Lucene search

K
nessusThis script is Copyright (C) 2008-2022 and is owned by Tenable, Inc. or an Affiliate thereof.SUN_JAVA_JRE_JPIEXP32_DOS.NASL
HistoryFeb 01, 2008 - 12:00 a.m.

Sun Java JRE jpiexp32.dll NULL Pointer Remote DoS

2008-02-0100:00:00
This script is Copyright (C) 2008-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.005 Low

EPSS

Percentile

76.4%

According to its version number, the Sun Java Runtime Environment (JRE) installed on the remote host reportedly contains an issue in ‘jpiexp32.dll’ that can lead to a NULL pointer exception when an HTML object references a Java applet but does not define the ‘name’ attribute. If a remote attacker can trick a user on the affected host into visiting a specially crafted web page, this issue could be leveraged to cause the JRE and Internet Explorer to crash.

#%NASL_MIN_LEVEL 70300
#
#  (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(30148);
  script_version("1.26");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id("CVE-2007-0012");
  script_bugtraq_id(27185);

  script_name(english:"Sun Java JRE jpiexp32.dll NULL Pointer Remote DoS");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host has an application that is prone to a denial
of service attack.");
  script_set_attribute(attribute:"description", value:
"According to its version number, the Sun Java Runtime Environment
(JRE) installed on the remote host reportedly contains an issue in
'jpiexp32.dll' that can lead to a NULL pointer exception when an HTML
object references a Java applet but does not define the 'name'
attribute.  If a remote attacker can trick a user on the affected host
into visiting a specially crafted web page, this issue could be 
leveraged to cause the JRE and Internet Explorer to crash.");
  script_set_attribute(attribute:"see_also", value:"http://research.corsaire.com/advisories/c060905-002.txt");
  script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/archive/1/485942/100/0/threaded");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Sun Java 2 JDK and JRE 5.0 update 14 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20);

  script_set_attribute(attribute:"patch_publication_date", value:"2008/01/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2008/02/01");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2008-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("sun_java_jre_installed.nasl");
  script_require_keys("SMB/Java/JRE/Installed");

  exit(0);
}


include("global_settings.inc");
include("misc_func.inc");


# Check each installed JRE.
installs = get_kb_list("SMB/Java/JRE/*");
if (isnull(installs)) exit(1, "The 'SMB/Java/JRE/' KB item is missing.");

info = "";
vuln = 0;
installed_versions = "";

foreach install (list_uniq(keys(installs)))
{
  ver = install - "SMB/Java/JRE/";
  if (ver =~ "^[0-9.]+")
    installed_versions = installed_versions + " & " + ver;
  if (ver =~ "^1\.5\.0_(0[0-9]|1[0-3])[^0-9]?")
  {
    dirs = make_list(get_kb_list(install));
    vuln += max_index(dirs);

    foreach dir (dirs)
      info += '\n  Path              : ' + dir;

    info += '\n  Installed version : ' + ver;
    info += '\n  Fixed version     : 1.5.0_14\n';
  }
}


# Report if any were found to be vulnerable.
if (info)
{
  port = get_kb_item("SMB/transport");
  if (!port) port = 445;

  if (report_verbosity > 0)
  {
    if (vuln > 1) s = "s of Java are";
    else s = " of Java is";

    report =
      '\n' +
      'The following vulnerable instance'+s+' installed on the\n' +
      'remote host :\n' +
      info;
    security_warning(port:port, extra:report);
  }
  else security_warning(port);
  exit(0);
}
else
{
  installed_versions = substr(installed_versions, 3);
  if (" & " >< installed_versions)
    exit(0, "The Java "+installed_versions+" installs on the remote host are not affected.");
  else
    exit(0, "The Java "+installed_versions+" install on the remote host is not affected.");
}
VendorProductVersionCPE
oraclejrecpe:/a:oracle:jre

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.005 Low

EPSS

Percentile

76.4%

Related for SUN_JAVA_JRE_JPIEXP32_DOS.NASL