTION: An unspecified vulnerability in Oracle Java SE and Java SE\n Embedded related to the Serialization component has complete\n confidentiality impact, complete integrity impact, and complete\n availability impact.\n CVSS Base Score: 10\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/112456 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n CVEID: CVE-2016-3427\n DESCRIPTION: An unspecified vulnerability in Oracle Java, SE Java SE\n Embedded and JRockit related to the JMX component has complete\n confidentiality impact, complete integrity impact, and complete\n availability impact.\n CVSS Base Score: 10\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/112459 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n CVEID: CVE-2016-3449\n DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the\n Deployment component has complete confidentiality impact, complete\n integrity impact, and complete availability impact.\n CVSS Base Score: 7.6\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/112453 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)\n\n CVEID: CVE-2016-3422\n DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the\n 2D component could allow a remote attacker to cause a denial of\n service resulting in a partial availability impact using unknown\n attack vectors.\n CVSS Base Score: 5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/112454 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n CVEID: CVE-2016-3426\n DESCRIPTION: An unspecified vulnerability in Oracle Java SE and Java SE\n Embedded related to the JCE component could allow a remote attacker to\n obtain sensitive information resulting in a partial confidentiality\n impact using unknown attack vectors.\n CVSS Base Score: 4.3\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/112457 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n CVEID: CVE-2016-0264\n DESCRIPTION: A buffer overflow vulnerability in the IBM JVM facilitates\n arbitrary code execution under certain limited circumstances.\n CVSS Base Score: 5.6\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/110867 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n CVEID: CVE-2016-0363\n DESCRIPTION: IBM SDK, Java Technology Edition contains a vulnerability in\n the IBM ORB implementation that may allow untrusted code running under\n a security manager to elevate its privileges. This vulnerability was\n originally reported as CVE-2013-3009.\n CVSS Base Score: 8.1\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/112016 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n CVEID: CVE-2016-0376\n DESCRIPTION: A vulnerability in IBM Java SDK could allow a remote attacker\n to execute arbitrary code on the system. This vulnerability allows\n code running under a security manager to escalate its privileges by\n modifying or removing the security manager. This vulnerability was\n originally reported as CVE-2013-5456.\n CVSS Base Score: 8.1\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/112152 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n\n AFFECTED PRODUCTS AND VERSIONS:\n\n AIX 5.3, 6.1, 7.1, 7.2\n VIOS 2.2.x\n\n The following fileset levels (VRMF) are vulnerable, if the \n respective Java version is installed:\n| For Java6: Less than 6.0.0.561 and including Service Refresh 16,\n| Fix Pack 25.\n For Java7: Less than 7.0.0.370\n For Java7.1: Less than 7.1.0.250\n For Java8: Less than 8.0.0.130\n\n Note: to find out whether the affected Java filesets are installed \n on your systems, refer to the lslpp command found in AIX user's guide.\n\n Example: lslpp -L | grep -i java\n\n\n REMEDIATION:\n\n| IBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix \n| Pack 26 and subsequent releases:\n 32-bit: https://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=6.0.0.0&platform=AIX+32-bit,+pSeries&function=all\n 64-bit: https://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=6.0.0.0&platform=AIX+64-bit,+pSeries&function=all\n\n IBM SDK, Java Technology Edition, Version 7 Service Refresh 9 Fix\n Pack 40 and subsequent releases:\n 32-bit: https://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.0.0.0&platform=AIX+32-bit,+pSeries&function=all \n 64-bit: https://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.0.0.0&platform=AIX+64-bit,+pSeries&function=all\n\n IBM SDK, Java Technology Edition, Version 7R1 Service Refresh 3\n Fix Pack 40 and subsequent releases:\n 32-bit: https://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.1.0.0&platform=AIX+32-bit,+pSeries&function=all\n 64-bit: https://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.1.0.0&platform=AIX+64-bit,+pSeries&function=all \n\n IBM SDK, Java Technology Edition, Version 8 Service Refresh 3\n and subsequent releases:\n 32-bit: https://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=8.0.0.0&platform=AIX+32-bit,+pSeries&function=all \n 64-bit: https://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=8.0.0.0&platform=AIX+64-bit,+pSeries&function=all\n\n\n WORKAROUNDS AND MITIGATIONS:\n\n None.\n\n\n===============================================================================\n\nCONTACT US:\n\n If you would like to receive AIX Security Advisories via email,\n please visit \"My Notifications\":\n\n http://www.ibm.com/support/mynotifications\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n Comments regarding the content of this announcement can be\n directed to:\n\n security-alert@austin.ibm.com\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pubkey.txt\n\n To obtain the PGP public key that can be used to communicate\n securely with the AIX Security Team via security-alert@austin.ibm.com you\n can either:\n\n A. Download the key from our web page:\n\nhttp://www.ibm.com/systems/resources/systems_p_os_aix_security_pgppubkey.txt\n\n B. Download the key from a PGP Public Key Server. The key ID is:\n\n 0x28BFAA12\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n\nREFERENCES:\n \n Complete CVSS v2 Guide:\n http://www.first.org/cvss/v2/guide \n On-line Calculator v2:\n http://nvd.nist.gov/CVSS-v2-Calculator \n Complete CVSS v3 Guide:\n http://www.first.org/cvss/user-guide \n On-line Calculator v3:\n http://www.first.org/cvss/calculator/3.0 \n IBM Java SDK Security Bulletin:\n http://www-01.ibm.com/support/docview.wss?uid=swg21980826\n\n\nACKNOWLEDGEMENTS:\n\n CVE-2016-0363 and CVE-2016-0376 were reported by Adam Gowdiak of\n Security Explorations. \n\n\nCHANGE HISTORY:\n\n First Issued: Fri May 6 09:00:55 CDT 2016\n Updated: Wed May 11 09:31:56 CDT 2016\n Update: New Java 6 packages provided with version number 6.0.16.26.\n| Updated: Wed May 18 16:18:05 CDT 2016\n| Update: New Java 6 packages provided with version number 6.0.16.26.\n| Fileset levels less than 6.0.0.561 are vulnerable.\n\n\n===============================================================================\n\n*The CVSS Environment Score is customer environment specific and will \nultimately impact the Overall CVSS Score. Customers can evaluate the impact \nof this vulnerability in their environments by accessing the links in the \nReference section of this Security Bulletin. \n\nDisclaimer\nAccording to the Forum of Incident Response and Security Teams (FIRST), the \nCommon Vulnerability Scoring System (CVSS) is an \"industry open standard \ndesigned to convey vulnerability severity and help to determine urgency and \npriority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY \nOF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS \nFOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT \nOF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n \n\n\n", "published": "2016-05-06T09:00:55", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://aix.software.ibm.com/aix/efixes/security/java_april2016_advisory.asc", "cvelist": ["CVE-2016-3426", "CVE-2016-3427", "CVE-2016-3449", "CVE-2016-0363", "CVE-2016-3422", "CVE-2013-3009", "CVE-2016-3443", "CVE-2016-0687", "CVE-2016-0376", "CVE-2013-5456", "CVE-2016-0686", "CVE-2016-0264"], "lastseen": "2016-10-24T17:48:11"}], "impervablog": [{"id": "IMPERVABLOG:4F187FDBA230373382F26BA12E00F8E7", "type": "impervablog", "title": "Deserialization Attacks Surge Motivated by Illegal Crypto-mining", "description": "Imperva\u2019s research group is constantly monitoring new web application vulnerabilities. In doing so, we\u2019ve noticed at least four major insecure deserialization vulnerabilities that were published in the past year.\n\nOur analysis shows that, in the past three months, the number of deserialization attacks has grown by 300 percent on average, turning them into a serious security risk to web applications.\n\nTo make things worse, many of these attacks are now launched with the intent of installing crypto-mining malware on vulnerable web servers, which gridlocks their CPU usage.\n\nIn this blog post we will explain what insecure deserialization vulnerabilities are, show the growing trend of attacks exploiting these vulnerabilities and explain what attackers do to exploit them (including real-life attack examples).\n\n## What Is Serialization?\n\nThe process of serialization converts a \u201clive\u201d object (structure and/or state), like a Java object, into a format that can be sent over the network, or stored in memory or on disk. Deserialization converts the format back into a \u201clive\u201d object.\n\nThe purpose of serialization is to preserve an object, meaning that the object will exist outside the lifetime of the local machine on which it is created.\n\nFor example, when withdrawing money from an ATM, the information of the account holder and the required operation is stored in a local object. Before this object is sent to the main server, it is serialized in order to perform and approve the needed operations. The server then deserializes the object to complete the operation.\n\n## Types of Serialization\n\nThere are many types of [serialization](<https://en.wikipedia.org/wiki/Serialization#Serialization_formats>) available, depending on the object which is being serialized and on the purpose. Almost all modern programming languages support serialization. In Java for example an object is converted into a compact representation using byte stream, and the byte stream can then be reverted back into a copy of that object.\n\nOther types of serialization include converting an object into a hierarchical format like JSON or XML. The advantage of this serialization is that the serialized objects can be read as plain text, instead of a byte stream.\n\n## Deserialization Vulnerabilities from the Past Three Months\n\nIn the [OWASP top 10 security risks of 2017](<https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf>) insecure deserialization came in at [eighth place](<https://www.owasp.org/index.php/Top_10-2017_A8-Insecure_Deserialization>) and rightfully so as we argued in our [previous blog](<https://www.imperva.com/blog/2017/12/the-state-of-web-application-vulnerabilities-in-2017/>) about the state of web application vulnerabilities in 2017.\n\nIn 2017, major new vulnerabilities related to insecure serialization, mostly in Java, were published (see Figure 1).\n\n**Name** | **Release Date (Day/Month/Year)** | **Vulnerability details** \n---|---|--- \nCVE-2017-12149 | 01/08/2017 | Vulnerability in the JBoss Application Server allows execution of arbitrary code via crafted serialized data because the HTTP Invoker does not restrict classes for which it performs deserialization \nCVE-2017-10271 | 21/06/2017 | Vulnerability in the Oracle WebLogic Server allows execution of arbitrary code due to insufficient sanitizing of user supplied inputs in the wls-wsat component \nCVE-2017-9805\n\n | 21/06/2017 | The REST Plugin in Apache Struts uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to remote code execution when deserializing XML payloads. \nCVE-2017-7504 | 05/04/2017 | The HTTPServerILServlet.java in JMS allows remote attackers to execute arbitrary code via crafted serialized data because it does not restrict the classes for which it performs deserialization \n \n_Figure 1: CVEs related to insecure deserialization_\n\nIn order to understand the magnitude of these vulnerabilities, we analyzed attacks from the past three months (October to December of 2017) that try to exploit insecure deserialization. A key observation is the _steep_ increase of deserialization attacks in the past few months, as can be seen in the Figure 2.\n\n \n_Figure 2: Insecure deserialization attacks over the course of three months_\n\nMost of the attackers used no attack vectors other than insecure deserialization. We noticed that each attacker was trying to exploit different vulnerabilities, with the above-mentioned CVEs being the most prevalent.\n\nFor a full list of CVEs related to insecure deserialization from the past few years see Figure 3.\n\n**Name** | **Relevant System** | **Public Exploit** | **Name** | **Relevant System** | **Public Exploit** \n---|---|---|---|---|--- \nCVE-2017-9844 | SAP NetWeaver | Yes | CVE-2016-2170 | Apache OFBiz | No \nCVE-2017-9830 | Code42 CrashPlan | No | CVE-2016-2003 | HP P9000, XP7 Command View Advanced Edition (CVAE) Suite | No \nCVE-2017-9805 | Apache Struts | Yes | CVE-2016-2000 | HP Asset Manager | No \nCVE-2017-7504 | Red Hat JBoss | Yes | CVE-2016-1999 | HP Release Control | No \nCVE-2017-5878 | Apache OpenMeetings | Yes | CVE-2016-1998 | HP Service Manager | No \nCVE-2017-5645 | Apache Log4j | No | CVE-2016-1997 | HP Operations Orchestration | No \nCVE-2017-5641 | Apache BlazeDS | Yes | CVE-2016-1986 | HP Continuous Delivery Automation | No \nCVE-2017-5586 | OpenText Documentum D2 | Yes | CVE-2016-1985 | HP Operations Manager | No \nCVE-2017-3159 | Apache Camel | Yes | CVE-2016-1487 | Lexmark Markvision Enterprise | No \nCVE-2017-3066 | Adobe ColdFusion | Yes | CVE-2016-1291 | Cisco Prime Infrastructure | Yes \nCVE-2017-2608 | Jenkins | Yes | CVE-2016-0958 | Adobe Experience Manager | No \nCVE-2017-12149 | Red Hat JBoss | Yes | CVE-2016-0788 | Jenkins | Yes \nCVE-2017-11284 | Adobe ColdFusion | No | CVE-2016-0779 | Apache TomEE | No \nCVE-2017-11283 | Adobe ColdFusion | No | CVE-2016-0714 | Apache Tomcat | No \nCVE-2017-1000353 | CloudBees Jenkins | Yes | CVE-2015-8765 | McAfee ePolicy Orchestrator | No \nCVE-2016-9606 | Resteasy | Yes | CVE-2015-8581 | Apache TomEE | No \nCVE-2016-9299 | Jenkins | Yes | CVE-2015-8545 | NetApp | No \nCVE-2016-8749 | Jackson (JSON) | Yes | CVE-2015-8360 | Atlassian Bamboo | No \nCVE-2016-8744 | Apache Brooklyn | Yes | CVE-2015-8238 | Unify OpenScape | No \nCVE-2016-8735 | Apache Tomcat JMX | Yes | CVE-2015-8237 | Unify OpenScape | No \nCVE-2016-7462 | VMWare vRealize Operations | No | CVE-2015-8103 | Jenkins | Yes \nCVE-2016-6809 | Apache Tika | No | CVE-2015-7501 | Red Hat JBoss | Yes \nCVE-2016-5229 | Atlassian Bamboo | Yes | CVE-2015-7501 | Oracle Application Testing Suite | No \nCVE-2016-5004 | Apache Archiva | Yes | CVE-2015-7450 | IBM Websphere | Yes \nCVE-2016-4385 | HP Network Automation | No | CVE-2015-7253 | Commvault Edge Server | Yes \nCVE-2016-4372 | HP iMC | No | CVE-2015-6934 | VMWare vCenter/vRealize | No \nCVE-2016-3642 | Solarwinds Virtualization Manager | Yes | CVE-2015-6576 | Atlassian Bamboo | No \nCVE-2016-3461 | Oracle MySQL Enterprise Monitor | Yes | CVE-2015-6555 | Symantec Endpoint Protection Manager | Yes \nCVE-2016-3427 | JMX | Yes | CVE-2015-6420 | Cisco (various frameworks) | No \nCVE-2016-3415 | Zimbra Collaboration | No | CVE-2015-5348 | Apache Camel | No \nCVE-2016-2510 | Red Hat JBoss BPM Suite | No | CVE-2015-5254 | Apache ActiveMQ | No \nCVE-2016-2173 | Spring AMPQ | No | CVE-2015-4852 | Oracle WebLogic | Yes \nCVE-2016-2170 | Apache OFBiz | No | CVE-2015-3253 | Jenkins | Yes \nCVE-2016-2003 | HP P9000, XP7 Command View Advanced Edition (CVAE) Suite | No | CVE-2012-4858 | IBM Congnos BI | No \n \n_Figure 3: CVEs related to insecure deserialization_\n\n## Deserialization Attacks in the Wild\n\nMost of the attacks that we saw are related to byte-stream serialization of Java objects. Also, we saw some attacks related to serialization to XML and other formats, see Figure 4.\n\n \n_Figure 4: Distribution of vulnerabilities over different serialization formats_\n\nIn the following attack (see Figure 5) the attacker is trying to exploit CVE-2017-10271. The payload is sent in the HTTP request\u2019s body using a serialized Java object through XML representation.\n\n[](<https://www.imperva.com/blog/wp-content/uploads/2018/01/Attack-vector-containing-serialized-java-array-into-XML-fig-5.png>)\n\n_Figure 5: Attack vector containing a serialized java array into an XML_\n\nThe fact that this is a Java array can be seen by the hierarchical structure of the parameters, with the suffix of **\u201cjava/void/array/void/string\u201d**. The attacker is trying to run a bash script on the attacked server.\n\nThis bash script tries to send an HTTP request using \u201cwget\u201d OS command, download a shell script disguised as a picture file (note the jpg file extension) and run it. Few interesting notes can be made examining this command:\n\n * The existence of shell and \u201cwget\u201d commands indicate that this payload is targeting Linux systems\n * Using a picture file extension is usually done to evade security controls\n * The **\u201c-q\u201d** parameter to \u201cwget\u201d stands for \u201cquiet\u201d, this means that \u201cwget\u201d will have no output to the console, hence it will be harder to note that such a request was even made. Once the downloaded script runs the server is infected with a crypto mining malware trying to mine Monero digital coins (a crypto currency similar to Bitcoin).\n\nThe next script (see Figure 6) tries to exploit the same vulnerability, but this time the payload is targeting Windows servers using cmd.exe and Powershell commands to download the malware and run it.\n\n[](<https://www.imperva.com/blog/wp-content/uploads/2018/01/Attack-vector-infect-Windows-server-with-crypto-mining-malware-fig-6.png>)\n\n_Figure 6: Attack vector trying to infect Windows server with crypto mining malware_\n\nThis indicates that there are two different infection methods for Windows and Linux server, each system with its designated script.\n\nAnother example is the following payload (Figure 7) that we pulled from an attack trying to exploit a [deserialization vulnerability](<http://seclists.org/oss-sec/2016/q1/461>) with a Java serialized object.\n\n[](<https://www.imperva.com/blog/wp-content/uploads/2018/01/Attack-vector-containing-java-serialized-object.jpg>)\n\n_Figure 7: Attack vector containing a Java serialized object trying to download a crypto miner_\n\nThe \u201cbad\u201d encoding is an artifact of Java serialization, where the object is represented in the byte stream.\n\nStill, we can see a script in plain text marked in yellow. Shown as an image below is a variable that defines an internal field separator, where in this case it is just a variable for space. The variable is probably used instead of a space to try to make the payload harder to detect.\n\n[](<https://www.imperva.com/blog/wp-content/uploads/2018/01/insert-into-paragraph.jpg>)\n\nJust as in the previous examples, this Bash script targets Linux servers that send an HTTP request using \u201cwget\u201d to download a crypto miner.\n\n## Beyond Insecure Deserialization\n\nThe common denominator of the attacks above is that attackers are trying to infect the server with a crypto mining malware by using an insecure deserialization vulnerability. However insecure deserialization is not the only method to achieve this goal.\n\nBelow (Figure 8) we see an example of another attack payload, this time at the \u201cContent-Type\u201d header.\n\n[](<https://www.imperva.com/blog/wp-content/uploads/2018/01/Attack-vector-using-RCE-vulnerability-of-Apache-Struts-fig-8.jpg>)\n\n_Figure 8: Attack vector using an RCE vulnerability of Apache Struts_\n\nThis attack tries to exploit **CVE-2017-5638**, a well-known RCE vulnerability related to Apache Struts which was published in March 2017 and was covered in a [previous blog post](<https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/>).\n\nWhen it was originally published we saw no indications of crypto miners in the attacks\u2019 payloads related to this CVE, and most of the payloads were reconnaissance attacks.\n\nHowever, in this attack the payload (marked in yellow above) is very similar to the payload from the previous example. Using the same remote server and the exact same script, it infected the server with crypto mining malware.\n\nThis old attack method with a new payload suggests a new trend in the cyber arena \u2013 attackers try to exploit RCE vulnerabilities, new and old, to turn vulnerable servers into crypto miners and get a faster ROI for their \u201ceffort\u201d.\n\n## Recommendations\n\nGiven the many new vulnerabilities related to insecure deserialization that were discovered this year, and its appearance in the OWASP top 10 security risks, we expect to see newer related vulnerabilities released in 2018. In the meantime, organizations using affected servers are advised to use the latest patch to mitigate these vulnerabilities.\n\nAn alternative to manual patching is virtual patching. Virtual patching actively protects web applications from attacks, reducing the window of exposure and decreasing the cost of emergency patches and fix cycles.\n\nA WAF that provides virtual patching doesn\u2019t interfere with the normal application workflow, and keeps the site protected while allowing the site owners to control the patching process timeline.\n\nLearn more about how to protect your web applications from vulnerabilities with [Imperva WAF solutions](<https://www.imperva.com/products/application-security/web-application-firewall-waf/>).", "published": "2018-01-24T17:45:08", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.imperva.com/blog/2018/01/deserialization-attacks-surge-motivated-by-illegal-crypto-mining/", "cvelist": ["CVE-2012-4858", "CVE-2015-3253", "CVE-2015-4852", "CVE-2015-5254", "CVE-2015-5348", "CVE-2015-6420", "CVE-2015-6555", "CVE-2015-6576", "CVE-2015-6934", "CVE-2015-7253", "CVE-2015-7450", "CVE-2015-7501", "CVE-2015-8103", "CVE-2015-8237", "CVE-2015-8238", "CVE-2015-8360", "CVE-2015-8545", "CVE-2015-8581", "CVE-2015-8765", "CVE-2016-0714", "CVE-2016-0779", "CVE-2016-0788", "CVE-2016-0958", "CVE-2016-1291", "CVE-2016-1487", "CVE-2016-1985", "CVE-2016-1986", "CVE-2016-1997", "CVE-2016-1998", "CVE-2016-1999", "CVE-2016-2000", "CVE-2016-2003", "CVE-2016-2170", "CVE-2016-2173", "CVE-2016-2510", "CVE-2016-3415", "CVE-2016-3427", "CVE-2016-3461", "CVE-2016-3642", "CVE-2016-4372", "CVE-2016-4385", "CVE-2016-5004", "CVE-2016-5229", "CVE-2016-6809", "CVE-2016-7462", "CVE-2016-8735", "CVE-2016-8744", "CVE-2016-8749", "CVE-2016-9299", "CVE-2016-9606", "CVE-2017-1000353", "CVE-2017-10271", "CVE-2017-11283", "CVE-2017-11284", "CVE-2017-12149", "CVE-2017-2608", "CVE-2017-3066", "CVE-2017-3159", "CVE-2017-5586", "CVE-2017-5638", "CVE-2017-5641", "CVE-2017-5645", "CVE-2017-5878", "CVE-2017-7504", "CVE-2017-9805", "CVE-2017-9830", "CVE-2017-9844"], "lastseen": "2018-01-25T09:59:26"}]}}
