{"id": "SUSE_11_3_ICEDTEA-WEB-110721.NASL", "bulletinFamily": "scanner", "title": "openSUSE Security Update : icedtea-web (openSUSE-SU-2011:0829-1)", "description": "This update of icedtea/icedtea-web fixes two issues :\n\n - CVE-2011-2513: CVSS v2 Base Score: 4.3: An information leak allows unsigned Web Start applications to determine the path to the cache directory used to store downloaded class and jar files.\n\n - CVE-2011-2514: CVSS v2 Base Score: 5.1 An unsigned Web Start application could manipulate content of the security warning dialog message to show different file name in prompts.", "published": "2014-06-13T00:00:00", "modified": "2014-06-13T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=75528", "reporter": "Tenable", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=704309", "http://lists.opensuse.org/opensuse-updates/2011-07/msg00032.html"], "cvelist": ["CVE-2011-2513", "CVE-2011-2514"], "type": "nessus", "lastseen": "2018-09-01T23:34:59", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:opensuse:icedtea-web-javadoc", "p-cpe:/a:novell:opensuse:icedtea-web", "cpe:/o:novell:opensuse:11.3"], "cvelist": ["CVE-2011-2513", "CVE-2011-2514"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "This update of icedtea/icedtea-web fixes two issues :\n\n - CVE-2011-2513: CVSS v2 Base Score: 4.3: An information leak allows unsigned Web Start applications to determine the path to the cache directory used to store downloaded class and jar files.\n\n - CVE-2011-2514: CVSS v2 Base Score: 5.1 An unsigned Web Start application could manipulate content of the security warning dialog message to show different file name in prompts.", "edition": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "e4ffe2f9ea44160d12d863daf35309fb49e5ee19606c3a4abc486de78a447f4f", "hashmap": [{"hash": "2e8e84c91b8d6fedc67bed691465ea6f", "key": "sourceData"}, {"hash": "ecd5fc45296715ea6c4c15734b84b65d", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "1a6f71114b08c88acc5e08f5552d2082", "key": "cpe"}, {"hash": "c469b49eb9e4009bd91fa7f5f13c91b2", "key": "pluginID"}, {"hash": "517a85e900aacc23358d1e86ab16f531", "key": "references"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "modified"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0f8a258758a02071b6e7c0c85982c7ce", "key": "href"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "fa652820ce7b209653c33ca07c8e0b1d", "key": "cvelist"}, {"hash": "9bb35dc09393feef97880f3c0f3af337", "key": "title"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=75528", "id": "SUSE_11_3_ICEDTEA-WEB-110721.NASL", "lastseen": "2017-10-29T13:34:12", "modified": "2014-06-13T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "75528", "published": "2014-06-13T00:00:00", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=704309", "http://lists.opensuse.org/opensuse-updates/2011-07/msg00032.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update icedtea-web-4910.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75528);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/06/13 21:55:23 $\");\n\n script_cve_id(\"CVE-2011-2513\", \"CVE-2011-2514\");\n\n script_name(english:\"openSUSE Security Update : icedtea-web (openSUSE-SU-2011:0829-1)\");\n script_summary(english:\"Check for the icedtea-web-4910 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of icedtea/icedtea-web fixes two issues :\n\n - CVE-2011-2513: CVSS v2 Base Score: 4.3: An information\n leak allows unsigned Web Start applications to determine\n the path to the cache directory used to store downloaded\n class and jar files.\n\n - CVE-2011-2514: CVSS v2 Base Score: 5.1 An unsigned Web\n Start application could manipulate content of the\n security warning dialog message to show different file\n name in prompts.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2011-07/msg00032.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=704309\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected icedtea-web packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icedtea-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icedtea-web-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"icedtea-web-1.1-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"icedtea-web-javadoc-1.1-0.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-web\");\n}\n", "title": "openSUSE Security Update : icedtea-web (openSUSE-SU-2011:0829-1)", "type": "nessus", "viewCount": 1}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2017-10-29T13:34:12"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2011-2513", "CVE-2011-2514"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "This update of icedtea/icedtea-web fixes two issues :\n\n - CVE-2011-2513: CVSS v2 Base Score: 4.3: An information leak allows unsigned Web Start applications to determine the path to the cache directory used to store downloaded class and jar files.\n\n - CVE-2011-2514: CVSS v2 Base Score: 5.1 An unsigned Web Start application could manipulate content of the security warning dialog message to show different file name in prompts.", "edition": 1, "enchantments": {}, "hash": "f68c35473611442bb474a3ca35aabe05108377e17d121ce95c517c2ad21e3c59", "hashmap": [{"hash": "2e8e84c91b8d6fedc67bed691465ea6f", "key": "sourceData"}, {"hash": "ecd5fc45296715ea6c4c15734b84b65d", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "c469b49eb9e4009bd91fa7f5f13c91b2", "key": "pluginID"}, {"hash": "517a85e900aacc23358d1e86ab16f531", "key": "references"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "modified"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0f8a258758a02071b6e7c0c85982c7ce", "key": "href"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "fa652820ce7b209653c33ca07c8e0b1d", "key": "cvelist"}, {"hash": "9bb35dc09393feef97880f3c0f3af337", "key": "title"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=75528", "id": "SUSE_11_3_ICEDTEA-WEB-110721.NASL", "lastseen": "2016-09-26T17:23:27", "modified": "2014-06-13T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.2", "pluginID": "75528", "published": "2014-06-13T00:00:00", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=704309", "http://lists.opensuse.org/opensuse-updates/2011-07/msg00032.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update icedtea-web-4910.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75528);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/06/13 21:55:23 $\");\n\n script_cve_id(\"CVE-2011-2513\", \"CVE-2011-2514\");\n\n script_name(english:\"openSUSE Security Update : icedtea-web (openSUSE-SU-2011:0829-1)\");\n script_summary(english:\"Check for the icedtea-web-4910 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of icedtea/icedtea-web fixes two issues :\n\n - CVE-2011-2513: CVSS v2 Base Score: 4.3: An information\n leak allows unsigned Web Start applications to determine\n the path to the cache directory used to store downloaded\n class and jar files.\n\n - CVE-2011-2514: CVSS v2 Base Score: 5.1 An unsigned Web\n Start application could manipulate content of the\n security warning dialog message to show different file\n name in prompts.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2011-07/msg00032.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=704309\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected icedtea-web packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icedtea-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icedtea-web-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"icedtea-web-1.1-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"icedtea-web-javadoc-1.1-0.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-web\");\n}\n", "title": "openSUSE Security Update : icedtea-web (openSUSE-SU-2011:0829-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:23:27"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:opensuse:icedtea-web-javadoc", "p-cpe:/a:novell:opensuse:icedtea-web", "cpe:/o:novell:opensuse:11.3"], "cvelist": ["CVE-2011-2513", "CVE-2011-2514"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "This update of icedtea/icedtea-web fixes two issues :\n\n - CVE-2011-2513: CVSS v2 Base Score: 4.3: An information leak allows unsigned Web Start applications to determine the path to the cache directory used to store downloaded class and jar files.\n\n - CVE-2011-2514: CVSS v2 Base Score: 5.1 An unsigned Web Start application could manipulate content of the security warning dialog message to show different file name in prompts.", "edition": 3, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "27f41f37a69524d71b8582bd33d072b426a0f94914d3de3413bccf5ba8c2a67a", "hashmap": [{"hash": "2e8e84c91b8d6fedc67bed691465ea6f", "key": "sourceData"}, {"hash": "ecd5fc45296715ea6c4c15734b84b65d", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "1a6f71114b08c88acc5e08f5552d2082", "key": "cpe"}, {"hash": "c469b49eb9e4009bd91fa7f5f13c91b2", "key": "pluginID"}, {"hash": "517a85e900aacc23358d1e86ab16f531", "key": "references"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "modified"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "published"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0f8a258758a02071b6e7c0c85982c7ce", "key": "href"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "fa652820ce7b209653c33ca07c8e0b1d", "key": "cvelist"}, {"hash": "9bb35dc09393feef97880f3c0f3af337", "key": "title"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=75528", "id": "SUSE_11_3_ICEDTEA-WEB-110721.NASL", "lastseen": "2018-08-30T19:32:12", "modified": "2014-06-13T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "75528", "published": "2014-06-13T00:00:00", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=704309", "http://lists.opensuse.org/opensuse-updates/2011-07/msg00032.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update icedtea-web-4910.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75528);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/06/13 21:55:23 $\");\n\n script_cve_id(\"CVE-2011-2513\", \"CVE-2011-2514\");\n\n script_name(english:\"openSUSE Security Update : icedtea-web (openSUSE-SU-2011:0829-1)\");\n script_summary(english:\"Check for the icedtea-web-4910 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of icedtea/icedtea-web fixes two issues :\n\n - CVE-2011-2513: CVSS v2 Base Score: 4.3: An information\n leak allows unsigned Web Start applications to determine\n the path to the cache directory used to store downloaded\n class and jar files.\n\n - CVE-2011-2514: CVSS v2 Base Score: 5.1 An unsigned Web\n Start application could manipulate content of the\n security warning dialog message to show different file\n name in prompts.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2011-07/msg00032.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=704309\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected icedtea-web packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icedtea-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icedtea-web-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"icedtea-web-1.1-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"icedtea-web-javadoc-1.1-0.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-web\");\n}\n", "title": "openSUSE Security Update : icedtea-web (openSUSE-SU-2011:0829-1)", "type": "nessus", "viewCount": 1}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:32:12"}], "edition": 4, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "1a6f71114b08c88acc5e08f5552d2082"}, {"key": "cvelist", "hash": "fa652820ce7b209653c33ca07c8e0b1d"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "ecd5fc45296715ea6c4c15734b84b65d"}, {"key": "href", "hash": "0f8a258758a02071b6e7c0c85982c7ce"}, {"key": "modified", "hash": "02fcc0c238d215158fbaabb854c5b3df"}, {"key": "naslFamily", "hash": "71a40666da62ba38d22539c8277870c7"}, {"key": "pluginID", "hash": "c469b49eb9e4009bd91fa7f5f13c91b2"}, {"key": "published", "hash": "02fcc0c238d215158fbaabb854c5b3df"}, {"key": "references", "hash": "517a85e900aacc23358d1e86ab16f531"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "2e8e84c91b8d6fedc67bed691465ea6f"}, {"key": "title", "hash": "9bb35dc09393feef97880f3c0f3af337"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "e4ffe2f9ea44160d12d863daf35309fb49e5ee19606c3a4abc486de78a447f4f", "viewCount": 1, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update icedtea-web-4910.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75528);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/06/13 21:55:23 $\");\n\n script_cve_id(\"CVE-2011-2513\", \"CVE-2011-2514\");\n\n script_name(english:\"openSUSE Security Update : icedtea-web (openSUSE-SU-2011:0829-1)\");\n script_summary(english:\"Check for the icedtea-web-4910 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of icedtea/icedtea-web fixes two issues :\n\n - CVE-2011-2513: CVSS v2 Base Score: 4.3: An information\n leak allows unsigned Web Start applications to determine\n the path to the cache directory used to store downloaded\n class and jar files.\n\n - CVE-2011-2514: CVSS v2 Base Score: 5.1 An unsigned Web\n Start application could manipulate content of the\n security warning dialog message to show different file\n name in prompts.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2011-07/msg00032.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=704309\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected icedtea-web packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icedtea-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icedtea-web-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"icedtea-web-1.1-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"icedtea-web-javadoc-1.1-0.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-web\");\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "75528", "cpe": ["p-cpe:/a:novell:opensuse:icedtea-web-javadoc", "p-cpe:/a:novell:opensuse:icedtea-web", "cpe:/o:novell:opensuse:11.3"]}

{"cve": [{"lastseen": "2016-09-03T15:28:07", "references": ["http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html", "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html", "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/512de5d90388", "http://ubuntu.com/usn/usn-1178-1", "http://rhn.redhat.com/errata/RHSA-2011-1100.html", "https://bugzilla.redhat.com/show_bug.cgi?id=718170", "http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b99f9a9769e0", "http://securitytracker.com/id?1025854"], "edition": 1, "description": "The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warning dialog box to represent a different filename than the file for which access will be granted.", "reporter": "NVD", "published": "2014-05-13T20:55:04", "title": "CVE-2011-2514", "type": "cve", "enchantments": {"score": {"modified": "2016-09-03T15:28:07", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2011-2514"], "scanner": [], "modified": "2014-06-25T14:10:18", "cpe": ["cpe:/a:redhat:icedtea-web:1.0", "cpe:/a:redhat:icedtea6:1.9.2", "cpe:/a:redhat:icedtea6:1.9.5", "cpe:/a:redhat:icedtea6:1.9.6", "cpe:/a:redhat:icedtea6:1.9.1", "cpe:/a:redhat:icedtea6:1.8.7", "cpe:/a:redhat:icedtea6:1.8.5", "cpe:/a:redhat:icedtea6:1.8.3", "cpe:/a:redhat:icedtea-web:1.0.1", "cpe:/a:redhat:icedtea6:1.8.1", "cpe:/a:redhat:icedtea-web:1.0.2", "cpe:/a:redhat:icedtea6:1.8.8", "cpe:/a:redhat:icedtea6:1.9.3", "cpe:/a:redhat:icedtea6:1.8.6", "cpe:/a:redhat:icedtea-web:1.1", "cpe:/a:redhat:icedtea6:1.9.7", "cpe:/a:redhat:icedtea6:1.8.2", "cpe:/a:redhat:icedtea6:1.8.4", "cpe:/a:redhat:icedtea6:1.9.8", "cpe:/a:redhat:icedtea6:1.8", "cpe:/a:redhat:icedtea-web:1.0.3", "cpe:/a:redhat:icedtea6:1.9.4"], "id": "CVE-2011-2514", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2514", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-03T15:28:05", "references": ["http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html", "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html", "http://ubuntu.com/usn/usn-1178-1", "http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b29fdd0f4d04", "http://rhn.redhat.com/errata/RHSA-2011-1100.html", "https://bugzilla.redhat.com/show_bug.cgi?id=718164", "http://securitytracker.com/id?1025854", "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/c7ce6c0e6227"], "edition": 1, "description": "The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader.", "reporter": "NVD", "published": "2014-05-13T20:55:04", "title": "CVE-2011-2513", "type": "cve", "enchantments": {"score": {"modified": "2016-09-03T15:28:05", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2011-2513"], "scanner": [], "modified": "2014-06-25T14:09:28", "cpe": ["cpe:/a:redhat:icedtea-web:1.0", "cpe:/a:redhat:icedtea6:1.9.2", "cpe:/a:redhat:icedtea6:1.9.5", "cpe:/a:redhat:icedtea6:1.9.6", "cpe:/a:redhat:icedtea6:1.9.1", "cpe:/a:redhat:icedtea6:1.8.7", "cpe:/a:redhat:icedtea6:1.8.5", "cpe:/a:redhat:icedtea6:1.8.3", "cpe:/a:redhat:icedtea-web:1.0.1", "cpe:/a:redhat:icedtea6:1.8.1", "cpe:/a:redhat:icedtea-web:1.0.2", "cpe:/a:redhat:icedtea6:1.8.8", "cpe:/a:redhat:icedtea6:1.9.3", "cpe:/a:redhat:icedtea6:1.8.6", "cpe:/a:redhat:icedtea-web:1.1", "cpe:/a:redhat:icedtea6:1.9.7", "cpe:/a:redhat:icedtea6:1.8.2", "cpe:/a:redhat:icedtea6:1.8.4", "cpe:/a:redhat:icedtea6:1.9.8", "cpe:/a:redhat:icedtea6:1.8", "cpe:/a:redhat:icedtea-web:1.0.3", "cpe:/a:redhat:icedtea6:1.9.4"], "id": "CVE-2011-2513", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2513", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:08:31", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2011-2513", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-2514"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "10.10", "packageVersion": "6b20-1.9.9-0ubuntu1~10.10.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea6-plugin", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b20-1.9.9-0ubuntu1~10.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea6-plugin", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.04", "packageVersion": "1.1.1-0ubuntu1~11.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea-netx", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.04", "packageVersion": "1.1.1-0ubuntu1~11.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea-plugin", "operator": "lt"}], "description": "Omair Majid discovered that an unsigned Web Start application or applet could determine the path to the cache directory used to store downloaded class and jar files by querying class loader properties. This could allow a remote attacker to discover a user\u2019s name and home directory path. (CVE-2011-2513)\n\nOmair Majid discovered that an unsigned Web Start application could manipulate the content of the security warning dialog message to show different file names in prompts. This could allow a remote attacker to confuse a user into granting access to a different file than they believe they are granting access to. This issue only affected Ubuntu 11.04. (CVE-2011-2514)", "edition": 3, "reporter": "Ubuntu", "published": "2011-07-27T00:00:00", "title": "IcedTea-Web, OpenJDK 6 vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-2513", "CVE-2011-2514"], "modified": "2011-07-27T00:00:00", "id": "USN-1178-1", "href": "https://usn.ubuntu.com/1178-1/", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-09-02T00:03:07", "references": ["1178-1", "http://www.ubuntu.com/usn/usn-1178-1/"], "pluginID": "1361412562310840712", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1178-1", "edition": 5, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-08-02T00:00:00", "title": "Ubuntu Update for icedtea-web USN-1178-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2513", "CVE-2011-2514"], "modified": "2018-08-17T00:00:00", "id": "OPENVAS:1361412562310840712", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840712", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1178_1.nasl 11037 2018-08-17 11:51:16Z cfischer $\n#\n# Ubuntu Update for icedtea-web USN-1178-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1178-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840712\");\n script_version(\"$Revision: 11037 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-17 13:51:16 +0200 (Fri, 17 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-02 09:08:31 +0200 (Tue, 02 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"USN\", value:\"1178-1\");\n script_cve_id(\"CVE-2011-2513\", \"CVE-2011-2514\");\n script_name(\"Ubuntu Update for icedtea-web USN-1178-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.10|10\\.04 LTS|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1178-1\");\n script_tag(name:\"affected\", value:\"icedtea-web on Ubuntu 11.04,\n Ubuntu 10.10,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Omair Majid discovered that an unsigned Web Start application\n or applet could determine the path to the cache directory used\n to store downloaded class and jar files by querying class loader\n properties. This could allow a remote attacker to discover a user's\n name and home directory path. (CVE-2011-2513)\n\n Omair Majid discovered that an unsigned Web Start application could\n manipulate the content of the security warning dialog message to show\n different file names in prompts. This could allow a remote attacker\n to confuse a user into granting access to a different file than they\n believe they are granting access to. This issue only affected Ubuntu\n 11.04. (CVE-2011-2514)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea6-plugin\", ver:\"6b20-1.9.9-0ubuntu1~10.10.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea6-plugin\", ver:\"6b20-1.9.9-0ubuntu1~10.04.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-netx\", ver:\"1.1.1-0ubuntu1~11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-plugin\", ver:\"1.1.1-0ubuntu1~11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-11T11:06:12", "references": ["2011:1100-01", "https://www.redhat.com/archives/rhsa-announce/2011-July/msg00032.html"], "pluginID": "870699", "description": "Check for the Version of icedtea-web", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-06-06T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "RedHat Update for icedtea-web RHSA-2011:1100-01", "type": "openvas", "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2513", "CVE-2011-2514"], "modified": "2018-01-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870699", "id": "OPENVAS:870699", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for icedtea-web RHSA-2011:1100-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The IcedTea-Web project provides a Java web browser plug-in and an\n implementation of Java Web Start, which is based on the Netx project. It\n also contains a configuration tool for managing deployment settings for the\n plug-in and Web Start implementations.\n\n A flaw was discovered in the JNLP (Java Network Launching Protocol)\n implementation in IcedTea-Web. An unsigned Java Web Start application\n could use this flaw to manipulate the content of a Security Warning\n dialog box, to trick a user into granting the application unintended access\n permissions to local files. (CVE-2011-2514)\n\n An information disclosure flaw was discovered in the JNLP implementation in\n IcedTea-Web. An unsigned Java Web Start application or Java applet could\n use this flaw to determine the path to the cache directory used to store\n downloaded Java class and archive files, and therefore determine the user's\n login name. (CVE-2011-2513)\n\n All icedtea-web users should upgrade to these updated packages, which\n contain backported patches to correct these issues.\";\n\ntag_affected = \"icedtea-web on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(870699);\n script_version(\"$Revision: 8352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-10 08:01:57 +0100 (Wed, 10 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-06 10:50:25 +0530 (Wed, 06 Jun 2012)\");\n script_cve_id(\"CVE-2011-2513\", \"CVE-2011-2514\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2011:1100-01\");\n script_name(\"RedHat Update for icedtea-web RHSA-2011:1100-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of icedtea-web\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-July/msg00032.html\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.0.4~2.el6_1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"icedtea-web-debuginfo\", rpm:\"icedtea-web-debuginfo~1.0.4~2.el6_1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:49:23", "references": ["http://linux.oracle.com/errata/ELSA-2011-1100.html"], "pluginID": "1361412562310122126", "description": "Oracle Linux Local Security Checks ELSA-2011-1100", "edition": 5, "reporter": "Eero Volotinen", "published": "2015-10-06T00:00:00", "title": "Oracle Linux Local Check: ELSA-2011-1100", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2513", "CVE-2011-2514"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:1361412562310122126", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122126", "sourceData": "# OpenVAS Vulnerability Test \n# Description: Oracle Linux Local Check \n# $Id: ELSA-2011-1100.nasl 6556 2017-07-06 11:54:54Z cfischer $\n \n# Authors: \n# Eero Volotinen <eero.volotinen@solinor.com> \n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.122126\");\nscript_version(\"$Revision: 6556 $\");\nscript_tag(name:\"creation_date\", value:\"2015-10-06 14:13:30 +0300 (Tue, 06 Oct 2015)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 13:54:54 +0200 (Thu, 06 Jul 2017) $\");\nscript_name(\"Oracle Linux Local Check: ELSA-2011-1100\");\nscript_tag(name: \"insight\", value: \"ELSA-2011-1100 - icedtea-web security update - [1.0.4-2]- Added patch to make plugin table size mismatch a warning instead of error[1.0.4-1]- Bump to 1.0.4- Resolves rhbz#718180\"); \nscript_tag(name : \"solution\", value : \"update software\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_tag(name : \"summary\", value : \"Oracle Linux Local Security Checks ELSA-2011-1100\");\nscript_xref(name : \"URL\" , value : \"http://linux.oracle.com/errata/ELSA-2011-1100.html\");\nscript_cve_id(\"CVE-2011-2513\",\"CVE-2011-2514\");\nscript_tag(name:\"cvss_base\", value:\"6.8\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\");\nscript_category(ACT_GATHER_INFO);\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Oracle Linux Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\nrelease = get_kb_item(\"ssh/login/release\");\nres = \"\";\nif(release == NULL)\n{\n exit(0);\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.0.4~2.el6_1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"icedtea-web-javadoc\", rpm:\"icedtea-web-javadoc~1.0.4~2.el6_1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n\n}\nif (__pkg_match) exit(99); #Not vulnerable\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:03:06", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062852.html", "2011-9541"], "pluginID": "1361412562310863375", "description": "Check for the Version of icedtea-web", "edition": 4, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-07-27T00:00:00", "title": "Fedora Update for icedtea-web FEDORA-2011-9541", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2513", "CVE-2011-2514"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310863375", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863375", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for icedtea-web FEDORA-2011-9541\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"icedtea-web on Fedora 15\";\ntag_insight = \"The IcedTea-Web project provides a Java web browser plugin, an implementation\n of Java Web Start (originally based on the Netx project) and a settings tool to\n manage deployment settings for the aforementioned plugin and Web Start\n implementations.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062852.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863375\");\n script_version(\"$Revision: 9371 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:55:06 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-27 14:47:11 +0200 (Wed, 27 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-9541\");\n script_cve_id(\"CVE-2011-2513\", \"CVE-2011-2514\");\n script_name(\"Fedora Update for icedtea-web FEDORA-2011-9541\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of icedtea-web\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.0.4~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:26:52", "references": ["1178-1", "http://www.ubuntu.com/usn/usn-1178-1/"], "pluginID": "840712", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1178-1", "edition": 4, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-08-02T00:00:00", "title": "Ubuntu Update for icedtea-web USN-1178-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2513", "CVE-2011-2514"], "modified": "2017-12-01T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840712", "id": "OPENVAS:840712", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1178_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for icedtea-web USN-1178-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Omair Majid discovered that an unsigned Web Start application\n or applet could determine the path to the cache directory used\n to store downloaded class and jar files by querying class loader\n properties. This could allow a remote attacker to discover a user's\n name and home directory path. (CVE-2011-2513)\n\n Omair Majid discovered that an unsigned Web Start application could\n manipulate the content of the security warning dialog message to show\n different file names in prompts. This could allow a remote attacker\n to confuse a user into granting access to a different file than they\n believe they are granting access to. This issue only affected Ubuntu\n 11.04. (CVE-2011-2514)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1178-1\";\ntag_affected = \"icedtea-web on Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1178-1/\");\n script_id(840712);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-02 09:08:31 +0200 (Tue, 02 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"1178-1\");\n script_cve_id(\"CVE-2011-2513\", \"CVE-2011-2514\");\n script_name(\"Ubuntu Update for icedtea-web USN-1178-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea6-plugin\", ver:\"6b20-1.9.9-0ubuntu1~10.10.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea6-plugin\", ver:\"6b20-1.9.9-0ubuntu1~10.04.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-netx\", ver:\"1.1.1-0ubuntu1~11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-plugin\", ver:\"1.1.1-0ubuntu1~11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:51", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062852.html", "2011-9541"], "pluginID": "863375", "description": "Check for the Version of icedtea-web", "edition": 2, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-07-27T00:00:00", "title": "Fedora Update for icedtea-web FEDORA-2011-9541", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2513", "CVE-2011-2514"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=863375", "id": "OPENVAS:863375", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for icedtea-web FEDORA-2011-9541\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"icedtea-web on Fedora 15\";\ntag_insight = \"The IcedTea-Web project provides a Java web browser plugin, an implementation\n of Java Web Start (originally based on the Netx project) and a settings tool to\n manage deployment settings for the aforementioned plugin and Web Start\n implementations.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062852.html\");\n script_id(863375);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-27 14:47:11 +0200 (Wed, 27 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-9541\");\n script_cve_id(\"CVE-2011-2513\", \"CVE-2011-2514\");\n script_name(\"Fedora Update for icedtea-web FEDORA-2011-9541\");\n\n script_summary(\"Check for the Version of icedtea-web\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.0.4~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:58:26", "references": ["2011:1100-01", "https://www.redhat.com/archives/rhsa-announce/2011-July/msg00032.html"], "pluginID": "1361412562310870699", "description": "Check for the Version of icedtea-web", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-06-06T00:00:00", "title": "RedHat Update for icedtea-web RHSA-2011:1100-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2513", "CVE-2011-2514"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310870699", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870699", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for icedtea-web RHSA-2011:1100-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The IcedTea-Web project provides a Java web browser plug-in and an\n implementation of Java Web Start, which is based on the Netx project. It\n also contains a configuration tool for managing deployment settings for the\n plug-in and Web Start implementations.\n\n A flaw was discovered in the JNLP (Java Network Launching Protocol)\n implementation in IcedTea-Web. An unsigned Java Web Start application\n could use this flaw to manipulate the content of a Security Warning\n dialog box, to trick a user into granting the application unintended access\n permissions to local files. (CVE-2011-2514)\n\n An information disclosure flaw was discovered in the JNLP implementation in\n IcedTea-Web. An unsigned Java Web Start application or Java applet could\n use this flaw to determine the path to the cache directory used to store\n downloaded Java class and archive files, and therefore determine the user's\n login name. (CVE-2011-2513)\n\n All icedtea-web users should upgrade to these updated packages, which\n contain backported patches to correct these issues.\";\n\ntag_affected = \"icedtea-web on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.870699\");\n script_version(\"$Revision: 9352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-06 10:50:25 +0530 (Wed, 06 Jun 2012)\");\n script_cve_id(\"CVE-2011-2513\", \"CVE-2011-2514\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2011:1100-01\");\n script_name(\"RedHat Update for icedtea-web RHSA-2011:1100-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of icedtea-web\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-July/msg00032.html\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.0.4~2.el6_1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"icedtea-web-debuginfo\", rpm:\"icedtea-web-debuginfo~1.0.4~2.el6_1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:49", "references": ["2011-9523", "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063264.html"], "pluginID": "863397", "description": "Check for the Version of java-1.6.0-openjdk", "edition": 2, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-08-12T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for java-1.6.0-openjdk FEDORA-2011-9523", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0865", "CVE-2011-0868", "CVE-2010-4448", "CVE-2010-4465", "CVE-2011-0869", "CVE-2010-4469", "CVE-2010-4450", "CVE-2011-2513", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2011-0870", "CVE-2011-0815", "CVE-2011-0867", "CVE-2011-0025", "CVE-2010-4470", "CVE-2011-0822", "CVE-2011-0864", "CVE-2011-0706", "CVE-2011-0862", "CVE-2011-0871", "CVE-2011-0872"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=863397", "id": "OPENVAS:863397", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for java-1.6.0-openjdk FEDORA-2011-9523\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"java-1.6.0-openjdk on Fedora 14\";\ntag_insight = \"The OpenJDK runtime environment.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063264.html\");\n script_id(863397);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-12 15:49:01 +0200 (Fri, 12 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-9523\");\n script_cve_id(\"CVE-2011-2513\", \"CVE-2011-0872\", \"CVE-2011-0865\", \"CVE-2011-0815\",\n \"CVE-2011-0822\", \"CVE-2011-0862\", \"CVE-2011-0867\", \"CVE-2011-0869\",\n \"CVE-2011-0870\", \"CVE-2011-0868\", \"CVE-2011-0871\", \"CVE-2011-0864\",\n \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4448\",\n \"CVE-2010-4450\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2011-0706\",\n \"CVE-2010-4476\", \"CVE-2011-0025\");\n script_name(\"Fedora Update for java-1.6.0-openjdk FEDORA-2011-9523\");\n\n script_summary(\"Check for the Version of java-1.6.0-openjdk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~54.1.9.9.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:02:52", "references": ["2011-9523", "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063264.html"], "pluginID": "1361412562310863397", "description": "Check for the Version of java-1.6.0-openjdk", "edition": 4, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-08-12T00:00:00", "title": "Fedora Update for java-1.6.0-openjdk FEDORA-2011-9523", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0865", "CVE-2011-0868", "CVE-2010-4448", "CVE-2010-4465", "CVE-2011-0869", "CVE-2010-4469", "CVE-2010-4450", "CVE-2011-2513", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2011-0870", "CVE-2011-0815", "CVE-2011-0867", "CVE-2011-0025", "CVE-2010-4470", "CVE-2011-0822", "CVE-2011-0864", "CVE-2011-0706", "CVE-2011-0862", "CVE-2011-0871", "CVE-2011-0872"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310863397", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863397", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for java-1.6.0-openjdk FEDORA-2011-9523\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"java-1.6.0-openjdk on Fedora 14\";\ntag_insight = \"The OpenJDK runtime environment.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063264.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863397\");\n script_version(\"$Revision: 9371 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:55:06 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-12 15:49:01 +0200 (Fri, 12 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-9523\");\n script_cve_id(\"CVE-2011-2513\", \"CVE-2011-0872\", \"CVE-2011-0865\", \"CVE-2011-0815\",\n \"CVE-2011-0822\", \"CVE-2011-0862\", \"CVE-2011-0867\", \"CVE-2011-0869\",\n \"CVE-2011-0870\", \"CVE-2011-0868\", \"CVE-2011-0871\", \"CVE-2011-0864\",\n \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4448\",\n \"CVE-2010-4450\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2011-0706\",\n \"CVE-2010-4476\", \"CVE-2011-0025\");\n script_name(\"Fedora Update for java-1.6.0-openjdk FEDORA-2011-9523\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of java-1.6.0-openjdk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~54.1.9.9.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:02:35", "references": ["2011-14638", "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068450.html"], "pluginID": "1361412562310863588", "description": "Check for the Version of java-1.6.0-openjdk", "edition": 4, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-10-21T00:00:00", "title": "Fedora Update for java-1.6.0-openjdk FEDORA-2011-14638", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0865", "CVE-2011-3557", "CVE-2011-3551", "CVE-2011-0868", "CVE-2010-4448", "CVE-2010-4465", "CVE-2011-0869", "CVE-2011-3548", "CVE-2011-3547", "CVE-2010-4469", "CVE-2011-3521", "CVE-2011-3389", "CVE-2010-4450", "CVE-2011-3544", "CVE-2011-2513", "CVE-2011-3558", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2011-0870", "CVE-2011-0815", "CVE-2011-3554", "CVE-2011-0867", "CVE-2011-0025", "CVE-2011-3556", "CVE-2010-4470", "CVE-2011-0822", "CVE-2011-3560", "CVE-2011-0864", "CVE-2011-3552", "CVE-2011-0706", "CVE-2011-0862", "CVE-2011-0871", "CVE-2011-0872"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310863588", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863588", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for java-1.6.0-openjdk FEDORA-2011-14638\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"java-1.6.0-openjdk on Fedora 14\";\ntag_insight = \"The OpenJDK runtime environment.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068450.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863588\");\n script_version(\"$Revision: 9371 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:55:06 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-21 16:31:29 +0200 (Fri, 21 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-14638\");\n script_cve_id(\"CVE-2011-3547\", \"CVE-2011-3548\", \"CVE-2011-3551\", \"CVE-2011-3552\",\n \"CVE-2011-3544\", \"CVE-2011-3521\", \"CVE-2011-3554\", \"CVE-2011-3389\",\n \"CVE-2011-3558\", \"CVE-2011-3556\", \"CVE-2011-3557\", \"CVE-2011-3560\",\n \"CVE-2011-2513\", \"CVE-2011-0872\", \"CVE-2011-0865\", \"CVE-2011-0815\",\n \"CVE-2011-0822\", \"CVE-2011-0862\", \"CVE-2011-0867\", \"CVE-2011-0869\",\n \"CVE-2011-0870\", \"CVE-2011-0868\", \"CVE-2011-0871\", \"CVE-2011-0864\",\n \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4448\",\n \"CVE-2010-4450\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2011-0706\",\n \"CVE-2010-4476\", \"CVE-2011-0025\");\n script_name(\"Fedora Update for java-1.6.0-openjdk FEDORA-2011-14638\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of java-1.6.0-openjdk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~55.1.9.10.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:39:24", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.4-2.el6_1", "arch": "i686", "packageFilename": "icedtea-web-javadoc-1.0.4-2.el6_1.i686.rpm", "packageName": "icedtea-web-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.4-2.el6_1", "arch": "src", "packageFilename": "icedtea-web-1.0.4-2.el6_1.src.rpm", "packageName": "icedtea-web", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.4-2.el6_1", "arch": "src", "packageFilename": "icedtea-web-1.0.4-2.el6_1.src.rpm", "packageName": "icedtea-web", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.4-2.el6_1", "arch": "x86_64", "packageFilename": "icedtea-web-javadoc-1.0.4-2.el6_1.x86_64.rpm", "packageName": "icedtea-web-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.4-2.el6_1", "arch": "i686", "packageFilename": "icedtea-web-1.0.4-2.el6_1.i686.rpm", "packageName": "icedtea-web", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.4-2.el6_1", "arch": "x86_64", "packageFilename": "icedtea-web-1.0.4-2.el6_1.x86_64.rpm", "packageName": "icedtea-web", "operator": "lt"}], "description": "[1.0.4-2]\n- Added patch to make plugin table size mismatch a warning instead of error\n[1.0.4-1]\n- Bump to 1.0.4\n- Resolves rhbz#718180", "edition": 3, "reporter": "Oracle", "published": "2011-07-27T00:00:00", "title": "icedtea-web security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-2513", "CVE-2011-2514"], "modified": "2011-07-27T00:00:00", "id": "ELSA-2011-1100", "href": "http://linux.oracle.com/errata/ELSA-2011-1100.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-09-01T23:43:04", "references": ["http://www.nessus.org/u?a75c64de"], "pluginID": "61098", "description": "The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project.\nIt also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations.\n\nA flaw was discovered in the JNLP (Java Network Launching Protocol) implementation in IcedTea-Web. An unsigned Java Web Start application could use this flaw to manipulate the content of a Security Warning dialog box, to trick a user into granting the application unintended access permissions to local files. (CVE-2011-2514)\n\nAn information disclosure flaw was discovered in the JNLP implementation in IcedTea-Web. An unsigned Java Web Start application or Java applet could use this flaw to determine the path to the cache directory used to store downloaded Java class and archive files, and therefore determine the user's login name. (CVE-2011-2513)\n\nAll icedtea-web users should upgrade to these updated packages, which contain backported patches to correct these issues.", "edition": 4, "reporter": "Tenable", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : icedtea-web on SL6.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2513", "CVE-2011-2514"], "modified": "2014-05-15T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110727_ICEDTEA_WEB_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=61098", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61098);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2014/05/15 12:33:13 $\");\n\n script_cve_id(\"CVE-2011-2513\", \"CVE-2011-2514\");\n\n script_name(english:\"Scientific Linux Security Update : icedtea-web on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The IcedTea-Web project provides a Java web browser plug-in and an\nimplementation of Java Web Start, which is based on the Netx project.\nIt also contains a configuration tool for managing deployment settings\nfor the plug-in and Web Start implementations.\n\nA flaw was discovered in the JNLP (Java Network Launching Protocol)\nimplementation in IcedTea-Web. An unsigned Java Web Start application\ncould use this flaw to manipulate the content of a Security Warning\ndialog box, to trick a user into granting the application unintended\naccess permissions to local files. (CVE-2011-2514)\n\nAn information disclosure flaw was discovered in the JNLP\nimplementation in IcedTea-Web. An unsigned Java Web Start application\nor Java applet could use this flaw to determine the path to the cache\ndirectory used to store downloaded Java class and archive files, and\ntherefore determine the user's login name. (CVE-2011-2513)\n\nAll icedtea-web users should upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1107&L=scientific-linux-errata&T=0&P=2438\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a75c64de\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected icedtea-web and / or icedtea-web-javadoc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"icedtea-web-1.0.4-2.el6_1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"icedtea-web-javadoc-1.0.4-2.el6_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:52:05", "references": [], "pluginID": "55718", "description": "Omair Majid discovered that an unsigned Web Start application or applet could determine the path to the cache directory used to store downloaded class and jar files by querying class loader properties.\nThis could allow a remote attacker to discover a user's name and home directory path. (CVE-2011-2513)\n\nOmair Majid discovered that an unsigned Web Start application could manipulate the content of the security warning dialog message to show different file names in prompts. This could allow a remote attacker to confuse a user into granting access to a different file than they believe they are granting access to. This issue only affected Ubuntu 11.04. (CVE-2011-2514).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2011-07-28T00:00:00", "title": "Ubuntu 10.04 LTS / 10.10 / 11.04 : icedtea-web, openjdk-6, openjdk-6b18 vulnerabilities (USN-1178-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2513", "CVE-2011-2514"], "modified": "2016-05-26T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:icedtea-netx", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "p-cpe:/a:canonical:ubuntu_linux:icedtea6-plugin", "p-cpe:/a:canonical:ubuntu_linux:icedtea-plugin"], "id": "UBUNTU_USN-1178-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=55718", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1178-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55718);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2016/05/26 16:14:08 $\");\n\n script_cve_id(\"CVE-2011-2513\", \"CVE-2011-2514\");\n script_bugtraq_id(48829);\n script_xref(name:\"USN\", value:\"1178-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 10.10 / 11.04 : icedtea-web, openjdk-6, openjdk-6b18 vulnerabilities (USN-1178-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Omair Majid discovered that an unsigned Web Start application or\napplet could determine the path to the cache directory used to store\ndownloaded class and jar files by querying class loader properties.\nThis could allow a remote attacker to discover a user's name and home\ndirectory path. (CVE-2011-2513)\n\nOmair Majid discovered that an unsigned Web Start application could\nmanipulate the content of the security warning dialog message to show\ndifferent file names in prompts. This could allow a remote attacker to\nconfuse a user into granting access to a different file than they\nbelieve they are granting access to. This issue only affected Ubuntu\n11.04. (CVE-2011-2514).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected icedtea-netx, icedtea-plugin and / or\nicedtea6-plugin packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea-netx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea6-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2016 Canonical, Inc. / NASL script (C) 2011-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(10\\.04|10\\.10|11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 10.10 / 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"icedtea6-plugin\", pkgver:\"6b20-1.9.9-0ubuntu1~10.04.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"icedtea6-plugin\", pkgver:\"6b20-1.9.9-0ubuntu1~10.10.2\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"icedtea-netx\", pkgver:\"1.1.1-0ubuntu1~11.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"icedtea-plugin\", pkgver:\"1.1.1-0ubuntu1~11.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-netx / icedtea-plugin / icedtea6-plugin\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:37:03", "references": ["https://www.redhat.com/security/data/cve/CVE-2011-2514.html", "http://rhn.redhat.com/errata/RHSA-2011-1100.html", "https://www.redhat.com/security/data/cve/CVE-2011-2513.html"], "pluginID": "55710", "description": "Updated icedtea-web packages that fix two security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project.\nIt also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations.\n\nA flaw was discovered in the JNLP (Java Network Launching Protocol) implementation in IcedTea-Web. An unsigned Java Web Start application could use this flaw to manipulate the content of a Security Warning dialog box, to trick a user into granting the application unintended access permissions to local files. (CVE-2011-2514)\n\nAn information disclosure flaw was discovered in the JNLP implementation in IcedTea-Web. An unsigned Java Web Start application or Java applet could use this flaw to determine the path to the cache directory used to store downloaded Java class and archive files, and therefore determine the user's login name. (CVE-2011-2513)\n\nAll icedtea-web users should upgrade to these updated packages, which contain backported patches to correct these issues.", "edition": 5, "reporter": "Tenable", "published": "2011-07-28T00:00:00", "title": "RHEL 6 : icedtea-web (RHSA-2011:1100)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2513", "CVE-2011-2514"], "modified": "2017-01-04T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:icedtea-web-debuginfo", "cpe:/o:redhat:enterprise_linux:6.1", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:icedtea-web-javadoc", "p-cpe:/a:redhat:enterprise_linux:icedtea-web"], "id": "REDHAT-RHSA-2011-1100.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=55710", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1100. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55710);\n script_version (\"$Revision: 1.11 $\");\n script_cvs_date(\"$Date: 2017/01/04 16:02:22 $\");\n\n script_cve_id(\"CVE-2011-2513\", \"CVE-2011-2514\");\n script_bugtraq_id(48829);\n script_xref(name:\"RHSA\", value:\"2011:1100\");\n\n script_name(english:\"RHEL 6 : icedtea-web (RHSA-2011:1100)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated icedtea-web packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe IcedTea-Web project provides a Java web browser plug-in and an\nimplementation of Java Web Start, which is based on the Netx project.\nIt also contains a configuration tool for managing deployment settings\nfor the plug-in and Web Start implementations.\n\nA flaw was discovered in the JNLP (Java Network Launching Protocol)\nimplementation in IcedTea-Web. An unsigned Java Web Start application\ncould use this flaw to manipulate the content of a Security Warning\ndialog box, to trick a user into granting the application unintended\naccess permissions to local files. (CVE-2011-2514)\n\nAn information disclosure flaw was discovered in the JNLP\nimplementation in IcedTea-Web. An unsigned Java Web Start application\nor Java applet could use this flaw to determine the path to the cache\ndirectory used to store downloaded Java class and archive files, and\ntherefore determine the user's login name. (CVE-2011-2513)\n\nAll icedtea-web users should upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-2513.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-2514.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2011-1100.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected icedtea-web, icedtea-web-debuginfo and / or\nicedtea-web-javadoc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:icedtea-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:icedtea-web-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:icedtea-web-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1100\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"icedtea-web-1.0.4-2.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"icedtea-web-1.0.4-2.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"icedtea-web-debuginfo-1.0.4-2.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"icedtea-web-debuginfo-1.0.4-2.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"icedtea-web-javadoc-1.0.4-2.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"icedtea-web-javadoc-1.0.4-2.el6_1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-web / icedtea-web-debuginfo / icedtea-web-javadoc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:36:00", "references": ["http://www.nessus.org/u?b664113b", "https://bugzilla.redhat.com/show_bug.cgi?id=718164", "https://bugzilla.redhat.com/show_bug.cgi?id=718170"], "pluginID": "55663", "description": "This security fix that addresses the following issues :\n\n - RH718164: Home directory path disclosure to untrusted applications\n\n - RH718170: Java Web Start security warning dialog manipulation\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2011-07-25T00:00:00", "title": "Fedora 15 : icedtea-web-1.0.4-1.fc15 (2011-9541)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2513", "CVE-2011-2514"], "modified": "2016-05-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:icedtea-web", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2011-9541.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=55663", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-9541.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55663);\n script_version(\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2016/05/11 13:32:17 $\");\n\n script_cve_id(\"CVE-2011-2513\", \"CVE-2011-2514\");\n script_bugtraq_id(48829);\n script_xref(name:\"FEDORA\", value:\"2011-9541\");\n\n script_name(english:\"Fedora 15 : icedtea-web-1.0.4-1.fc15 (2011-9541)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This security fix that addresses the following issues :\n\n - RH718164: Home directory path disclosure to untrusted\n applications\n\n - RH718170: Java Web Start security warning dialog\n manipulation\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=718164\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=718170\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-July/062852.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b664113b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected icedtea-web package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:icedtea-web\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"icedtea-web-1.0.4-1.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-web\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:11:14", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=704309", "http://lists.opensuse.org/opensuse-updates/2011-07/msg00032.html"], "pluginID": "75864", "description": "This update of icedtea/icedtea-web fixes two issues :\n\n - CVE-2011-2513: CVSS v2 Base Score: 4.3: An information leak allows unsigned Web Start applications to determine the path to the cache directory used to store downloaded class and jar files.\n\n - CVE-2011-2514: CVSS v2 Base Score: 5.1 An unsigned Web Start application could manipulate content of the security warning dialog message to show different file name in prompts.", "edition": 4, "reporter": "Tenable", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : icedtea-web (openSUSE-SU-2011:0829-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2513", "CVE-2011-2514"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:icedtea-web-javadoc", "cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:icedtea-web"], "id": "SUSE_11_4_ICEDTEA-WEB-110721.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75864", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update icedtea-web-4910.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75864);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/06/13 22:10:33 $\");\n\n script_cve_id(\"CVE-2011-2513\", \"CVE-2011-2514\");\n\n script_name(english:\"openSUSE Security Update : icedtea-web (openSUSE-SU-2011:0829-1)\");\n script_summary(english:\"Check for the icedtea-web-4910 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of icedtea/icedtea-web fixes two issues :\n\n - CVE-2011-2513: CVSS v2 Base Score: 4.3: An information\n leak allows unsigned Web Start applications to determine\n the path to the cache directory used to store downloaded\n class and jar files.\n\n - CVE-2011-2514: CVSS v2 Base Score: 5.1 An unsigned Web\n Start application could manipulate content of the\n security warning dialog message to show different file\n name in prompts.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2011-07/msg00032.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=704309\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected icedtea-web packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icedtea-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icedtea-web-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"icedtea-web-1.1-0.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"icedtea-web-javadoc-1.1-0.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-web\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:49:58", "references": ["https://oss.oracle.com/pipermail/el-errata/2011-July/002247.html"], "pluginID": "68314", "description": "From Red Hat Security Advisory 2011:1100 :\n\nUpdated icedtea-web packages that fix two security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project.\nIt also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations.\n\nA flaw was discovered in the JNLP (Java Network Launching Protocol) implementation in IcedTea-Web. An unsigned Java Web Start application could use this flaw to manipulate the content of a Security Warning dialog box, to trick a user into granting the application unintended access permissions to local files. (CVE-2011-2514)\n\nAn information disclosure flaw was discovered in the JNLP implementation in IcedTea-Web. An unsigned Java Web Start application or Java applet could use this flaw to determine the path to the cache directory used to store downloaded Java class and archive files, and therefore determine the user's login name. (CVE-2011-2513)\n\nAll icedtea-web users should upgrade to these updated packages, which contain backported patches to correct these issues.", "edition": 4, "reporter": "Tenable", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 6 : icedtea-web (ELSA-2011-1100)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2513", "CVE-2011-2514"], "modified": "2016-05-06T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:icedtea-web-javadoc", "p-cpe:/a:oracle:linux:icedtea-web"], "id": "ORACLELINUX_ELSA-2011-1100.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68314", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:1100 and \n# Oracle Linux Security Advisory ELSA-2011-1100 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68314);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2016/05/06 16:53:48 $\");\n\n script_cve_id(\"CVE-2011-2513\", \"CVE-2011-2514\");\n script_bugtraq_id(48829);\n script_xref(name:\"RHSA\", value:\"2011:1100\");\n\n script_name(english:\"Oracle Linux 6 : icedtea-web (ELSA-2011-1100)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:1100 :\n\nUpdated icedtea-web packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe IcedTea-Web project provides a Java web browser plug-in and an\nimplementation of Java Web Start, which is based on the Netx project.\nIt also contains a configuration tool for managing deployment settings\nfor the plug-in and Web Start implementations.\n\nA flaw was discovered in the JNLP (Java Network Launching Protocol)\nimplementation in IcedTea-Web. An unsigned Java Web Start application\ncould use this flaw to manipulate the content of a Security Warning\ndialog box, to trick a user into granting the application unintended\naccess permissions to local files. (CVE-2011-2514)\n\nAn information disclosure flaw was discovered in the JNLP\nimplementation in IcedTea-Web. An unsigned Java Web Start application\nor Java applet could use this flaw to determine the path to the cache\ndirectory used to store downloaded Java class and archive files, and\ntherefore determine the user's login name. (CVE-2011-2513)\n\nAll icedtea-web users should upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-July/002247.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected icedtea-web packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:icedtea-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:icedtea-web-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"icedtea-web-1.0.4-2.el6_1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"icedtea-web-javadoc-1.0.4-2.el6_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-web / icedtea-web-javadoc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:38:46", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=718164", "http://www.nessus.org/u?f8716084"], "pluginID": "55751", "description": "- PR744: icedtea6-1.10.2 : patching error\n\n - PR748: Icedtea6 fails to build with Linux 3.0.\n\n - RH718164, CVE-2011-2513: Home directory path disclosure to untrusted applications\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 6, "reporter": "Tenable", "published": "2011-08-02T00:00:00", "title": "Fedora 14 : java-1.6.0-openjdk-1.6.0.0-54.1.9.9.fc14 (2011-9523)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2513"], "modified": "2018-07-12T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:14", "p-cpe:/a:fedoraproject:fedora:java-1.6.0-openjdk"], "id": "FEDORA_2011-9523.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=55751", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-9523.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55751);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/07/12 15:01:52\");\n\n script_cve_id(\"CVE-2011-2513\");\n script_bugtraq_id(48829);\n script_xref(name:\"FEDORA\", value:\"2011-9523\");\n\n script_name(english:\"Fedora 14 : java-1.6.0-openjdk-1.6.0.0-54.1.9.9.fc14 (2011-9523)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - PR744: icedtea6-1.10.2 : patching error\n\n - PR748: Icedtea6 fails to build with Linux 3.0.\n\n - RH718164, CVE-2011-2513: Home directory path\n disclosure to untrusted applications\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=718164\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-August/063264.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f8716084\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"java-1.6.0-openjdk-1.6.0.0-54.1.9.9.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "redhat": [{"lastseen": "2018-06-12T21:10:45", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.4-2.el6_1", "arch": "i686", "packageName": "icedtea-web-debuginfo", "packageFilename": "icedtea-web-debuginfo-1.0.4-2.el6_1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.4-2.el6_1", "arch": "src", "packageName": "icedtea-web", "packageFilename": "icedtea-web-1.0.4-2.el6_1.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.4-2.el6_1", "arch": "x86_64", "packageName": "icedtea-web-debuginfo", "packageFilename": "icedtea-web-debuginfo-1.0.4-2.el6_1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.4-2.el6_1", "arch": "i686", "packageName": "icedtea-web-javadoc", "packageFilename": "icedtea-web-javadoc-1.0.4-2.el6_1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.4-2.el6_1", "arch": "x86_64", "packageName": "icedtea-web-javadoc", "packageFilename": "icedtea-web-javadoc-1.0.4-2.el6_1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.4-2.el6_1", "arch": "i686", "packageName": "icedtea-web", "packageFilename": "icedtea-web-1.0.4-2.el6_1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.4-2.el6_1", "arch": "x86_64", "packageName": "icedtea-web", "packageFilename": "icedtea-web-1.0.4-2.el6_1.x86_64.rpm", "operator": "lt"}], "description": "The IcedTea-Web project provides a Java web browser plug-in and an\nimplementation of Java Web Start, which is based on the Netx project. It\nalso contains a configuration tool for managing deployment settings for the\nplug-in and Web Start implementations.\n\nA flaw was discovered in the JNLP (Java Network Launching Protocol)\nimplementation in IcedTea-Web. An unsigned Java Web Start application\ncould use this flaw to manipulate the content of a Security Warning\ndialog box, to trick a user into granting the application unintended access\npermissions to local files. (CVE-2011-2514)\n\nAn information disclosure flaw was discovered in the JNLP implementation in\nIcedTea-Web. An unsigned Java Web Start application or Java applet could\nuse this flaw to determine the path to the cache directory used to store\ndownloaded Java class and archive files, and therefore determine the user's\nlogin name. (CVE-2011-2513)\n\nAll icedtea-web users should upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n", "reporter": "RedHat", "published": "2011-07-27T04:00:00", "type": "redhat", "title": "(RHSA-2011:1100) Moderate: icedtea-web security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-2513", "CVE-2011-2514"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:19", "id": "RHSA-2011:1100", "href": "https://access.redhat.com/errata/RHSA-2011:1100", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}