{"id": "SUSE_11_3_JAVA-1_6_0-OPENJDK-110228.NASL", "bulletinFamily": "scanner", "title": "openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2011:0155-1)", "description": "Multiple vulnerabilities were fixed in java-1_6_0-openjdk :\n\n - CVE-2010-4448: CVSS v2 Base Score: 2.6\n (AV:N/AC:H/Au:N/C:N/I:P/A:N): DNS cache poisoning by\n untrusted applets\n\n - CVE-2010-4450: CVSS v2 Base Score: 3.7\n (AV:L/AC:H/Au:N/C:P/I:P/A:P): Launcher incorrect\n processing of empty library path entries\n\n - CVE-2010-4465: CVSS v2 Base Score: 6.8\n (AV:N/AC:M/Au:N/C:P/I:P/A:P): Swing timer-based security\n manager bypass\n\n - CVE-2010-4469: CVSS v2 Base Score: 6.8\n (AV:N/AC:M/Au:N/C:P/I:P/A:P): Hotspot backward jsr heap\n corruption\n\n - CVE-2010-4470: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:N/A:P): JAXP untrusted component\n state manipulation\n\n - CVE-2010-4471: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:P/A:N): Java2D font-related system\n property leak\n\n - CVE-2010-4472: CVSS v2 Base Score: 2.6\n (AV:N/AC:H/Au:N/C:P/I:N/A:N): Untrusted code allowed to\n replace DSIG/C14N implementation\n\n - CVE-2011-0706: CVSS v2 Base Score: 7.5\n (AV:N/AC:L/Au:N/C:P/I:P/A:P): Permissions, Privileges,\n and Access Control (CWE-264)", "published": "2014-06-13T00:00:00", "modified": "2018-11-10T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=75538", "reporter": "Tenable", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=671714", "https://lists.opensuse.org/opensuse-updates/2011-03/msg00002.html"], "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "type": "nessus", "lastseen": "2019-01-16T20:18:58", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:opensuse:java-1_6_0-openjdk", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-plugin", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src", "cpe:/o:novell:opensuse:11.3"], "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Multiple vulnerabilities were fixed in java-1_6_0-openjdk :\n\n - CVE-2010-4448: CVSS v2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N): DNS cache poisoning by untrusted applets\n\n - CVE-2010-4450: CVSS v2 Base Score: 3.7 (AV:L/AC:H/Au:N/C:P/I:P/A:P): Launcher incorrect processing of empty library path entries\n\n - CVE-2010-4465: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Swing timer-based security manager bypass\n\n - CVE-2010-4469: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Hotspot backward jsr heap corruption\n\n - CVE-2010-4470: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): JAXP untrusted component state manipulation\n\n - CVE-2010-4471: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N): Java2D font-related system property leak\n\n - CVE-2010-4472: CVSS v2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N): Untrusted code allowed to replace DSIG/C14N implementation\n\n - CVE-2011-0706: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P): Permissions, Privileges, and Access Control (CWE-264)", "edition": 4, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "d10ba9462c5e08d98a12fa02f4c0670919c5fe7233e5428aa9e9983d946cd1dd", "hashmap": [{"hash": "ba108aa9477fe558baacf8191d499319", "key": "pluginID"}, {"hash": "cb9cbcdc0fc65205de8abc272a97ef09", "key": "description"}, {"hash": "abdfd612d32fd01950b2fbb7f5ca3a8f", "key": "sourceData"}, {"hash": "f1e9b34374fd3816b0f9c82cf0593e1f", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "6b4fa4ea826cc1026155b12f8e45f580", "key": "references"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "published"}, {"hash": "a03d359fb0b4e439f50091cee1f89df6", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1bed64f708bbb3f59de6308ebe0d6210", "key": "href"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "3f41ecb853fd9b7494ce3fdc2790edf5", "key": "cpe"}, {"hash": "b87e473c8d53390ebb3768cd35381209", "key": "title"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=75538", "id": "SUSE_11_3_JAVA-1_6_0-OPENJDK-110228.NASL", "lastseen": "2018-08-10T17:18:21", "modified": "2018-08-09T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "75538", "published": "2014-06-13T00:00:00", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=671714", "http://lists.opensuse.org/opensuse-updates/2011-03/msg00002.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_6_0-openjdk-4038.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75538);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/08/09 13:09:35\");\n\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2011-0706\");\n\n script_name(english:\"openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2011:0155-1)\");\n script_summary(english:\"Check for the java-1_6_0-openjdk-4038 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were fixed in java-1_6_0-openjdk :\n\n - CVE-2010-4448: CVSS v2 Base Score: 2.6\n (AV:N/AC:H/Au:N/C:N/I:P/A:N): DNS cache poisoning by\n untrusted applets\n\n - CVE-2010-4450: CVSS v2 Base Score: 3.7\n (AV:L/AC:H/Au:N/C:P/I:P/A:P): Launcher incorrect\n processing of empty library path entries\n\n - CVE-2010-4465: CVSS v2 Base Score: 6.8\n (AV:N/AC:M/Au:N/C:P/I:P/A:P): Swing timer-based security\n manager bypass\n\n - CVE-2010-4469: CVSS v2 Base Score: 6.8\n (AV:N/AC:M/Au:N/C:P/I:P/A:P): Hotspot backward jsr heap\n corruption\n\n - CVE-2010-4470: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:N/A:P): JAXP untrusted component\n state manipulation\n\n - CVE-2010-4471: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:P/A:N): Java2D font-related system\n property leak\n\n - CVE-2010-4472: CVSS v2 Base Score: 2.6\n (AV:N/AC:H/Au:N/C:P/I:N/A:N): Untrusted code allowed to\n replace DSIG/C14N implementation\n\n - CVE-2011-0706: CVSS v2 Base Score: 7.5\n (AV:N/AC:L/Au:N/C:P/I:P/A:P): Permissions, Privileges,\n and Access Control (CWE-264)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2011-03/msg00002.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=671714\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_6_0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-demo-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-devel-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-javadoc-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-plugin-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-src-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_6_0-openjdk\");\n}\n", "title": "openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2011:0155-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-10T17:18:21"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Multiple vulnerabilities were fixed in java-1_6_0-openjdk :\n\n - CVE-2010-4448: CVSS v2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N): DNS cache poisoning by untrusted applets\n\n - CVE-2010-4450: CVSS v2 Base Score: 3.7 (AV:L/AC:H/Au:N/C:P/I:P/A:P): Launcher incorrect processing of empty library path entries\n\n - CVE-2010-4465: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Swing timer-based security manager bypass\n\n - CVE-2010-4469: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Hotspot backward jsr heap corruption\n\n - CVE-2010-4470: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): JAXP untrusted component state manipulation\n\n - CVE-2010-4471: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N): Java2D font-related system property leak\n\n - CVE-2010-4472: CVSS v2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N): Untrusted code allowed to replace DSIG/C14N implementation\n\n - CVE-2011-0706: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P): Permissions, Privileges, and Access Control (CWE-264)", "edition": 1, "enchantments": {}, "hash": "a3b236e27a62e1b74b3dc9effa14786d9b84d6d32d2102fddb27541ee356eb27", "hashmap": [{"hash": "ba108aa9477fe558baacf8191d499319", "key": "pluginID"}, {"hash": "cb9cbcdc0fc65205de8abc272a97ef09", "key": "description"}, {"hash": "f1e9b34374fd3816b0f9c82cf0593e1f", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "6b4fa4ea826cc1026155b12f8e45f580", "key": "references"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "265e72f1c17332868ae3819fcf0a6c9c", "key": "sourceData"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "modified"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1bed64f708bbb3f59de6308ebe0d6210", "key": "href"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "b87e473c8d53390ebb3768cd35381209", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=75538", "id": "SUSE_11_3_JAVA-1_6_0-OPENJDK-110228.NASL", "lastseen": "2016-09-26T17:25:18", "modified": "2014-06-13T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.2", "pluginID": "75538", "published": "2014-06-13T00:00:00", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=671714", "http://lists.opensuse.org/opensuse-updates/2011-03/msg00002.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_6_0-openjdk-4038.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75538);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/06/13 21:55:23 $\");\n\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2011-0706\");\n\n script_name(english:\"openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2011:0155-1)\");\n script_summary(english:\"Check for the java-1_6_0-openjdk-4038 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were fixed in java-1_6_0-openjdk :\n\n - CVE-2010-4448: CVSS v2 Base Score: 2.6\n (AV:N/AC:H/Au:N/C:N/I:P/A:N): DNS cache poisoning by\n untrusted applets\n\n - CVE-2010-4450: CVSS v2 Base Score: 3.7\n (AV:L/AC:H/Au:N/C:P/I:P/A:P): Launcher incorrect\n processing of empty library path entries\n\n - CVE-2010-4465: CVSS v2 Base Score: 6.8\n (AV:N/AC:M/Au:N/C:P/I:P/A:P): Swing timer-based security\n manager bypass\n\n - CVE-2010-4469: CVSS v2 Base Score: 6.8\n (AV:N/AC:M/Au:N/C:P/I:P/A:P): Hotspot backward jsr heap\n corruption\n\n - CVE-2010-4470: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:N/A:P): JAXP untrusted component\n state manipulation\n\n - CVE-2010-4471: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:P/A:N): Java2D font-related system\n property leak\n\n - CVE-2010-4472: CVSS v2 Base Score: 2.6\n (AV:N/AC:H/Au:N/C:P/I:N/A:N): Untrusted code allowed to\n replace DSIG/C14N implementation\n\n - CVE-2011-0706: CVSS v2 Base Score: 7.5\n (AV:N/AC:L/Au:N/C:P/I:P/A:P): Permissions, Privileges,\n and Access Control (CWE-264)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2011-03/msg00002.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=671714\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_6_0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-demo-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-devel-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-javadoc-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-plugin-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-src-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_6_0-openjdk\");\n}\n", "title": "openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2011:0155-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:25:18"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:opensuse:java-1_6_0-openjdk", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-plugin", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src", "cpe:/o:novell:opensuse:11.3"], "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Multiple vulnerabilities were fixed in java-1_6_0-openjdk :\n\n - CVE-2010-4448: CVSS v2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N): DNS cache poisoning by untrusted applets\n\n - CVE-2010-4450: CVSS v2 Base Score: 3.7 (AV:L/AC:H/Au:N/C:P/I:P/A:P): Launcher incorrect processing of empty library path entries\n\n - CVE-2010-4465: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Swing timer-based security manager bypass\n\n - CVE-2010-4469: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Hotspot backward jsr heap corruption\n\n - CVE-2010-4470: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): JAXP untrusted component state manipulation\n\n - CVE-2010-4471: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N): Java2D font-related system property leak\n\n - CVE-2010-4472: CVSS v2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N): Untrusted code allowed to replace DSIG/C14N implementation\n\n - CVE-2011-0706: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P): Permissions, Privileges, and Access Control (CWE-264)", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "7f67d906b8be6274441538f199d39941512a0651437e84c7f49bff6e50d365b4", "hashmap": [{"hash": "ba108aa9477fe558baacf8191d499319", "key": "pluginID"}, {"hash": "cb9cbcdc0fc65205de8abc272a97ef09", "key": "description"}, {"hash": "f1e9b34374fd3816b0f9c82cf0593e1f", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "6b4fa4ea826cc1026155b12f8e45f580", "key": "references"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "265e72f1c17332868ae3819fcf0a6c9c", "key": "sourceData"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "modified"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1bed64f708bbb3f59de6308ebe0d6210", "key": "href"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "3f41ecb853fd9b7494ce3fdc2790edf5", "key": "cpe"}, {"hash": "b87e473c8d53390ebb3768cd35381209", "key": "title"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=75538", "id": "SUSE_11_3_JAVA-1_6_0-OPENJDK-110228.NASL", "lastseen": "2017-10-29T13:40:37", "modified": "2014-06-13T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "75538", "published": "2014-06-13T00:00:00", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=671714", "http://lists.opensuse.org/opensuse-updates/2011-03/msg00002.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_6_0-openjdk-4038.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75538);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/06/13 21:55:23 $\");\n\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2011-0706\");\n\n script_name(english:\"openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2011:0155-1)\");\n script_summary(english:\"Check for the java-1_6_0-openjdk-4038 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were fixed in java-1_6_0-openjdk :\n\n - CVE-2010-4448: CVSS v2 Base Score: 2.6\n (AV:N/AC:H/Au:N/C:N/I:P/A:N): DNS cache poisoning by\n untrusted applets\n\n - CVE-2010-4450: CVSS v2 Base Score: 3.7\n (AV:L/AC:H/Au:N/C:P/I:P/A:P): Launcher incorrect\n processing of empty library path entries\n\n - CVE-2010-4465: CVSS v2 Base Score: 6.8\n (AV:N/AC:M/Au:N/C:P/I:P/A:P): Swing timer-based security\n manager bypass\n\n - CVE-2010-4469: CVSS v2 Base Score: 6.8\n (AV:N/AC:M/Au:N/C:P/I:P/A:P): Hotspot backward jsr heap\n corruption\n\n - CVE-2010-4470: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:N/A:P): JAXP untrusted component\n state manipulation\n\n - CVE-2010-4471: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:P/A:N): Java2D font-related system\n property leak\n\n - CVE-2010-4472: CVSS v2 Base Score: 2.6\n (AV:N/AC:H/Au:N/C:P/I:N/A:N): Untrusted code allowed to\n replace DSIG/C14N implementation\n\n - CVE-2011-0706: CVSS v2 Base Score: 7.5\n (AV:N/AC:L/Au:N/C:P/I:P/A:P): Permissions, Privileges,\n and Access Control (CWE-264)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2011-03/msg00002.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=671714\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_6_0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-demo-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-devel-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-javadoc-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-plugin-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-src-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_6_0-openjdk\");\n}\n", "title": "openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2011:0155-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:40:37"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:opensuse:java-1_6_0-openjdk", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-plugin", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src", "cpe:/o:novell:opensuse:11.3"], "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Multiple vulnerabilities were fixed in java-1_6_0-openjdk :\n\n - CVE-2010-4448: CVSS v2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N): DNS cache poisoning by untrusted applets\n\n - CVE-2010-4450: CVSS v2 Base Score: 3.7 (AV:L/AC:H/Au:N/C:P/I:P/A:P): Launcher incorrect processing of empty library path entries\n\n - CVE-2010-4465: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Swing timer-based security manager bypass\n\n - CVE-2010-4469: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Hotspot backward jsr heap corruption\n\n - CVE-2010-4470: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): JAXP untrusted component state manipulation\n\n - CVE-2010-4471: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N): Java2D font-related system property leak\n\n - CVE-2010-4472: CVSS v2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N): Untrusted code allowed to replace DSIG/C14N implementation\n\n - CVE-2011-0706: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P): Permissions, Privileges, and Access Control (CWE-264)", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "795ff50da4d88c0bfdcb67534a729a85ae047dea3ca5b1e7510de6acbd6107c0", "hashmap": [{"hash": "ba108aa9477fe558baacf8191d499319", "key": "pluginID"}, {"hash": "cb9cbcdc0fc65205de8abc272a97ef09", "key": "description"}, {"hash": "f1e9b34374fd3816b0f9c82cf0593e1f", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "6b4fa4ea826cc1026155b12f8e45f580", "key": "references"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "4867c03e6d12c34bfe39d32c38729b6e", "key": "modified"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "published"}, {"hash": "b0c241d67108a1c6bc87626bacc30912", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1bed64f708bbb3f59de6308ebe0d6210", "key": "href"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "3f41ecb853fd9b7494ce3fdc2790edf5", "key": "cpe"}, {"hash": "b87e473c8d53390ebb3768cd35381209", "key": "title"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=75538", "id": "SUSE_11_3_JAVA-1_6_0-OPENJDK-110228.NASL", "lastseen": "2018-07-01T14:05:07", "modified": "2018-06-29T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "75538", "published": "2014-06-13T00:00:00", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=671714", "http://lists.opensuse.org/opensuse-updates/2011-03/msg00002.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_6_0-openjdk-4038.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75538);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/06/29 12:01:02\");\n\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2011-0706\");\n\n script_name(english:\"openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2011:0155-1)\");\n script_summary(english:\"Check for the java-1_6_0-openjdk-4038 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were fixed in java-1_6_0-openjdk :\n\n - CVE-2010-4448: CVSS v2 Base Score: 2.6\n (AV:N/AC:H/Au:N/C:N/I:P/A:N): DNS cache poisoning by\n untrusted applets\n\n - CVE-2010-4450: CVSS v2 Base Score: 3.7\n (AV:L/AC:H/Au:N/C:P/I:P/A:P): Launcher incorrect\n processing of empty library path entries\n\n - CVE-2010-4465: CVSS v2 Base Score: 6.8\n (AV:N/AC:M/Au:N/C:P/I:P/A:P): Swing timer-based security\n manager bypass\n\n - CVE-2010-4469: CVSS v2 Base Score: 6.8\n (AV:N/AC:M/Au:N/C:P/I:P/A:P): Hotspot backward jsr heap\n corruption\n\n - CVE-2010-4470: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:N/A:P): JAXP untrusted component\n state manipulation\n\n - CVE-2010-4471: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:P/A:N): Java2D font-related system\n property leak\n\n - CVE-2010-4472: CVSS v2 Base Score: 2.6\n (AV:N/AC:H/Au:N/C:P/I:N/A:N): Untrusted code allowed to\n replace DSIG/C14N implementation\n\n - CVE-2011-0706: CVSS v2 Base Score: 7.5\n (AV:N/AC:L/Au:N/C:P/I:P/A:P): Permissions, Privileges,\n and Access Control (CWE-264)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2011-03/msg00002.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=671714\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_6_0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-demo-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-devel-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-javadoc-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-plugin-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-src-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_6_0-openjdk\");\n}\n", "title": "openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2011:0155-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2018-07-01T14:05:07"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:opensuse:java-1_6_0-openjdk", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-plugin", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src", "cpe:/o:novell:opensuse:11.3"], "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Multiple vulnerabilities were fixed in java-1_6_0-openjdk :\n\n - CVE-2010-4448: CVSS v2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N): DNS cache poisoning by untrusted applets\n\n - CVE-2010-4450: CVSS v2 Base Score: 3.7 (AV:L/AC:H/Au:N/C:P/I:P/A:P): Launcher incorrect processing of empty library path entries\n\n - CVE-2010-4465: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Swing timer-based security manager bypass\n\n - CVE-2010-4469: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Hotspot backward jsr heap corruption\n\n - CVE-2010-4470: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): JAXP untrusted component state manipulation\n\n - CVE-2010-4471: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N): Java2D font-related system property leak\n\n - CVE-2010-4472: CVSS v2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N): Untrusted code allowed to replace DSIG/C14N implementation\n\n - CVE-2011-0706: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P): Permissions, Privileges, and Access Control (CWE-264)", "edition": 7, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "24d8f1ea1009fc7a287d23a1f24188a0ff62f0adfa0fc0f69788f33e544bef0b", "hashmap": [{"hash": "ba108aa9477fe558baacf8191d499319", "key": "pluginID"}, {"hash": "10cb00c0439f75ceed76e2717436d603", "key": "sourceData"}, {"hash": "cb9cbcdc0fc65205de8abc272a97ef09", "key": "description"}, {"hash": "f1e9b34374fd3816b0f9c82cf0593e1f", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "cf259fa2d0427cf04a2367914f8479b4", "key": "references"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "3c764d4cf584f9ded7aa4dcca57c78ff", "key": "modified"}, {"hash": "1bed64f708bbb3f59de6308ebe0d6210", "key": "href"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "3f41ecb853fd9b7494ce3fdc2790edf5", "key": "cpe"}, {"hash": "b87e473c8d53390ebb3768cd35381209", "key": "title"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=75538", "id": "SUSE_11_3_JAVA-1_6_0-OPENJDK-110228.NASL", "lastseen": "2018-11-13T16:59:22", "modified": "2018-11-10T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "75538", "published": "2014-06-13T00:00:00", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=671714", "https://lists.opensuse.org/opensuse-updates/2011-03/msg00002.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_6_0-openjdk-4038.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75538);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/11/10 11:49:59\");\n\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2011-0706\");\n\n script_name(english:\"openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2011:0155-1)\");\n script_summary(english:\"Check for the java-1_6_0-openjdk-4038 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were fixed in java-1_6_0-openjdk :\n\n - CVE-2010-4448: CVSS v2 Base Score: 2.6\n (AV:N/AC:H/Au:N/C:N/I:P/A:N): DNS cache poisoning by\n untrusted applets\n\n - CVE-2010-4450: CVSS v2 Base Score: 3.7\n (AV:L/AC:H/Au:N/C:P/I:P/A:P): Launcher incorrect\n processing of empty library path entries\n\n - CVE-2010-4465: CVSS v2 Base Score: 6.8\n (AV:N/AC:M/Au:N/C:P/I:P/A:P): Swing timer-based security\n manager bypass\n\n - CVE-2010-4469: CVSS v2 Base Score: 6.8\n (AV:N/AC:M/Au:N/C:P/I:P/A:P): Hotspot backward jsr heap\n corruption\n\n - CVE-2010-4470: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:N/A:P): JAXP untrusted component\n state manipulation\n\n - CVE-2010-4471: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:P/A:N): Java2D font-related system\n property leak\n\n - CVE-2010-4472: CVSS v2 Base Score: 2.6\n (AV:N/AC:H/Au:N/C:P/I:N/A:N): Untrusted code allowed to\n replace DSIG/C14N implementation\n\n - CVE-2011-0706: CVSS v2 Base Score: 7.5\n (AV:N/AC:L/Au:N/C:P/I:P/A:P): Permissions, Privileges,\n and Access Control (CWE-264)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=671714\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-03/msg00002.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_6_0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-demo-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-devel-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-javadoc-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-plugin-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-src-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_6_0-openjdk\");\n}\n", "title": "openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2011:0155-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 7, "lastseen": "2018-11-13T16:59:22"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:opensuse:java-1_6_0-openjdk", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-plugin", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src", "cpe:/o:novell:opensuse:11.3"], "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Multiple vulnerabilities were fixed in java-1_6_0-openjdk :\n\n - CVE-2010-4448: CVSS v2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N): DNS cache poisoning by untrusted applets\n\n - CVE-2010-4450: CVSS v2 Base Score: 3.7 (AV:L/AC:H/Au:N/C:P/I:P/A:P): Launcher incorrect processing of empty library path entries\n\n - CVE-2010-4465: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Swing timer-based security manager bypass\n\n - CVE-2010-4469: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Hotspot backward jsr heap corruption\n\n - CVE-2010-4470: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): JAXP untrusted component state manipulation\n\n - CVE-2010-4471: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N): Java2D font-related system property leak\n\n - CVE-2010-4472: CVSS v2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N): Untrusted code allowed to replace DSIG/C14N implementation\n\n - CVE-2011-0706: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P): Permissions, Privileges, and Access Control (CWE-264)", "edition": 6, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "d10ba9462c5e08d98a12fa02f4c0670919c5fe7233e5428aa9e9983d946cd1dd", "hashmap": [{"hash": "ba108aa9477fe558baacf8191d499319", "key": "pluginID"}, {"hash": "cb9cbcdc0fc65205de8abc272a97ef09", "key": "description"}, {"hash": "abdfd612d32fd01950b2fbb7f5ca3a8f", "key": "sourceData"}, {"hash": "f1e9b34374fd3816b0f9c82cf0593e1f", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "6b4fa4ea826cc1026155b12f8e45f580", "key": "references"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "published"}, {"hash": "a03d359fb0b4e439f50091cee1f89df6", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1bed64f708bbb3f59de6308ebe0d6210", "key": "href"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "3f41ecb853fd9b7494ce3fdc2790edf5", "key": "cpe"}, {"hash": "b87e473c8d53390ebb3768cd35381209", "key": "title"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=75538", "id": "SUSE_11_3_JAVA-1_6_0-OPENJDK-110228.NASL", "lastseen": "2018-09-01T23:53:45", "modified": "2018-08-09T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "75538", "published": "2014-06-13T00:00:00", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=671714", "http://lists.opensuse.org/opensuse-updates/2011-03/msg00002.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_6_0-openjdk-4038.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75538);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/08/09 13:09:35\");\n\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2011-0706\");\n\n script_name(english:\"openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2011:0155-1)\");\n script_summary(english:\"Check for the java-1_6_0-openjdk-4038 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were fixed in java-1_6_0-openjdk :\n\n - CVE-2010-4448: CVSS v2 Base Score: 2.6\n (AV:N/AC:H/Au:N/C:N/I:P/A:N): DNS cache poisoning by\n untrusted applets\n\n - CVE-2010-4450: CVSS v2 Base Score: 3.7\n (AV:L/AC:H/Au:N/C:P/I:P/A:P): Launcher incorrect\n processing of empty library path entries\n\n - CVE-2010-4465: CVSS v2 Base Score: 6.8\n (AV:N/AC:M/Au:N/C:P/I:P/A:P): Swing timer-based security\n manager bypass\n\n - CVE-2010-4469: CVSS v2 Base Score: 6.8\n (AV:N/AC:M/Au:N/C:P/I:P/A:P): Hotspot backward jsr heap\n corruption\n\n - CVE-2010-4470: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:N/A:P): JAXP untrusted component\n state manipulation\n\n - CVE-2010-4471: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:P/A:N): Java2D font-related system\n property leak\n\n - CVE-2010-4472: CVSS v2 Base Score: 2.6\n (AV:N/AC:H/Au:N/C:P/I:N/A:N): Untrusted code allowed to\n replace DSIG/C14N implementation\n\n - CVE-2011-0706: CVSS v2 Base Score: 7.5\n (AV:N/AC:L/Au:N/C:P/I:P/A:P): Permissions, Privileges,\n and Access Control (CWE-264)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2011-03/msg00002.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=671714\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_6_0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-demo-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-devel-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-javadoc-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-plugin-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-src-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_6_0-openjdk\");\n}\n", "title": "openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2011:0155-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["references", "modified", "sourceData"], "edition": 6, "lastseen": "2018-09-01T23:53:45"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:opensuse:java-1_6_0-openjdk", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-plugin", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src", "cpe:/o:novell:opensuse:11.3"], "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Multiple vulnerabilities were fixed in java-1_6_0-openjdk :\n\n - CVE-2010-4448: CVSS v2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N): DNS cache poisoning by untrusted applets\n\n - CVE-2010-4450: CVSS v2 Base Score: 3.7 (AV:L/AC:H/Au:N/C:P/I:P/A:P): Launcher incorrect processing of empty library path entries\n\n - CVE-2010-4465: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Swing timer-based security manager bypass\n\n - CVE-2010-4469: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Hotspot backward jsr heap corruption\n\n - CVE-2010-4470: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): JAXP untrusted component state manipulation\n\n - CVE-2010-4471: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N): Java2D font-related system property leak\n\n - CVE-2010-4472: CVSS v2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N): Untrusted code allowed to replace DSIG/C14N implementation\n\n - CVE-2011-0706: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P): Permissions, Privileges, and Access Control (CWE-264)", "edition": 5, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "17de63741487a47f6ee000c40be9de4f01eb56e97badccc16ef9f85bfb8aa74c", "hashmap": [{"hash": "ba108aa9477fe558baacf8191d499319", "key": "pluginID"}, {"hash": "cb9cbcdc0fc65205de8abc272a97ef09", "key": "description"}, {"hash": "abdfd612d32fd01950b2fbb7f5ca3a8f", "key": "sourceData"}, {"hash": "f1e9b34374fd3816b0f9c82cf0593e1f", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "6b4fa4ea826cc1026155b12f8e45f580", "key": "references"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "published"}, {"hash": "a03d359fb0b4e439f50091cee1f89df6", "key": "modified"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1bed64f708bbb3f59de6308ebe0d6210", "key": "href"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "3f41ecb853fd9b7494ce3fdc2790edf5", "key": "cpe"}, {"hash": "b87e473c8d53390ebb3768cd35381209", "key": "title"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=75538", "id": "SUSE_11_3_JAVA-1_6_0-OPENJDK-110228.NASL", "lastseen": "2018-08-30T19:47:56", "modified": "2018-08-09T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "75538", "published": "2014-06-13T00:00:00", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=671714", "http://lists.opensuse.org/opensuse-updates/2011-03/msg00002.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_6_0-openjdk-4038.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75538);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/08/09 13:09:35\");\n\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2011-0706\");\n\n script_name(english:\"openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2011:0155-1)\");\n script_summary(english:\"Check for the java-1_6_0-openjdk-4038 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were fixed in java-1_6_0-openjdk :\n\n - CVE-2010-4448: CVSS v2 Base Score: 2.6\n (AV:N/AC:H/Au:N/C:N/I:P/A:N): DNS cache poisoning by\n untrusted applets\n\n - CVE-2010-4450: CVSS v2 Base Score: 3.7\n (AV:L/AC:H/Au:N/C:P/I:P/A:P): Launcher incorrect\n processing of empty library path entries\n\n - CVE-2010-4465: CVSS v2 Base Score: 6.8\n (AV:N/AC:M/Au:N/C:P/I:P/A:P): Swing timer-based security\n manager bypass\n\n - CVE-2010-4469: CVSS v2 Base Score: 6.8\n (AV:N/AC:M/Au:N/C:P/I:P/A:P): Hotspot backward jsr heap\n corruption\n\n - CVE-2010-4470: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:N/A:P): JAXP untrusted component\n state manipulation\n\n - CVE-2010-4471: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:P/A:N): Java2D font-related system\n property leak\n\n - CVE-2010-4472: CVSS v2 Base Score: 2.6\n (AV:N/AC:H/Au:N/C:P/I:N/A:N): Untrusted code allowed to\n replace DSIG/C14N implementation\n\n - CVE-2011-0706: CVSS v2 Base Score: 7.5\n (AV:N/AC:L/Au:N/C:P/I:P/A:P): Permissions, Privileges,\n and Access Control (CWE-264)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2011-03/msg00002.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=671714\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_6_0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-demo-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-devel-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-javadoc-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-plugin-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-src-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_6_0-openjdk\");\n}\n", "title": "openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2011:0155-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 5, "lastseen": "2018-08-30T19:47:56"}], "edition": 8, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "3f41ecb853fd9b7494ce3fdc2790edf5"}, {"key": "cvelist", "hash": "f1e9b34374fd3816b0f9c82cf0593e1f"}, {"key": "cvss", "hash": "2bdabeb49c44761f9565717ab0e38165"}, {"key": "description", "hash": "961b02115d57b9f3a01bce7e198b3ca8"}, {"key": "href", "hash": "1bed64f708bbb3f59de6308ebe0d6210"}, {"key": "modified", "hash": "3c764d4cf584f9ded7aa4dcca57c78ff"}, {"key": "naslFamily", "hash": "71a40666da62ba38d22539c8277870c7"}, {"key": "pluginID", "hash": "ba108aa9477fe558baacf8191d499319"}, {"key": "published", "hash": "02fcc0c238d215158fbaabb854c5b3df"}, {"key": "references", "hash": "cf259fa2d0427cf04a2367914f8479b4"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "10cb00c0439f75ceed76e2717436d603"}, {"key": "title", "hash": "b87e473c8d53390ebb3768cd35381209"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "6e5e0a100fd8beba9fc8ca105b0fbcb5d716fe0f6be4dc028e7304b2b337433f", "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_6_0-openjdk-4038.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75538);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/11/10 11:49:59\");\n\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2011-0706\");\n\n script_name(english:\"openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2011:0155-1)\");\n script_summary(english:\"Check for the java-1_6_0-openjdk-4038 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were fixed in java-1_6_0-openjdk :\n\n - CVE-2010-4448: CVSS v2 Base Score: 2.6\n (AV:N/AC:H/Au:N/C:N/I:P/A:N): DNS cache poisoning by\n untrusted applets\n\n - CVE-2010-4450: CVSS v2 Base Score: 3.7\n (AV:L/AC:H/Au:N/C:P/I:P/A:P): Launcher incorrect\n processing of empty library path entries\n\n - CVE-2010-4465: CVSS v2 Base Score: 6.8\n (AV:N/AC:M/Au:N/C:P/I:P/A:P): Swing timer-based security\n manager bypass\n\n - CVE-2010-4469: CVSS v2 Base Score: 6.8\n (AV:N/AC:M/Au:N/C:P/I:P/A:P): Hotspot backward jsr heap\n corruption\n\n - CVE-2010-4470: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:N/A:P): JAXP untrusted component\n state manipulation\n\n - CVE-2010-4471: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:P/A:N): Java2D font-related system\n property leak\n\n - CVE-2010-4472: CVSS v2 Base Score: 2.6\n (AV:N/AC:H/Au:N/C:P/I:N/A:N): Untrusted code allowed to\n replace DSIG/C14N implementation\n\n - CVE-2011-0706: CVSS v2 Base Score: 7.5\n (AV:N/AC:L/Au:N/C:P/I:P/A:P): Permissions, Privileges,\n and Access Control (CWE-264)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=671714\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-03/msg00002.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_6_0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-demo-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-devel-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-javadoc-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-plugin-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"java-1_6_0-openjdk-src-1.6.0.0_b20.1.9.7-1.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_6_0-openjdk\");\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "75538", "cpe": ["p-cpe:/a:novell:opensuse:java-1_6_0-openjdk", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-plugin", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src", "cpe:/o:novell:opensuse:11.3"]}

{"openvas": [{"lastseen": "2017-12-04T11:26:36", "references": ["http://www.ubuntu.com/usn/usn-1079-1/", "1079-1"], "pluginID": "840607", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1079-1", "edition": 4, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-03-07T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "Ubuntu Update for openjdk-6 vulnerabilities USN-1079-1", "type": "openvas", "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "modified": "2017-12-01T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840607", "id": "OPENVAS:840607", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1079_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for openjdk-6 vulnerabilities USN-1079-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that untrusted Java applets could create domain\n name resolution cache entries, allowing an attacker to manipulate\n name resolution within the JVM. (CVE-2010-4448)\n\n It was discovered that the Java launcher did not did not properly\n setup the LD_LIBRARY_PATH environment variable. A local attacker\n could exploit this to execute arbitrary code as the user invoking\n the program. (CVE-2010-4450)\n \n It was discovered that within the Swing library, forged timer events\n could allow bypass of SecurityManager checks. This could allow an\n attacker to access restricted resources. (CVE-2010-4465)\n \n It was discovered that certain bytecode combinations confused memory\n management within the HotSpot JVM. This could allow an attacker to\n cause a denial of service through an application crash or possibly\n inject code. (CVE-2010-4469)\n \n It was discovered that the way JAXP components were handled\n allowed them to be manipulated by untrusted applets. An attacker\n could use this to bypass XML processing restrictions and elevate\n privileges. (CVE-2010-4470)\n \n It was discovered that the Java2D subcomponent, when processing broken\n CFF fonts could leak system properties. (CVE-2010-4471)\n \n It was discovered that a flaw in the XML Digital Signature\n component could allow an attacker to cause untrusted code to\n replace the XML Digital Signature Transform or C14N algorithm\n implementations. (CVE-2010-4472)\n \n Konstantin Prei&#223;er and others discovered that specific double literals\n were improperly handled, allowing a remote attacker to cause a denial\n of service. (CVE-2010-4476)\n \n It was discovered that the JNLPClassLoader class when handling multiple\n signatures allowed remote attackers to gain privileges due to the\n assignment of an inappropriate security descriptor. (CVE-2011-0706)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1079-1\";\ntag_affected = \"openjdk-6 vulnerabilities on Ubuntu 9.10 ,\n Ubuntu 10.04 LTS ,\n Ubuntu 10.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1079-1/\");\n script_id(840607);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-07 06:45:55 +0100 (Mon, 07 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1079-1\");\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2010-4476\", \"CVE-2011-0706\");\n script_name(\"Ubuntu Update for openjdk-6 vulnerabilities USN-1079-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea6-plugin\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea6-plugin\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea6-plugin\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:02:44", "references": ["http://www.ubuntu.com/usn/usn-1079-1/", "1079-1"], "pluginID": "1361412562310840607", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1079-1", "edition": 5, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-03-07T00:00:00", "title": "Ubuntu Update for openjdk-6 vulnerabilities USN-1079-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "modified": "2018-08-17T00:00:00", "id": "OPENVAS:1361412562310840607", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840607", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1079_1.nasl 11037 2018-08-17 11:51:16Z cfischer $\n#\n# Ubuntu Update for openjdk-6 vulnerabilities USN-1079-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1079-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840607\");\n script_version(\"$Revision: 11037 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-17 13:51:16 +0200 (Fri, 17 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-07 06:45:55 +0100 (Mon, 07 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1079-1\");\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2010-4476\", \"CVE-2011-0706\");\n script_name(\"Ubuntu Update for openjdk-6 vulnerabilities USN-1079-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(9\\.10|10\\.10|10\\.04 LTS)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1079-1\");\n script_tag(name:\"affected\", value:\"openjdk-6 vulnerabilities on Ubuntu 9.10,\n Ubuntu 10.04 LTS,\n Ubuntu 10.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that untrusted Java applets could create domain\n name resolution cache entries, allowing an attacker to manipulate\n name resolution within the JVM. (CVE-2010-4448)\n\n It was discovered that the Java launcher did not did not properly\n setup the LD_LIBRARY_PATH environment variable. A local attacker\n could exploit this to execute arbitrary code as the user invoking\n the program. (CVE-2010-4450)\n\n It was discovered that within the Swing library, forged timer events\n could allow bypass of SecurityManager checks. This could allow an\n attacker to access restricted resources. (CVE-2010-4465)\n\n It was discovered that certain bytecode combinations confused memory\n management within the HotSpot JVM. This could allow an attacker to\n cause a denial of service through an application crash or possibly\n inject code. (CVE-2010-4469)\n\n It was discovered that the way JAXP components were handled\n allowed them to be manipulated by untrusted applets. An attacker\n could use this to bypass XML processing restrictions and elevate\n privileges. (CVE-2010-4470)\n\n It was discovered that the Java2D subcomponent, when processing broken\n CFF fonts could leak system properties. (CVE-2010-4471)\n\n It was discovered that a flaw in the XML Digital Signature\n component could allow an attacker to cause untrusted code to\n replace the XML Digital Signature Transform or C14N algorithm\n implementations. (CVE-2010-4472)\n\n Konstantin Prei&#223;er and others discovered that specific double literals\n were improperly handled, allowing a remote attacker to cause a denial\n of service. (CVE-2010-4476)\n\n It was discovered that the JNLPClassLoader class when handling multiple\n signatures allowed remote attackers to gain privileges due to the\n assignment of an inappropriate security descriptor. (CVE-2011-0706)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea6-plugin\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea6-plugin\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea6-plugin\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-28T18:25:44", "references": ["http://linux.oracle.com/errata/ELSA-2011-0281.html"], "pluginID": "1361412562310122240", "description": "Oracle Linux Local Security Checks ELSA-2011-0281", "edition": 5, "reporter": "Eero Volotinen", "published": "2015-10-06T00:00:00", "title": "Oracle Linux Local Check: ELSA-2011-0281", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4470"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122240", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122240", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-0281.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122240\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:15:19 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-0281\");\n script_tag(name:\"insight\", value:\"ELSA-2011-0281 - java-1.6.0-openjdk security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-0281\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-0281.html\");\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4472\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.20.b17.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.20.b17.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.20.b17.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.20.b17.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.20.b17.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.39.b17.el6_0\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.39.b17.el6_0\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.39.b17.el6_0\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.39.b17.el6_0\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.39.b17.el6_0\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:58:21", "references": ["2011:0281", "http://lists.centos.org/pipermail/centos-announce/2011-April/017314.html"], "pluginID": "881416", "description": "Check for the Version of java", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-07-30T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "CentOS Update for java CESA-2011:0281 centos5 x86_64", "type": "openvas", "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470"], "modified": "2017-12-29T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881416", "id": "OPENVAS:881416", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2011:0281 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n A flaw was found in the Swing library. Forged TimerEvents could be used to\n bypass SecurityManager checks, allowing access to otherwise blocked files\n and directories. (CVE-2010-4465)\n \n A flaw was found in the HotSpot component in OpenJDK. Certain bytecode\n instructions confused the memory management within the Java Virtual Machine\n (JVM), which could lead to heap corruption. (CVE-2010-4469)\n \n A flaw was found in the way JAXP (Java API for XML Processing) components\n were handled, allowing them to be manipulated by untrusted applets. This\n could be used to elevate privileges and bypass secure XML processing\n restrictions. (CVE-2010-4470)\n \n It was found that untrusted applets could create and place cache entries in\n the name resolution cache. This could allow an attacker targeted\n manipulation over name resolution until the OpenJDK VM is restarted.\n (CVE-2010-4448)\n \n It was found that the Java launcher provided by OpenJDK did not check the\n LD_LIBRARY_PATH environment variable for insecure empty path elements. A\n local attacker able to trick a user into running the Java launcher while\n working from an attacker-writable directory could use this flaw to load an\n untrusted library, subverting the Java security model. (CVE-2010-4450)\n \n A flaw was found in the XML Digital Signature component in OpenJDK.\n Untrusted code could use this flaw to replace the Java Runtime Environment\n (JRE) XML Digital Signature Transform or C14N algorithm implementations to\n intercept digital signature operations. (CVE-2010-4472)\n \n Note: All of the above flaws can only be remotely triggered in OpenJDK by\n calling the &quot;appletviewer&quot; application.\n \n This update also provides one defense in depth patch. (BZ#676019)\n \n All users of java-1.6.0-openjdk are advised to upgrade to these updated\n packages, which resolve these issues. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\";\n\ntag_affected = \"java on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-April/017314.html\");\n script_id(881416);\n script_version(\"$Revision: 8257 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:49:38 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\",\n \"CVE-2010-4470\", \"CVE-2010-4472\", \"CVE-2010-4471\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2011:0281\");\n script_name(\"CentOS Update for java CESA-2011:0281 centos5 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:05:02", "references": ["2011:0281", "http://lists.centos.org/pipermail/centos-announce/2011-April/017313.html"], "pluginID": "1361412562310880559", "description": "Check for the Version of java", "edition": 4, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-08-09T00:00:00", "title": "CentOS Update for java CESA-2011:0281 centos5 i386", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880559", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880559", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2011:0281 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n A flaw was found in the Swing library. Forged TimerEvents could be used to\n bypass SecurityManager checks, allowing access to otherwise blocked files\n and directories. (CVE-2010-4465)\n \n A flaw was found in the HotSpot component in OpenJDK. Certain bytecode\n instructions confused the memory management within the Java Virtual Machine\n (JVM), which could lead to heap corruption. (CVE-2010-4469)\n \n A flaw was found in the way JAXP (Java API for XML Processing) components\n were handled, allowing them to be manipulated by untrusted applets. This\n could be used to elevate privileges and bypass secure XML processing\n restrictions. (CVE-2010-4470)\n \n It was found that untrusted applets could create and place cache entries in\n the name resolution cache. This could allow an attacker targeted\n manipulation over name resolution until the OpenJDK VM is restarted.\n (CVE-2010-4448)\n \n It was found that the Java launcher provided by OpenJDK did not check the\n LD_LIBRARY_PATH environment variable for insecure empty path elements. A\n local attacker able to trick a user into running the Java launcher while\n working from an attacker-writable directory could use this flaw to load an\n untrusted library, subverting the Java security model. (CVE-2010-4450)\n \n A flaw was found in the XML Digital Signature component in OpenJDK.\n Untrusted code could use this flaw to replace the Java Runtime Environment\n (JRE) XML Digital Signature Transform or C14N algorithm implementations to\n intercept digital signature operations. (CVE-2010-4472)\n \n Note: All of the above flaws can only be remotely triggered in OpenJDK by\n calling the &quot;appletviewer&quot; application.\n \n This update also provides one defense in depth patch. (BZ#676019)\n \n All users of java-1.6.0-openjdk are advised to upgrade to these updated\n packages, which resolve these issues. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"java on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-April/017313.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880559\");\n script_version(\"$Revision: 9371 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:55:06 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2011:0281\");\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4472\", \"CVE-2010-4471\");\n script_name(\"CentOS Update for java CESA-2011:0281 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-1.6.0.0\", rpm:\"java-1.6.0-openjdk-1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo-1.6.0.0\", rpm:\"java-1.6.0-openjdk-demo-1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel-1.6.0.0\", rpm:\"java-1.6.0-openjdk-devel-1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc-1.6.0.0\", rpm:\"java-1.6.0-openjdk-javadoc-1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src-1.6.0.0\", rpm:\"java-1.6.0-openjdk-src-1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:55:00", "references": ["2011:0281-01", "https://www.redhat.com/archives/rhsa-announce/2011-February/msg00024.html"], "pluginID": "870394", "description": "Check for the Version of java-1.6.0-openjdk", "edition": 2, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-02-18T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "RedHat Update for java-1.6.0-openjdk RHSA-2011:0281-01", "type": "openvas", "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470"], "modified": "2017-07-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870394", "id": "OPENVAS:870394", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.6.0-openjdk RHSA-2011:0281-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n A flaw was found in the Swing library. Forged TimerEvents could be used to\n bypass SecurityManager checks, allowing access to otherwise blocked files\n and directories. (CVE-2010-4465)\n \n A flaw was found in the HotSpot component in OpenJDK. Certain bytecode\n instructions confused the memory management within the Java Virtual Machine\n (JVM), which could lead to heap corruption. (CVE-2010-4469)\n \n A flaw was found in the way JAXP (Java API for XML Processing) components\n were handled, allowing them to be manipulated by untrusted applets. This\n could be used to elevate privileges and bypass secure XML processing\n restrictions. (CVE-2010-4470)\n \n It was found that untrusted applets could create and place cache entries in\n the name resolution cache. This could allow an attacker targeted\n manipulation over name resolution until the OpenJDK VM is restarted.\n (CVE-2010-4448)\n \n It was found that the Java launcher provided by OpenJDK did not check the\n LD_LIBRARY_PATH environment variable for insecure empty path elements. A\n local attacker able to trick a user into running the Java launcher while\n working from an attacker-writable directory could use this flaw to load an\n untrusted library, subverting the Java security model. (CVE-2010-4450)\n \n A flaw was found in the XML Digital Signature component in OpenJDK.\n Untrusted code could use this flaw to replace the Java Runtime Environment\n (JRE) XML Digital Signature Transform or C14N algorithm implementations to\n intercept digital signature operations. (CVE-2010-4472)\n \n Note: All of the above flaws can only be remotely triggered in OpenJDK by\n calling the &quot;appletviewer&quot; application.\n \n This update also provides one defense in depth patch. (BZ#676019)\n \n All users of java-1.6.0-openjdk are advised to upgrade to these updated\n packages, which resolve these issues. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\";\n\ntag_affected = \"java-1.6.0-openjdk on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-February/msg00024.html\");\n script_id(870394);\n script_version(\"$Revision: 6685 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:44:46 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-02-18 15:15:05 +0100 (Fri, 18 Feb 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2011:0281-01\");\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4472\", \"CVE-2010-4471\");\n script_name(\"RedHat Update for java-1.6.0-openjdk RHSA-2011:0281-01\");\n\n script_summary(\"Check for the Version of java-1.6.0-openjdk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.20.b17.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~1.20.b17.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.20.b17.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.20.b17.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.20.b17.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.20.b17.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:01:23", "references": ["2011:0281", "http://lists.centos.org/pipermail/centos-announce/2011-April/017314.html"], "pluginID": "1361412562310881416", "description": "Check for the Version of java", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-07-30T00:00:00", "title": "CentOS Update for java CESA-2011:0281 centos5 x86_64", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310881416", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881416", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2011:0281 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n A flaw was found in the Swing library. Forged TimerEvents could be used to\n bypass SecurityManager checks, allowing access to otherwise blocked files\n and directories. (CVE-2010-4465)\n \n A flaw was found in the HotSpot component in OpenJDK. Certain bytecode\n instructions confused the memory management within the Java Virtual Machine\n (JVM), which could lead to heap corruption. (CVE-2010-4469)\n \n A flaw was found in the way JAXP (Java API for XML Processing) components\n were handled, allowing them to be manipulated by untrusted applets. This\n could be used to elevate privileges and bypass secure XML processing\n restrictions. (CVE-2010-4470)\n \n It was found that untrusted applets could create and place cache entries in\n the name resolution cache. This could allow an attacker targeted\n manipulation over name resolution until the OpenJDK VM is restarted.\n (CVE-2010-4448)\n \n It was found that the Java launcher provided by OpenJDK did not check the\n LD_LIBRARY_PATH environment variable for insecure empty path elements. A\n local attacker able to trick a user into running the Java launcher while\n working from an attacker-writable directory could use this flaw to load an\n untrusted library, subverting the Java security model. (CVE-2010-4450)\n \n A flaw was found in the XML Digital Signature component in OpenJDK.\n Untrusted code could use this flaw to replace the Java Runtime Environment\n (JRE) XML Digital Signature Transform or C14N algorithm implementations to\n intercept digital signature operations. (CVE-2010-4472)\n \n Note: All of the above flaws can only be remotely triggered in OpenJDK by\n calling the &quot;appletviewer&quot; application.\n \n This update also provides one defense in depth patch. (BZ#676019)\n \n All users of java-1.6.0-openjdk are advised to upgrade to these updated\n packages, which resolve these issues. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\";\n\ntag_affected = \"java on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-April/017314.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881416\");\n script_version(\"$Revision: 9352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:49:38 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\",\n \"CVE-2010-4470\", \"CVE-2010-4472\", \"CVE-2010-4471\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2011:0281\");\n script_name(\"CentOS Update for java CESA-2011:0281 centos5 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-23T15:18:37", "references": ["2011:0281-01", "https://www.redhat.com/archives/rhsa-announce/2011-February/msg00024.html"], "pluginID": "1361412562310870394", "description": "The remote host is missing an update for the ", "edition": 7, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-02-18T00:00:00", "title": "RedHat Update for java-1.6.0-openjdk RHSA-2011:0281-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870394", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870394", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.6.0-openjdk RHSA-2011:0281-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-February/msg00024.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870394\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-02-18 15:15:05 +0100 (Fri, 18 Feb 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2011:0281-01\");\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4472\", \"CVE-2010-4471\");\n script_name(\"RedHat Update for java-1.6.0-openjdk RHSA-2011:0281-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1.6.0-openjdk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"java-1.6.0-openjdk on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n A flaw was found in the Swing library. Forged TimerEvents could be used to\n bypass SecurityManager checks, allowing access to otherwise blocked files\n and directories. (CVE-2010-4465)\n\n A flaw was found in the HotSpot component in OpenJDK. Certain bytecode\n instructions confused the memory management within the Java Virtual Machine\n (JVM), which could lead to heap corruption. (CVE-2010-4469)\n\n A flaw was found in the way JAXP (Java API for XML Processing) components\n were handled, allowing them to be manipulated by untrusted applets. This\n could be used to elevate privileges and bypass secure XML processing\n restrictions. (CVE-2010-4470)\n\n It was found that untrusted applets could create and place cache entries in\n the name resolution cache. This could allow an attacker targeted\n manipulation over name resolution until the OpenJDK VM is restarted.\n (CVE-2010-4448)\n\n It was found that the Java launcher provided by OpenJDK did not check the\n LD_LIBRARY_PATH environment variable for insecure empty path elements. A\n local attacker able to trick a user into running the Java launcher while\n working from an attacker-writable directory could use this flaw to load an\n untrusted library, subverting the Java security model. (CVE-2010-4450)\n\n A flaw was found in the XML Digital Signature component in OpenJDK.\n Untrusted code could use this flaw to replace the Java Runtime Environment\n (JRE) XML Digital Signature Transform or C14N algorithm implementations to\n intercept digital signature operations. (CVE-2010-4472)\n\n Note: All of the above flaws can only be remotely triggered in OpenJDK by\n calling the &quot;appletviewer&quot; application.\n\n This update also provides one defense in depth patch. (BZ#676019)\n\n All users of java-1.6.0-openjdk are advised to upgrade to these updated\n packages, which resolve these issues. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.20.b17.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~1.20.b17.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.20.b17.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.20.b17.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.20.b17.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.20.b17.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:38", "references": ["2011:0281", "http://lists.centos.org/pipermail/centos-announce/2011-April/017313.html"], "pluginID": "880559", "description": "Check for the Version of java", "edition": 2, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-08-09T00:00:00", "title": "CentOS Update for java CESA-2011:0281 centos5 i386", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880559", "id": "OPENVAS:880559", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2011:0281 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n A flaw was found in the Swing library. Forged TimerEvents could be used to\n bypass SecurityManager checks, allowing access to otherwise blocked files\n and directories. (CVE-2010-4465)\n \n A flaw was found in the HotSpot component in OpenJDK. Certain bytecode\n instructions confused the memory management within the Java Virtual Machine\n (JVM), which could lead to heap corruption. (CVE-2010-4469)\n \n A flaw was found in the way JAXP (Java API for XML Processing) components\n were handled, allowing them to be manipulated by untrusted applets. This\n could be used to elevate privileges and bypass secure XML processing\n restrictions. (CVE-2010-4470)\n \n It was found that untrusted applets could create and place cache entries in\n the name resolution cache. This could allow an attacker targeted\n manipulation over name resolution until the OpenJDK VM is restarted.\n (CVE-2010-4448)\n \n It was found that the Java launcher provided by OpenJDK did not check the\n LD_LIBRARY_PATH environment variable for insecure empty path elements. A\n local attacker able to trick a user into running the Java launcher while\n working from an attacker-writable directory could use this flaw to load an\n untrusted library, subverting the Java security model. (CVE-2010-4450)\n \n A flaw was found in the XML Digital Signature component in OpenJDK.\n Untrusted code could use this flaw to replace the Java Runtime Environment\n (JRE) XML Digital Signature Transform or C14N algorithm implementations to\n intercept digital signature operations. (CVE-2010-4472)\n \n Note: All of the above flaws can only be remotely triggered in OpenJDK by\n calling the &quot;appletviewer&quot; application.\n \n This update also provides one defense in depth patch. (BZ#676019)\n \n All users of java-1.6.0-openjdk are advised to upgrade to these updated\n packages, which resolve these issues. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"java on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-April/017313.html\");\n script_id(880559);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2011:0281\");\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4472\", \"CVE-2010-4471\");\n script_name(\"CentOS Update for java CESA-2011:0281 centos5 i386\");\n\n script_summary(\"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-1.6.0.0\", rpm:\"java-1.6.0-openjdk-1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo-1.6.0.0\", rpm:\"java-1.6.0-openjdk-demo-1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel-1.6.0.0\", rpm:\"java-1.6.0-openjdk-devel-1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc-1.6.0.0\", rpm:\"java-1.6.0-openjdk-javadoc-1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src-1.6.0.0\", rpm:\"java-1.6.0-openjdk-src-1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T13:07:34", "references": ["2011:054", "http://lists.mandriva.com/security-announce/2011-03/msg00013.php"], "pluginID": "1361412562310831354", "description": "The remote host is missing an update for the ", "edition": 6, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-04-01T00:00:00", "title": "Mandriva Update for java-1.6.0-openjdk MDVSA-2011:054 (java-1.6.0-openjdk)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Mandrake Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2011-0025", "CVE-2010-4470", "CVE-2010-4351", "CVE-2011-0706"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310831354", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831354", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for java-1.6.0-openjdk MDVSA-2011:054 (java-1.6.0-openjdk)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.mandriva.com/security-announce/2011-03/msg00013.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831354\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-04-01 15:34:04 +0200 (Fri, 01 Apr 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"MDVSA\", value:\"2011:054\");\n script_cve_id(\"CVE-2010-4351\", \"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2010-4476\", \"CVE-2011-0025\", \"CVE-2011-0706\");\n script_name(\"Mandriva Update for java-1.6.0-openjdk MDVSA-2011:054 (java-1.6.0-openjdk)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1.6.0-openjdk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(mes5|2010\\.1|2010\\.0|2009\\.0)\");\n script_tag(name:\"affected\", value:\"java-1.6.0-openjdk on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities has been identified and fixed in\n java-1.6.0-openjdk:\n\n The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7,\n 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from\n the checkPermission method instead of throwing an exception in certain\n circumstances, which might allow context-dependent attackers to bypass\n the intended security policy by creating instances of ClassLoader\n (CVE-2010-4351).\n\n Unspecified vulnerability in the Java Runtime Environment (JRE)\n in Oracle Java SE and Java for Business 6 Update 23 and earlier,\n 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote\n untrusted Java Web Start applications and untrusted Java applets to\n affect integrity via unknown vectors related to Networking. NOTE: the\n previous information was obtained from the February 2011 CPU. Oracle\n has not commented on claims from a downstream vendor that this issue\n involves DNS cache poisoning by untrusted applets. (CVE-2010-4448)\n\n Unspecified vulnerability in the Java Runtime Environment (JRE)\n in Oracle Java SE and Java for Business 6 Update 23 and earlier for\n Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux;\n and 1.4.2_29 and earlier for Solaris and Linux allows local standalone\n applications to affect confidentiality, integrity, and availability via\n unknown vectors related to Launcher. NOTE: the previous information was\n obtained from the February 2011 CPU. Oracle has not commented on claims\n from a downstream vendor that this issue is an untrusted search path\n vulnerability involving an empty LD_LIBRARY_PATH environment variable\n (CVE-2010-4450).\n\n Unspecified vulnerability in the Java Runtime Environment (JRE)\n in Oracle Java SE and Java for Business 6 Update 23 and earlier,\n 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote\n untrusted Java Web Start applications and untrusted Java applets to\n affect confidentiality, integrity, and availability via unknown vectors\n related to Swing. NOTE: the previous information was obtained from the\n February 2011 CPU. Oracle has not commented on claims from a downstream\n vendor that this issue is related to the lack of framework support by\n AWT event dispatch, and/or clipboard access in Applets. (CVE-2010-4465)\n\n Unspecified vulnerability in the Java Runtime Environment (JRE)\n in Oracle Java ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.5.0-gcj-1.5.0.0\", rpm:\"java-1.5.0-gcj-1.5.0.0~17.1.7.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.5.0-gcj-devel\", rpm:\"java-1.5.0-gcj-devel~1.5.0.0~17.1.7.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.5.0-gcj-javadoc\", rpm:\"java-1.5.0-gcj-javadoc~1.5.0.0~17.1.7.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.5.0-gcj-src\", rpm:\"java-1.5.0-gcj-src~1.5.0.0~17.1.7.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~7.b18.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~7.b18.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~7.b18.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-plugin\", rpm:\"java-1.6.0-openjdk-plugin~1.6.0.0~7.b18.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~7.b18.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.5.0-gcj-1.5.0.0\", rpm:\"java-1.5.0-gcj-1.5.0.0-17.1.7.1mdv2009.0\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~7.b18.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~7.b18.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~7.b18.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~7.b18.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-plugin\", rpm:\"java-1.6.0-openjdk-plugin~1.6.0.0~7.b18.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ava-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~7.b18.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-1.6.0.0\", rpm:\"java-1.6.0-openjdk-1.6.0.0~7.b18.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~7.b18.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~7.b18.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~7.b18.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-plugin\", rpm:\"java-1.6.0-openjdk-plugin~1.6.0.0~7.b18.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~7.b18.5mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.5.0-gcj-1.5.0.0\", rpm:\"java-1.5.0-gcj-1.5.0.0~17.1.7.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.5.0-gcj-devel\", rpm:\"java-1.5.0-gcj-devel~1.5.0.0~17.1.7.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.5.0-gcj-javadoc\", rpm:\"java-1.5.0-gcj-javadoc~1.5.0.0~17.1.7.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.5.0-gcj-src\", rpm:\"java-1.5.0-gcj-src~1.5.0.0~17.1.7.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~7.b18.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~7.b18.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~7.b18.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~7.b18.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-plugin\", rpm:\"java-1.6.0-openjdk-plugin~1.6.0.0~7.b18.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~7.b18.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:08:44", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2011-0706", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4465", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4471", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4470", "https://usn.ubuntu.com/usn/usn-1079-1", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4450", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4476", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4469", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4448", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4472"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "10.10", "packageVersion": "6b18-1.8.7-0ubuntu2.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.10", "packageVersion": "6b18-1.8.7-0ubuntu2.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea6-plugin", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.10", "packageVersion": "6b18-1.8.7-0ubuntu2.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-headless", "operator": "lt"}], "description": "USN-1079-2 fixed vulnerabilities in OpenJDK 6 for armel (ARM) architectures in Ubuntu 9.10 and Ubuntu 10.04 LTS. This update fixes vulnerabilities in OpenJDK 6 for armel (ARM) architectures for Ubuntu 10.10.\n\nOriginal advisory details:\n\nIt was discovered that untrusted Java applets could create domain name resolution cache entries, allowing an attacker to manipulate name resolution within the JVM. (CVE-2010-4448)\n\nIt was discovered that the Java launcher did not did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. (CVE-2010-4450)\n\nIt was discovered that within the Swing library, forged timer events could allow bypass of SecurityManager checks. This could allow an attacker to access restricted resources. (CVE-2010-4465)\n\nIt was discovered that certain bytecode combinations confused memory management within the HotSpot JVM. This could allow an attacker to cause a denial of service through an application crash or possibly inject code. (CVE-2010-4469)\n\nIt was discovered that the way JAXP components were handled allowed them to be manipulated by untrusted applets. An attacker could use this to bypass XML processing restrictions and elevate privileges. (CVE-2010-4470)\n\nIt was discovered that the Java2D subcomponent, when processing broken CFF fonts could leak system properties. (CVE-2010-4471)\n\nIt was discovered that a flaw in the XML Digital Signature component could allow an attacker to cause untrusted code to replace the XML Digital Signature Transform or C14N algorithm implementations. (CVE-2010-4472)\n\nKonstantin Preisser and others discovered that specific double literals were improperly handled, allowing a remote attacker to cause a denial of service. (CVE-2010-4476)\n\nIt was discovered that the JNLPClassLoader class when handling multiple signatures allowed remote attackers to gain privileges due to the assignment of an inappropriate security descriptor. (CVE-2011-0706)", "edition": 3, "reporter": "Ubuntu", "published": "2011-03-17T00:00:00", "title": "OpenJDK 6 vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "modified": "2011-03-17T00:00:00", "id": "USN-1079-3", "href": "https://usn.ubuntu.com/1079-3/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:10:04", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2011-0706", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4465", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4471", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4470", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4450", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4476", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4469", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4448", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4472"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b20-1.9.7-0ubuntu1~10.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.10", "packageVersion": "6b20-1.9.7-0ubuntu1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-headless", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.10", "packageVersion": "6b20-1.9.7-0ubuntu1~9.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-headless", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.10", "packageVersion": "6b20-1.9.7-0ubuntu1~9.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.10", "packageVersion": "6b20-1.9.7-0ubuntu1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b20-1.9.7-0ubuntu1~10.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-lib", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b20-1.9.7-0ubuntu1~10.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-headless", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.10", "packageVersion": "6b20-1.9.7-0ubuntu1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-lib", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.10", "packageVersion": "6b20-1.9.7-0ubuntu1~9.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea6-plugin", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b20-1.9.7-0ubuntu1~10.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea6-plugin", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.10", "packageVersion": "6b20-1.9.7-0ubuntu1~9.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-lib", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.10", "packageVersion": "6b20-1.9.7-0ubuntu1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea6-plugin", "operator": "lt"}], "description": "It was discovered that untrusted Java applets could create domain name resolution cache entries, allowing an attacker to manipulate name resolution within the JVM. (CVE-2010-4448)\n\nIt was discovered that the Java launcher did not did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. (CVE-2010-4450)\n\nIt was discovered that within the Swing library, forged timer events could allow bypass of SecurityManager checks. This could allow an attacker to access restricted resources. (CVE-2010-4465)\n\nIt was discovered that certain bytecode combinations confused memory management within the HotSpot JVM. This could allow an attacker to cause a denial of service through an application crash or possibly inject code. (CVE-2010-4469)\n\nIt was discovered that the way JAXP components were handled allowed them to be manipulated by untrusted applets. An attacker could use this to bypass XML processing restrictions and elevate privileges. (CVE-2010-4470)\n\nIt was discovered that the Java2D subcomponent, when processing broken CFF fonts could leak system properties. (CVE-2010-4471)\n\nIt was discovered that a flaw in the XML Digital Signature component could allow an attacker to cause untrusted code to replace the XML Digital Signature Transform or C14N algorithm implementations. (CVE-2010-4472)\n\nKonstantin Preisser and others discovered that specific double literals were improperly handled, allowing a remote attacker to cause a denial of service. (CVE-2010-4476)\n\nIt was discovered that the JNLPClassLoader class when handling multiple signatures allowed remote attackers to gain privileges due to the assignment of an inappropriate security descriptor. (CVE-2011-0706)", "edition": 3, "reporter": "Ubuntu", "published": "2011-03-01T00:00:00", "title": "OpenJDK 6 vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "modified": "2011-03-01T00:00:00", "id": "USN-1079-1", "href": "https://usn.ubuntu.com/1079-1/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:08:32", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2011-0706", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4465", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4471", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4470", "https://usn.ubuntu.com/usn/usn-1079-1", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4450", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4476", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4469", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4448", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-4472"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "9.10", "packageVersion": "6b18-1.8.7-0ubuntu1~9.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b18-1.8.7-0ubuntu1~10.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.10", "packageVersion": "6b18-1.8.7-0ubuntu1~9.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea6-plugin", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b18-1.8.7-0ubuntu1~10.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea6-plugin", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b18-1.8.7-0ubuntu1~10.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-headless", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.10", "packageVersion": "6b18-1.8.7-0ubuntu1~9.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-headless", "operator": "lt"}], "description": "USN-1079-1 fixed vulnerabilities in OpenJDK 6 for non-armel (ARM) architectures. This update provides the corresponding updates for OpenJDK 6 for use with the armel (ARM) architectures.\n\nIn order to build the armel (ARM) OpenJDK 6 update for Ubuntu 10.04 LTS, it was necessary to rebuild binutils and gcj-4.4 from Ubuntu 10.04 LTS updates.\n\nOriginal advisory details:\n\nIt was discovered that untrusted Java applets could create domain name resolution cache entries, allowing an attacker to manipulate name resolution within the JVM. (CVE-2010-4448)\n\nIt was discovered that the Java launcher did not did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. (CVE-2010-4450)\n\nIt was discovered that within the Swing library, forged timer events could allow bypass of SecurityManager checks. This could allow an attacker to access restricted resources. (CVE-2010-4465)\n\nIt was discovered that certain bytecode combinations confused memory management within the HotSpot JVM. This could allow an attacker to cause a denial of service through an application crash or possibly inject code. (CVE-2010-4469)\n\nIt was discovered that the way JAXP components were handled allowed them to be manipulated by untrusted applets. An attacker could use this to bypass XML processing restrictions and elevate privileges. (CVE-2010-4470)\n\nIt was discovered that the Java2D subcomponent, when processing broken CFF fonts could leak system properties. (CVE-2010-4471)\n\nIt was discovered that a flaw in the XML Digital Signature component could allow an attacker to cause untrusted code to replace the XML Digital Signature Transform or C14N algorithm implementations. (CVE-2010-4472)\n\nKonstantin Preisser and others discovered that specific double literals were improperly handled, allowing a remote attacker to cause a denial of service. (CVE-2010-4476)\n\nIt was discovered that the JNLPClassLoader class when handling multiple signatures allowed remote attackers to gain privileges due to the assignment of an inappropriate security descriptor. (CVE-2011-0706)", "edition": 3, "reporter": "Ubuntu", "published": "2011-03-15T00:00:00", "title": "OpenJDK 6 vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "modified": "2011-03-15T00:00:00", "id": "USN-1079-2", "href": "https://usn.ubuntu.com/1079-2/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-01-16T20:11:45", "references": ["http://www.nessus.org/u?48fd0267"], "pluginID": "52006", "description": "This update fixes the following security issues :\n\nS6378709, CVE-2010-4465: AWT event dispatch does not support framework\ncode \n\nS6854912, CVE-2010-4465: Security issue with the clipboard access in\nApplets \n\nS6878713, CVE-2010-4469: Verifier heap corruption, relating to\nbackward jsrs \n\nS6907662, CVE-2010-4465: System clipboard should ensure access\nrestrictions \n\nS6927050, CVE-2010-4470: Features set on SchemaFactory not inherited\nby Validator \n\nS6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets \n\nS6983554, CVE-2010-4450: (launcher) Fix empty user's LD_LIBRARY_PATH\nenvironment variable in the launcher \n\nS6985453, CVE-2010-4471: Font.createFont may expose some system\nproperties in exception text \n\nS6994263, CVE-2010-4472: Untrusted code can replace JRE's XML DSig\nTransform or C14N algorithm implementations \n\nRH677332, CVE-2011-0706: IcedTea multiple signers privilege escalation\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 8, "reporter": "Tenable", "published": "2011-02-17T00:00:00", "title": "Fedora 14 : java-1.6.0-openjdk-1.6.0.0-52.1.9.7.fc14 (2011-1645)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "modified": "2018-08-09T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:14", "p-cpe:/a:fedoraproject:fedora:java-1.6.0-openjdk"], "id": "FEDORA_2011-1645.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=52006", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-1645.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(52006);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/08/09 13:09:35\");\n\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2011-0706\");\n script_xref(name:\"FEDORA\", value:\"2011-1645\");\n\n script_name(english:\"Fedora 14 : java-1.6.0-openjdk-1.6.0.0-52.1.9.7.fc14 (2011-1645)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issues :\n\nS6378709, CVE-2010-4465: AWT event dispatch does not support framework\ncode \n\nS6854912, CVE-2010-4465: Security issue with the clipboard access in\nApplets \n\nS6878713, CVE-2010-4469: Verifier heap corruption, relating to\nbackward jsrs \n\nS6907662, CVE-2010-4465: System clipboard should ensure access\nrestrictions \n\nS6927050, CVE-2010-4470: Features set on SchemaFactory not inherited\nby Validator \n\nS6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets \n\nS6983554, CVE-2010-4450: (launcher) Fix empty user's LD_LIBRARY_PATH\nenvironment variable in the launcher \n\nS6985453, CVE-2010-4471: Font.createFont may expose some system\nproperties in exception text \n\nS6994263, CVE-2010-4472: Untrusted code can replace JRE's XML DSig\nTransform or C14N algorithm implementations \n\nRH677332, CVE-2011-0706: IcedTea multiple signers privilege escalation\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?48fd0267\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/02/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"java-1.6.0-openjdk-1.6.0.0-52.1.9.7.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:11:48", "references": ["https://usn.ubuntu.com/1079-1/"], "pluginID": "52498", "description": "It was discovered that untrusted Java applets could create domain name\nresolution cache entries, allowing an attacker to manipulate name\nresolution within the JVM. (CVE-2010-4448)\n\nIt was discovered that the Java launcher did not did not properly\nsetup the LD_LIBRARY_PATH environment variable. A local attacker could\nexploit this to execute arbitrary code as the user invoking the\nprogram. (CVE-2010-4450)\n\nIt was discovered that within the Swing library, forged timer events\ncould allow bypass of SecurityManager checks. This could allow an\nattacker to access restricted resources. (CVE-2010-4465)\n\nIt was discovered that certain bytecode combinations confused memory\nmanagement within the HotSpot JVM. This could allow an attacker to\ncause a denial of service through an application crash or possibly\ninject code. (CVE-2010-4469)\n\nIt was discovered that the way JAXP components were handled allowed\nthem to be manipulated by untrusted applets. An attacker could use\nthis to bypass XML processing restrictions and elevate privileges.\n(CVE-2010-4470)\n\nIt was discovered that the Java2D subcomponent, when processing broken\nCFF fonts could leak system properties. (CVE-2010-4471)\n\nIt was discovered that a flaw in the XML Digital Signature component\ncould allow an attacker to cause untrusted code to replace the XML\nDigital Signature Transform or C14N algorithm implementations.\n(CVE-2010-4472)\n\nKonstantin Preisser and others discovered that specific double\nliterals were improperly handled, allowing a remote attacker to cause\na denial of service. (CVE-2010-4476)\n\nIt was discovered that the JNLPClassLoader class when handling\nmultiple signatures allowed remote attackers to gain privileges due to\nthe assignment of an inappropriate security descriptor.\n(CVE-2011-0706).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 8, "reporter": "Tenable", "published": "2011-03-02T00:00:00", "title": "Ubuntu 9.10 / 10.04 LTS / 10.10 : openjdk-6 vulnerabilities (USN-1079-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "modified": "2018-12-01T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:openjdk-6-source", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jdk", "p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-cacao", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-zero", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-doc", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-demo", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-dbg", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:9.10", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-lib", "p-cpe:/a:canonical:ubuntu_linux:icedtea6-plugin", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless"], "id": "UBUNTU_USN-1079-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=52498", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1079-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(52498);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/12/01 13:19:06\");\n\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2010-4476\", \"CVE-2011-0706\");\n script_bugtraq_id(46091, 46387, 46397, 46398, 46399, 46400, 46404, 46406, 46439);\n script_xref(name:\"USN\", value:\"1079-1\");\n\n script_name(english:\"Ubuntu 9.10 / 10.04 LTS / 10.10 : openjdk-6 vulnerabilities (USN-1079-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that untrusted Java applets could create domain name\nresolution cache entries, allowing an attacker to manipulate name\nresolution within the JVM. (CVE-2010-4448)\n\nIt was discovered that the Java launcher did not did not properly\nsetup the LD_LIBRARY_PATH environment variable. A local attacker could\nexploit this to execute arbitrary code as the user invoking the\nprogram. (CVE-2010-4450)\n\nIt was discovered that within the Swing library, forged timer events\ncould allow bypass of SecurityManager checks. This could allow an\nattacker to access restricted resources. (CVE-2010-4465)\n\nIt was discovered that certain bytecode combinations confused memory\nmanagement within the HotSpot JVM. This could allow an attacker to\ncause a denial of service through an application crash or possibly\ninject code. (CVE-2010-4469)\n\nIt was discovered that the way JAXP components were handled allowed\nthem to be manipulated by untrusted applets. An attacker could use\nthis to bypass XML processing restrictions and elevate privileges.\n(CVE-2010-4470)\n\nIt was discovered that the Java2D subcomponent, when processing broken\nCFF fonts could leak system properties. (CVE-2010-4471)\n\nIt was discovered that a flaw in the XML Digital Signature component\ncould allow an attacker to cause untrusted code to replace the XML\nDigital Signature Transform or C14N algorithm implementations.\n(CVE-2010-4472)\n\nKonstantin Preisser and others discovered that specific double\nliterals were improperly handled, allowing a remote attacker to cause\na denial of service. (CVE-2010-4476)\n\nIt was discovered that the JNLPClassLoader class when handling\nmultiple signatures allowed remote attackers to gain privileges due to\nthe assignment of an inappropriate security descriptor.\n(CVE-2011-0706).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1079-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-cacao\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea6-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-zero\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-source\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(9\\.10|10\\.04|10\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 9.10 / 10.04 / 10.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"9.10\", pkgname:\"icedtea-6-jre-cacao\", pkgver:\"6b20-1.9.7-0ubuntu1~9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"icedtea6-plugin\", pkgver:\"6b20-1.9.7-0ubuntu1~9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"openjdk-6-dbg\", pkgver:\"6b20-1.9.7-0ubuntu1~9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"openjdk-6-demo\", pkgver:\"6b20-1.9.7-0ubuntu1~9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"openjdk-6-doc\", pkgver:\"6b20-1.9.7-0ubuntu1~9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"openjdk-6-jdk\", pkgver:\"6b20-1.9.7-0ubuntu1~9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"openjdk-6-jre\", pkgver:\"6b20-1.9.7-0ubuntu1~9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b20-1.9.7-0ubuntu1~9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"openjdk-6-jre-lib\", pkgver:\"6b20-1.9.7-0ubuntu1~9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"openjdk-6-jre-zero\", pkgver:\"6b20-1.9.7-0ubuntu1~9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"openjdk-6-source\", pkgver:\"6b20-1.9.7-0ubuntu1~9.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"icedtea-6-jre-cacao\", pkgver:\"6b20-1.9.7-0ubuntu1~10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"icedtea6-plugin\", pkgver:\"6b20-1.9.7-0ubuntu1~10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-dbg\", pkgver:\"6b20-1.9.7-0ubuntu1~10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-demo\", pkgver:\"6b20-1.9.7-0ubuntu1~10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-doc\", pkgver:\"6b20-1.9.7-0ubuntu1~10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jdk\", pkgver:\"6b20-1.9.7-0ubuntu1~10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre\", pkgver:\"6b20-1.9.7-0ubuntu1~10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b20-1.9.7-0ubuntu1~10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre-lib\", pkgver:\"6b20-1.9.7-0ubuntu1~10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre-zero\", pkgver:\"6b20-1.9.7-0ubuntu1~10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-source\", pkgver:\"6b20-1.9.7-0ubuntu1~10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"icedtea-6-jre-cacao\", pkgver:\"6b20-1.9.7-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"icedtea6-plugin\", pkgver:\"6b20-1.9.7-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"openjdk-6-dbg\", pkgver:\"6b20-1.9.7-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"openjdk-6-demo\", pkgver:\"6b20-1.9.7-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"openjdk-6-doc\", pkgver:\"6b20-1.9.7-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"openjdk-6-jdk\", pkgver:\"6b20-1.9.7-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"openjdk-6-jre\", pkgver:\"6b20-1.9.7-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b20-1.9.7-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"openjdk-6-jre-lib\", pkgver:\"6b20-1.9.7-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"openjdk-6-jre-zero\", pkgver:\"6b20-1.9.7-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"openjdk-6-source\", pkgver:\"6b20-1.9.7-0ubuntu1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-6-jre-cacao / icedtea6-plugin / openjdk-6-dbg / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:12:05", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=671714", "https://lists.opensuse.org/opensuse-updates/2011-03/msg00002.html"], "pluginID": "53735", "description": "Multiple vulnerabilities were fixed in java-1_6_0-openjdk :\n\n - CVE-2010-4448: CVSS v2 Base Score: 2.6\n (AV:N/AC:H/Au:N/C:N/I:P/A:N): DNS cache poisoning by\n untrusted applets\n\n - CVE-2010-4450: CVSS v2 Base Score: 3.7\n (AV:L/AC:H/Au:N/C:P/I:P/A:P): Launcher incorrect\n processing of empty library path entries\n\n - CVE-2010-4465: CVSS v2 Base Score: 6.8\n (AV:N/AC:M/Au:N/C:P/I:P/A:P): Swing timer-based security\n manager bypass\n\n - CVE-2010-4469: CVSS v2 Base Score: 6.8\n (AV:N/AC:M/Au:N/C:P/I:P/A:P): Hotspot backward jsr heap\n corruption\n\n - CVE-2010-4470: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:N/A:P): JAXP untrusted component\n state manipulation\n\n - CVE-2010-4471: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:P/A:N): Java2D font-related system\n property leak\n\n - CVE-2010-4472: CVSS v2 Base Score: 2.6\n (AV:N/AC:H/Au:N/C:P/I:N/A:N): Untrusted code allowed to\n replace DSIG/C14N implementation\n\n - CVE-2011-0706: CVSS v2 Base Score: 7.5\n (AV:N/AC:L/Au:N/C:P/I:P/A:P): Permissions, Privileges,\n and Access Control (CWE-264)", "edition": 8, "reporter": "Tenable", "published": "2011-05-05T00:00:00", "title": "openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2011:0155-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_6_0-openjdk", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-plugin", "cpe:/o:novell:opensuse:11.2", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src"], "id": "SUSE_11_2_JAVA-1_6_0-OPENJDK-110228.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=53735", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_6_0-openjdk-4038.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53735);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/10 11:49:59\");\n\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2011-0706\");\n\n script_name(english:\"openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2011:0155-1)\");\n script_summary(english:\"Check for the java-1_6_0-openjdk-4038 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were fixed in java-1_6_0-openjdk :\n\n - CVE-2010-4448: CVSS v2 Base Score: 2.6\n (AV:N/AC:H/Au:N/C:N/I:P/A:N): DNS cache poisoning by\n untrusted applets\n\n - CVE-2010-4450: CVSS v2 Base Score: 3.7\n (AV:L/AC:H/Au:N/C:P/I:P/A:P): Launcher incorrect\n processing of empty library path entries\n\n - CVE-2010-4465: CVSS v2 Base Score: 6.8\n (AV:N/AC:M/Au:N/C:P/I:P/A:P): Swing timer-based security\n manager bypass\n\n - CVE-2010-4469: CVSS v2 Base Score: 6.8\n (AV:N/AC:M/Au:N/C:P/I:P/A:P): Hotspot backward jsr heap\n corruption\n\n - CVE-2010-4470: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:N/A:P): JAXP untrusted component\n state manipulation\n\n - CVE-2010-4471: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:P/A:N): Java2D font-related system\n property leak\n\n - CVE-2010-4472: CVSS v2 Base Score: 2.6\n (AV:N/AC:H/Au:N/C:P/I:N/A:N): Untrusted code allowed to\n replace DSIG/C14N implementation\n\n - CVE-2011-0706: CVSS v2 Base Score: 7.5\n (AV:N/AC:L/Au:N/C:P/I:P/A:P): Permissions, Privileges,\n and Access Control (CWE-264)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=671714\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-03/msg00002.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_6_0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"java-1_6_0-openjdk-1.6.0.0_b20.1.9.7-1.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"java-1_6_0-openjdk-demo-1.6.0.0_b20.1.9.7-1.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"java-1_6_0-openjdk-devel-1.6.0.0_b20.1.9.7-1.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"java-1_6_0-openjdk-javadoc-1.6.0.0_b20.1.9.7-1.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"java-1_6_0-openjdk-plugin-1.6.0.0_b20.1.9.7-1.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"java-1_6_0-openjdk-src-1.6.0.0_b20.1.9.7-1.2.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_6_0-openjdk\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:11:45", "references": ["http://www.nessus.org/u?9a673f3e"], "pluginID": "52005", "description": "This update fixes the following security issues :\n\nS6378709, CVE-2010-4465: AWT event dispatch does not support framework\ncode \n\nS6854912, CVE-2010-4465: Security issue with the clipboard access in\nApplets \n\nS6878713, CVE-2010-4469: Verifier heap corruption, relating to\nbackward jsrs \n\nS6907662, CVE-2010-4465: System clipboard should ensure access\nrestrictions \n\nS6927050, CVE-2010-4470: Features set on SchemaFactory not inherited\nby Validator \n\nS6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets \n\nS6983554, CVE-2010-4450: (launcher) Fix empty user's LD_LIBRARY_PATH\nenvironment variable in the launcher \n\nS6985453, CVE-2010-4471: Font.createFont may expose some system\nproperties in exception text \n\nS6994263, CVE-2010-4472: Untrusted code can replace JRE's XML DSig\nTransform or C14N algorithm implementations \n\nRH677332, CVE-2011-0706: IcedTea multiple signers privilege escalation\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 8, "reporter": "Tenable", "published": "2011-02-17T00:00:00", "title": "Fedora 13 : java-1.6.0-openjdk-1.6.0.0-50.1.8.7.fc13 (2011-1631)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "modified": "2018-08-09T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:13", "p-cpe:/a:fedoraproject:fedora:java-1.6.0-openjdk"], "id": "FEDORA_2011-1631.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=52005", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-1631.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(52005);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/08/09 13:09:35\");\n\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2011-0706\");\n script_xref(name:\"FEDORA\", value:\"2011-1631\");\n\n script_name(english:\"Fedora 13 : java-1.6.0-openjdk-1.6.0.0-50.1.8.7.fc13 (2011-1631)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issues :\n\nS6378709, CVE-2010-4465: AWT event dispatch does not support framework\ncode \n\nS6854912, CVE-2010-4465: Security issue with the clipboard access in\nApplets \n\nS6878713, CVE-2010-4469: Verifier heap corruption, relating to\nbackward jsrs \n\nS6907662, CVE-2010-4465: System clipboard should ensure access\nrestrictions \n\nS6927050, CVE-2010-4470: Features set on SchemaFactory not inherited\nby Validator \n\nS6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets \n\nS6983554, CVE-2010-4450: (launcher) Fix empty user's LD_LIBRARY_PATH\nenvironment variable in the launcher \n\nS6985453, CVE-2010-4471: Font.createFont may expose some system\nproperties in exception text \n\nS6994263, CVE-2010-4472: Untrusted code can replace JRE's XML DSig\nTransform or C14N algorithm implementations \n\nRH677332, CVE-2011-0706: IcedTea multiple signers privilege escalation\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9a673f3e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/02/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"java-1.6.0-openjdk-1.6.0.0-50.1.8.7.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:15:48", "references": ["https://usn.ubuntu.com/1079-3/"], "pluginID": "65100", "description": "USN-1079-2 fixed vulnerabilities in OpenJDK 6 for armel (ARM)\narchitectures in Ubuntu 9.10 and Ubuntu 10.04 LTS. This update fixes\nvulnerabilities in OpenJDK 6 for armel (ARM) architectures for Ubuntu\n10.10.\n\nIt was discovered that untrusted Java applets could create domain name\nresolution cache entries, allowing an attacker to manipulate name\nresolution within the JVM. (CVE-2010-4448)\n\nIt was discovered that the Java launcher did not did not\nproperly setup the LD_LIBRARY_PATH environment variable. A\nlocal attacker could exploit this to execute arbitrary code\nas the user invoking the program. (CVE-2010-4450)\n\nIt was discovered that within the Swing library, forged\ntimer events could allow bypass of SecurityManager checks.\nThis could allow an attacker to access restricted resources.\n(CVE-2010-4465)\n\nIt was discovered that certain bytecode combinations\nconfused memory management within the HotSpot JVM. This\ncould allow an attacker to cause a denial of service through\nan application crash or possibly inject code.\n(CVE-2010-4469)\n\nIt was discovered that the way JAXP components were handled\nallowed them to be manipulated by untrusted applets. An\nattacker could use this to bypass XML processing\nrestrictions and elevate privileges. (CVE-2010-4470)\n\nIt was discovered that the Java2D subcomponent, when\nprocessing broken CFF fonts could leak system properties.\n(CVE-2010-4471)\n\nIt was discovered that a flaw in the XML Digital Signature\ncomponent could allow an attacker to cause untrusted code to\nreplace the XML Digital Signature Transform or C14N\nalgorithm implementations. (CVE-2010-4472)\n\nKonstantin Preisser and others discovered that specific\ndouble literals were improperly handled, allowing a remote\nattacker to cause a denial of service. (CVE-2010-4476)\n\nIt was discovered that the JNLPClassLoader class when\nhandling multiple signatures allowed remote attackers to\ngain privileges due to the assignment of an inappropriate\nsecurity descriptor. (CVE-2011-0706).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 8, "reporter": "Tenable", "published": "2013-03-09T00:00:00", "title": "Ubuntu 10.10 : openjdk-6b18 vulnerabilities (USN-1079-3)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "modified": "2018-12-01T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre", "cpe:/o:canonical:ubuntu_linux:10.10", "p-cpe:/a:canonical:ubuntu_linux:icedtea6-plugin", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless"], "id": "UBUNTU_USN-1079-3.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=65100", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1079-3. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65100);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/12/01 13:19:06\");\n\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2010-4476\", \"CVE-2011-0706\");\n script_bugtraq_id(46091, 46387, 46397, 46398, 46399, 46400, 46404, 46406, 46439);\n script_xref(name:\"USN\", value:\"1079-3\");\n\n script_name(english:\"Ubuntu 10.10 : openjdk-6b18 vulnerabilities (USN-1079-3)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-1079-2 fixed vulnerabilities in OpenJDK 6 for armel (ARM)\narchitectures in Ubuntu 9.10 and Ubuntu 10.04 LTS. This update fixes\nvulnerabilities in OpenJDK 6 for armel (ARM) architectures for Ubuntu\n10.10.\n\nIt was discovered that untrusted Java applets could create domain name\nresolution cache entries, allowing an attacker to manipulate name\nresolution within the JVM. (CVE-2010-4448)\n\nIt was discovered that the Java launcher did not did not\nproperly setup the LD_LIBRARY_PATH environment variable. A\nlocal attacker could exploit this to execute arbitrary code\nas the user invoking the program. (CVE-2010-4450)\n\nIt was discovered that within the Swing library, forged\ntimer events could allow bypass of SecurityManager checks.\nThis could allow an attacker to access restricted resources.\n(CVE-2010-4465)\n\nIt was discovered that certain bytecode combinations\nconfused memory management within the HotSpot JVM. This\ncould allow an attacker to cause a denial of service through\nan application crash or possibly inject code.\n(CVE-2010-4469)\n\nIt was discovered that the way JAXP components were handled\nallowed them to be manipulated by untrusted applets. An\nattacker could use this to bypass XML processing\nrestrictions and elevate privileges. (CVE-2010-4470)\n\nIt was discovered that the Java2D subcomponent, when\nprocessing broken CFF fonts could leak system properties.\n(CVE-2010-4471)\n\nIt was discovered that a flaw in the XML Digital Signature\ncomponent could allow an attacker to cause untrusted code to\nreplace the XML Digital Signature Transform or C14N\nalgorithm implementations. (CVE-2010-4472)\n\nKonstantin Preisser and others discovered that specific\ndouble literals were improperly handled, allowing a remote\nattacker to cause a denial of service. (CVE-2010-4476)\n\nIt was discovered that the JNLPClassLoader class when\nhandling multiple signatures allowed remote attackers to\ngain privileges due to the assignment of an inappropriate\nsecurity descriptor. (CVE-2011-0706).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1079-3/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected icedtea6-plugin, openjdk-6-jre and / or\nopenjdk-6-jre-headless packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea6-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(10\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.10\", pkgname:\"icedtea6-plugin\", pkgver:\"6b18-1.8.7-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"openjdk-6-jre\", pkgver:\"6b18-1.8.7-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b18-1.8.7-0ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea6-plugin / openjdk-6-jre / openjdk-6-jre-headless\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:15:48", "references": ["https://usn.ubuntu.com/1079-2/"], "pluginID": "65099", "description": "USN-1079-1 fixed vulnerabilities in OpenJDK 6 for non-armel (ARM)\narchitectures. This update provides the corresponding updates for\nOpenJDK 6 for use with the armel (ARM) architectures.\n\nIn order to build the armel (ARM) OpenJDK 6 update for Ubuntu 10.04\nLTS, it was necessary to rebuild binutils and gcj-4.4 from Ubuntu\n10.04 LTS updates.\n\nIt was discovered that untrusted Java applets could create domain name\nresolution cache entries, allowing an attacker to manipulate name\nresolution within the JVM. (CVE-2010-4448)\n\nIt was discovered that the Java launcher did not did not\nproperly setup the LD_LIBRARY_PATH environment variable. A\nlocal attacker could exploit this to execute arbitrary code\nas the user invoking the program. (CVE-2010-4450)\n\nIt was discovered that within the Swing library, forged\ntimer events could allow bypass of SecurityManager checks.\nThis could allow an attacker to access restricted resources.\n(CVE-2010-4465)\n\nIt was discovered that certain bytecode combinations\nconfused memory management within the HotSpot JVM. This\ncould allow an attacker to cause a denial of service through\nan application crash or possibly inject code.\n(CVE-2010-4469)\n\nIt was discovered that the way JAXP components were handled\nallowed them to be manipulated by untrusted applets. An\nattacker could use this to bypass XML processing\nrestrictions and elevate privileges. (CVE-2010-4470)\n\nIt was discovered that the Java2D subcomponent, when\nprocessing broken CFF fonts could leak system properties.\n(CVE-2010-4471)\n\nIt was discovered that a flaw in the XML Digital Signature\ncomponent could allow an attacker to cause untrusted code to\nreplace the XML Digital Signature Transform or C14N\nalgorithm implementations. (CVE-2010-4472)\n\nKonstantin Preisser and others discovered that specific\ndouble literals were improperly handled, allowing a remote\nattacker to cause a denial of service. (CVE-2010-4476)\n\nIt was discovered that the JNLPClassLoader class when\nhandling multiple signatures allowed remote attackers to\ngain privileges due to the assignment of an inappropriate\nsecurity descriptor. (CVE-2011-0706).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 8, "reporter": "Tenable", "published": "2013-03-09T00:00:00", "title": "Ubuntu 9.10 / 10.04 LTS : openjdk-6b18 vulnerabilities (USN-1079-2)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "modified": "2018-12-01T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre", "cpe:/o:canonical:ubuntu_linux:9.10", "p-cpe:/a:canonical:ubuntu_linux:icedtea6-plugin", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless"], "id": "UBUNTU_USN-1079-2.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=65099", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1079-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65099);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/12/01 13:19:06\");\n\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2010-4476\", \"CVE-2011-0706\");\n script_bugtraq_id(46091, 46387, 46397, 46398, 46399, 46400, 46404, 46406, 46439);\n script_xref(name:\"USN\", value:\"1079-2\");\n\n script_name(english:\"Ubuntu 9.10 / 10.04 LTS : openjdk-6b18 vulnerabilities (USN-1079-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-1079-1 fixed vulnerabilities in OpenJDK 6 for non-armel (ARM)\narchitectures. This update provides the corresponding updates for\nOpenJDK 6 for use with the armel (ARM) architectures.\n\nIn order to build the armel (ARM) OpenJDK 6 update for Ubuntu 10.04\nLTS, it was necessary to rebuild binutils and gcj-4.4 from Ubuntu\n10.04 LTS updates.\n\nIt was discovered that untrusted Java applets could create domain name\nresolution cache entries, allowing an attacker to manipulate name\nresolution within the JVM. (CVE-2010-4448)\n\nIt was discovered that the Java launcher did not did not\nproperly setup the LD_LIBRARY_PATH environment variable. A\nlocal attacker could exploit this to execute arbitrary code\nas the user invoking the program. (CVE-2010-4450)\n\nIt was discovered that within the Swing library, forged\ntimer events could allow bypass of SecurityManager checks.\nThis could allow an attacker to access restricted resources.\n(CVE-2010-4465)\n\nIt was discovered that certain bytecode combinations\nconfused memory management within the HotSpot JVM. This\ncould allow an attacker to cause a denial of service through\nan application crash or possibly inject code.\n(CVE-2010-4469)\n\nIt was discovered that the way JAXP components were handled\nallowed them to be manipulated by untrusted applets. An\nattacker could use this to bypass XML processing\nrestrictions and elevate privileges. (CVE-2010-4470)\n\nIt was discovered that the Java2D subcomponent, when\nprocessing broken CFF fonts could leak system properties.\n(CVE-2010-4471)\n\nIt was discovered that a flaw in the XML Digital Signature\ncomponent could allow an attacker to cause untrusted code to\nreplace the XML Digital Signature Transform or C14N\nalgorithm implementations. (CVE-2010-4472)\n\nKonstantin Preisser and others discovered that specific\ndouble literals were improperly handled, allowing a remote\nattacker to cause a denial of service. (CVE-2010-4476)\n\nIt was discovered that the JNLPClassLoader class when\nhandling multiple signatures allowed remote attackers to\ngain privileges due to the assignment of an inappropriate\nsecurity descriptor. (CVE-2011-0706).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1079-2/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected icedtea6-plugin, openjdk-6-jre and / or\nopenjdk-6-jre-headless packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea6-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(9\\.10|10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 9.10 / 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"9.10\", pkgname:\"icedtea6-plugin\", pkgver:\"6b18-1.8.7-0ubuntu1~9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"openjdk-6-jre\", pkgver:\"6b18-1.8.7-0ubuntu1~9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b18-1.8.7-0ubuntu1~9.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"icedtea6-plugin\", pkgver:\"6b18-1.8.7-0ubuntu1~10.04.2\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre\", pkgver:\"6b18-1.8.7-0ubuntu1~10.04.2\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b18-1.8.7-0ubuntu1~10.04.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea6-plugin / openjdk-6-jre / openjdk-6-jre-headless\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:11:46", "references": ["https://access.redhat.com/security/cve/cve-2010-4448", "https://access.redhat.com/security/cve/cve-2010-4470", "https://access.redhat.com/security/cve/cve-2010-4450", "https://access.redhat.com/security/cve/cve-2010-4465", "https://access.redhat.com/security/cve/cve-2010-4472", "https://access.redhat.com/security/cve/cve-2010-4469", "https://access.redhat.com/errata/RHSA-2011:0281"], "pluginID": "52020", "description": "Updated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nA flaw was found in the Swing library. Forged TimerEvents could be\nused to bypass SecurityManager checks, allowing access to otherwise\nblocked files and directories. (CVE-2010-4465)\n\nA flaw was found in the HotSpot component in OpenJDK. Certain bytecode\ninstructions confused the memory management within the Java Virtual\nMachine (JVM), which could lead to heap corruption. (CVE-2010-4469)\n\nA flaw was found in the way JAXP (Java API for XML Processing)\ncomponents were handled, allowing them to be manipulated by untrusted\napplets. This could be used to elevate privileges and bypass secure\nXML processing restrictions. (CVE-2010-4470)\n\nIt was found that untrusted applets could create and place cache\nentries in the name resolution cache. This could allow an attacker\ntargeted manipulation over name resolution until the OpenJDK VM is\nrestarted. (CVE-2010-4448)\n\nIt was found that the Java launcher provided by OpenJDK did not check\nthe LD_LIBRARY_PATH environment variable for insecure empty path\nelements. A local attacker able to trick a user into running the Java\nlauncher while working from an attacker-writable directory could use\nthis flaw to load an untrusted library, subverting the Java security\nmodel. (CVE-2010-4450)\n\nA flaw was found in the XML Digital Signature component in OpenJDK.\nUntrusted code could use this flaw to replace the Java Runtime\nEnvironment (JRE) XML Digital Signature Transform or C14N algorithm\nimplementations to intercept digital signature operations.\n(CVE-2010-4472)\n\nNote: All of the above flaws can only be remotely triggered in OpenJDK\nby calling the 'appletviewer' application.\n\nThis update also provides one defense in depth patch. (BZ#676019)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.", "edition": 10, "reporter": "Tenable", "published": "2011-02-18T00:00:00", "title": "RHEL 5 / 6 : java-1.6.0-openjdk (RHSA-2011:0281)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4470"], "modified": "2018-11-26T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo", "cpe:/o:redhat:enterprise_linux:5.6", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk", "cpe:/o:redhat:enterprise_linux:6.0", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-debuginfo"], "id": "REDHAT-RHSA-2011-0281.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=52020", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0281. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(52020);\n script_version (\"1.21\");\n script_cvs_date(\"Date: 2018/11/26 11:02:14\");\n\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4472\");\n script_bugtraq_id(46387, 46397, 46398, 46400, 46404, 46406);\n script_xref(name:\"RHSA\", value:\"2011:0281\");\n\n script_name(english:\"RHEL 5 / 6 : java-1.6.0-openjdk (RHSA-2011:0281)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nA flaw was found in the Swing library. Forged TimerEvents could be\nused to bypass SecurityManager checks, allowing access to otherwise\nblocked files and directories. (CVE-2010-4465)\n\nA flaw was found in the HotSpot component in OpenJDK. Certain bytecode\ninstructions confused the memory management within the Java Virtual\nMachine (JVM), which could lead to heap corruption. (CVE-2010-4469)\n\nA flaw was found in the way JAXP (Java API for XML Processing)\ncomponents were handled, allowing them to be manipulated by untrusted\napplets. This could be used to elevate privileges and bypass secure\nXML processing restrictions. (CVE-2010-4470)\n\nIt was found that untrusted applets could create and place cache\nentries in the name resolution cache. This could allow an attacker\ntargeted manipulation over name resolution until the OpenJDK VM is\nrestarted. (CVE-2010-4448)\n\nIt was found that the Java launcher provided by OpenJDK did not check\nthe LD_LIBRARY_PATH environment variable for insecure empty path\nelements. A local attacker able to trick a user into running the Java\nlauncher while working from an attacker-writable directory could use\nthis flaw to load an untrusted library, subverting the Java security\nmodel. (CVE-2010-4450)\n\nA flaw was found in the XML Digital Signature component in OpenJDK.\nUntrusted code could use this flaw to replace the Java Runtime\nEnvironment (JRE) XML Digital Signature Transform or C14N algorithm\nimplementations to intercept digital signature operations.\n(CVE-2010-4472)\n\nNote: All of the above flaws can only be remotely triggered in OpenJDK\nby calling the 'appletviewer' application.\n\nThis update also provides one defense in depth patch. (BZ#676019)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4448\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4465\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4472\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:0281\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/02/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0281\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.20.b17.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.20.b17.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.20.b17.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.20.b17.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.20.b17.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.20.b17.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.20.b17.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.20.b17.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.20.b17.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.20.b17.el5\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.39.b17.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.39.b17.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.39.b17.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.39.b17.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.39.b17.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.39.b17.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.39.b17.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.39.b17.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.39.b17.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.39.b17.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.39.b17.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.39.b17.el6_0\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:16:41", "references": ["https://oss.oracle.com/pipermail/el-errata/2011-February/001890.html", "https://oss.oracle.com/pipermail/el-errata/2011-February/001891.html"], "pluginID": "68205", "description": "From Red Hat Security Advisory 2011:0281 :\n\nUpdated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nA flaw was found in the Swing library. Forged TimerEvents could be\nused to bypass SecurityManager checks, allowing access to otherwise\nblocked files and directories. (CVE-2010-4465)\n\nA flaw was found in the HotSpot component in OpenJDK. Certain bytecode\ninstructions confused the memory management within the Java Virtual\nMachine (JVM), which could lead to heap corruption. (CVE-2010-4469)\n\nA flaw was found in the way JAXP (Java API for XML Processing)\ncomponents were handled, allowing them to be manipulated by untrusted\napplets. This could be used to elevate privileges and bypass secure\nXML processing restrictions. (CVE-2010-4470)\n\nIt was found that untrusted applets could create and place cache\nentries in the name resolution cache. This could allow an attacker\ntargeted manipulation over name resolution until the OpenJDK VM is\nrestarted. (CVE-2010-4448)\n\nIt was found that the Java launcher provided by OpenJDK did not check\nthe LD_LIBRARY_PATH environment variable for insecure empty path\nelements. A local attacker able to trick a user into running the Java\nlauncher while working from an attacker-writable directory could use\nthis flaw to load an untrusted library, subverting the Java security\nmodel. (CVE-2010-4450)\n\nA flaw was found in the XML Digital Signature component in OpenJDK.\nUntrusted code could use this flaw to replace the Java Runtime\nEnvironment (JRE) XML Digital Signature Transform or C14N algorithm\nimplementations to intercept digital signature operations.\n(CVE-2010-4472)\n\nNote: All of the above flaws can only be remotely triggered in OpenJDK\nby calling the 'appletviewer' application.\n\nThis update also provides one defense in depth patch. (BZ#676019)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.", "edition": 7, "reporter": "Tenable", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 / 6 : java-1.6.0-openjdk (ELSA-2011-0281)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4470"], "modified": "2018-08-09T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-devel", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-src", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-demo", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-javadoc"], "id": "ORACLELINUX_ELSA-2011-0281.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68205", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:0281 and \n# Oracle Linux Security Advisory ELSA-2011-0281 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68205);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/08/09 13:09:35\");\n\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4472\");\n script_bugtraq_id(46387, 46397, 46398, 46400, 46404, 46406);\n script_xref(name:\"RHSA\", value:\"2011:0281\");\n\n script_name(english:\"Oracle Linux 5 / 6 : java-1.6.0-openjdk (ELSA-2011-0281)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:0281 :\n\nUpdated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nA flaw was found in the Swing library. Forged TimerEvents could be\nused to bypass SecurityManager checks, allowing access to otherwise\nblocked files and directories. (CVE-2010-4465)\n\nA flaw was found in the HotSpot component in OpenJDK. Certain bytecode\ninstructions confused the memory management within the Java Virtual\nMachine (JVM), which could lead to heap corruption. (CVE-2010-4469)\n\nA flaw was found in the way JAXP (Java API for XML Processing)\ncomponents were handled, allowing them to be manipulated by untrusted\napplets. This could be used to elevate privileges and bypass secure\nXML processing restrictions. (CVE-2010-4470)\n\nIt was found that untrusted applets could create and place cache\nentries in the name resolution cache. This could allow an attacker\ntargeted manipulation over name resolution until the OpenJDK VM is\nrestarted. (CVE-2010-4448)\n\nIt was found that the Java launcher provided by OpenJDK did not check\nthe LD_LIBRARY_PATH environment variable for insecure empty path\nelements. A local attacker able to trick a user into running the Java\nlauncher while working from an attacker-writable directory could use\nthis flaw to load an untrusted library, subverting the Java security\nmodel. (CVE-2010-4450)\n\nA flaw was found in the XML Digital Signature component in OpenJDK.\nUntrusted code could use this flaw to replace the Java Runtime\nEnvironment (JRE) XML Digital Signature Transform or C14N algorithm\nimplementations to intercept digital signature operations.\n(CVE-2010-4472)\n\nNote: All of the above flaws can only be remotely triggered in OpenJDK\nby calling the 'appletviewer' application.\n\nThis update also provides one defense in depth patch. (BZ#676019)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-February/001890.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-February/001891.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.20.b17.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.20.b17.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.20.b17.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.20.b17.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.20.b17.0.1.el5\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.39.b17.el6_0\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.39.b17.el6_0\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.39.b17.el6_0\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.39.b17.el6_0\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.39.b17.el6_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:14:24", "references": ["http://www.nessus.org/u?e3b14f6e", "https://bugzilla.redhat.com/show_bug.cgi?id=676019"], "pluginID": "60963", "description": "A flaw was found in the Swing library. Forged TimerEvents could be\nused to bypass SecurityManager checks, allowing access to otherwise\nblocked files and directories. (CVE-2010-4465)\n\nA flaw was found in the HotSpot component in OpenJDK. Certain bytecode\ninstructions confused the memory management within the Java Virtual\nMachine (JVM), which could lead to heap corruption. (CVE-2010-4469)\n\nA flaw was found in the way JAXP (Java API for XML Processing)\ncomponents were handled, allowing them to be manipulated by untrusted\napplets. This could be used to elevate privileges and bypass secure\nXML processing restrictions. (CVE-2010-4470)\n\nIt was found that untrusted applets could create and place cache\nentries in the name resolution cache. This could allow an attacker\ntargeted manipulation over name resolution until the OpenJDK VM is\nrestarted. (CVE-2010-4448)\n\nIt was found that the Java launcher provided by OpenJDK did not check\nthe LD_LIBRARY_PATH environment variable for insecure empty path\nelements. A local attacker able to trick a user into running the Java\nlauncher while working from an attacker-writable directory could use\nthis flaw to load an untrusted library, subverting the Java security\nmodel. (CVE-2010-4450)\n\nA flaw was found in the XML Digital Signature component in OpenJDK.\nUntrusted code could use this flaw to replace the Java Runtime\nEnvironment (JRE) XML Digital Signature Transform or C14N algorithm\nimplementations to intercept digital signature operations.\n(CVE-2010-4472)\n\nNote: All of the above flaws can only be remotely triggered in OpenJDK\nby calling the 'appletviewer' application.\n\nThis update also provides one defense in depth patch. (BZ#676019)\n\nAll running instances of OpenJDK Java must be restarted for the update\nto take effect.", "edition": 8, "reporter": "Tenable", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4470"], "modified": "2018-12-31T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110217_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60963", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60963);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/12/31 11:35:00\");\n\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4472\");\n\n script_name(english:\"Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the Swing library. Forged TimerEvents could be\nused to bypass SecurityManager checks, allowing access to otherwise\nblocked files and directories. (CVE-2010-4465)\n\nA flaw was found in the HotSpot component in OpenJDK. Certain bytecode\ninstructions confused the memory management within the Java Virtual\nMachine (JVM), which could lead to heap corruption. (CVE-2010-4469)\n\nA flaw was found in the way JAXP (Java API for XML Processing)\ncomponents were handled, allowing them to be manipulated by untrusted\napplets. This could be used to elevate privileges and bypass secure\nXML processing restrictions. (CVE-2010-4470)\n\nIt was found that untrusted applets could create and place cache\nentries in the name resolution cache. This could allow an attacker\ntargeted manipulation over name resolution until the OpenJDK VM is\nrestarted. (CVE-2010-4448)\n\nIt was found that the Java launcher provided by OpenJDK did not check\nthe LD_LIBRARY_PATH environment variable for insecure empty path\nelements. A local attacker able to trick a user into running the Java\nlauncher while working from an attacker-writable directory could use\nthis flaw to load an untrusted library, subverting the Java security\nmodel. (CVE-2010-4450)\n\nA flaw was found in the XML Digital Signature component in OpenJDK.\nUntrusted code could use this flaw to replace the Java Runtime\nEnvironment (JRE) XML Digital Signature Transform or C14N algorithm\nimplementations to intercept digital signature operations.\n(CVE-2010-4472)\n\nNote: All of the above flaws can only be remotely triggered in OpenJDK\nby calling the 'appletviewer' application.\n\nThis update also provides one defense in depth patch. (BZ#676019)\n\nAll running instances of OpenJDK Java must be restarted for the update\nto take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=676019\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1102&L=scientific-linux-errata&T=0&P=1369\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e3b14f6e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.20.b17.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.20.b17.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.20.b17.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.20.b17.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.20.b17.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:11:59", "references": ["http://www.nessus.org/u?2ed2b1b4", "http://www.nessus.org/u?1285f749"], "pluginID": "53421", "description": "Updated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nA flaw was found in the Swing library. Forged TimerEvents could be\nused to bypass SecurityManager checks, allowing access to otherwise\nblocked files and directories. (CVE-2010-4465)\n\nA flaw was found in the HotSpot component in OpenJDK. Certain bytecode\ninstructions confused the memory management within the Java Virtual\nMachine (JVM), which could lead to heap corruption. (CVE-2010-4469)\n\nA flaw was found in the way JAXP (Java API for XML Processing)\ncomponents were handled, allowing them to be manipulated by untrusted\napplets. This could be used to elevate privileges and bypass secure\nXML processing restrictions. (CVE-2010-4470)\n\nIt was found that untrusted applets could create and place cache\nentries in the name resolution cache. This could allow an attacker\ntargeted manipulation over name resolution until the OpenJDK VM is\nrestarted. (CVE-2010-4448)\n\nIt was found that the Java launcher provided by OpenJDK did not check\nthe LD_LIBRARY_PATH environment variable for insecure empty path\nelements. A local attacker able to trick a user into running the Java\nlauncher while working from an attacker-writable directory could use\nthis flaw to load an untrusted library, subverting the Java security\nmodel. (CVE-2010-4450)\n\nA flaw was found in the XML Digital Signature component in OpenJDK.\nUntrusted code could use this flaw to replace the Java Runtime\nEnvironment (JRE) XML Digital Signature Transform or C14N algorithm\nimplementations to intercept digital signature operations.\n(CVE-2010-4472)\n\nNote: All of the above flaws can only be remotely triggered in OpenJDK\nby calling the 'appletviewer' application.\n\nThis update also provides one defense in depth patch. (BZ#676019)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.", "edition": 9, "reporter": "Tenable", "published": "2011-04-15T00:00:00", "title": "CentOS 5 : java-1.6.0-openjdk (CESA-2011:0281)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4470"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:centos:centos:java-1.6.0-openjdk", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-src", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2011-0281.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=53421", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0281 and \n# CentOS Errata and Security Advisory 2011:0281 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53421);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/11/10 11:49:29\");\n\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4472\");\n script_bugtraq_id(46387, 46397, 46398, 46400, 46404, 46406);\n script_xref(name:\"RHSA\", value:\"2011:0281\");\n\n script_name(english:\"CentOS 5 : java-1.6.0-openjdk (CESA-2011:0281)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nA flaw was found in the Swing library. Forged TimerEvents could be\nused to bypass SecurityManager checks, allowing access to otherwise\nblocked files and directories. (CVE-2010-4465)\n\nA flaw was found in the HotSpot component in OpenJDK. Certain bytecode\ninstructions confused the memory management within the Java Virtual\nMachine (JVM), which could lead to heap corruption. (CVE-2010-4469)\n\nA flaw was found in the way JAXP (Java API for XML Processing)\ncomponents were handled, allowing them to be manipulated by untrusted\napplets. This could be used to elevate privileges and bypass secure\nXML processing restrictions. (CVE-2010-4470)\n\nIt was found that untrusted applets could create and place cache\nentries in the name resolution cache. This could allow an attacker\ntargeted manipulation over name resolution until the OpenJDK VM is\nrestarted. (CVE-2010-4448)\n\nIt was found that the Java launcher provided by OpenJDK did not check\nthe LD_LIBRARY_PATH environment variable for insecure empty path\nelements. A local attacker able to trick a user into running the Java\nlauncher while working from an attacker-writable directory could use\nthis flaw to load an untrusted library, subverting the Java security\nmodel. (CVE-2010-4450)\n\nA flaw was found in the XML Digital Signature component in OpenJDK.\nUntrusted code could use this flaw to replace the Java Runtime\nEnvironment (JRE) XML Digital Signature Transform or C14N algorithm\nimplementations to intercept digital signature operations.\n(CVE-2010-4472)\n\nNote: All of the above flaws can only be remotely triggered in OpenJDK\nby calling the 'appletviewer' application.\n\nThis update also provides one defense in depth patch. (BZ#676019)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-April/017313.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2ed2b1b4\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-April/017314.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1285f749\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.20.b17.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.20.b17.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.20.b17.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.20.b17.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.20.b17.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:49:22", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.39.b17.el6_0", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.39.b17.el6_0.i686.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.20.b17.0.1.el5", "arch": "i386", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.20.b17.0.1.el5.i386.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.20.b17.0.1.el5", "arch": "i386", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.20.b17.0.1.el5.i386.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.20.b17.0.1.el5", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.20.b17.0.1.el5.x86_64.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.39.b17.el6_0", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.39.b17.el6_0.x86_64.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.39.b17.el6_0", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.39.b17.el6_0.i686.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.39.b17.el6_0", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.39.b17.el6_0.x86_64.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.20.b17.0.1.el5", "arch": "i386", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.20.b17.0.1.el5.i386.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.20.b17.0.1.el5", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.20.b17.0.1.el5.x86_64.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.39.b17.el6_0", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.39.b17.el6_0.x86_64.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.39.b17.el6_0", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.39.b17.el6_0.x86_64.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.39.b17.el6_0", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.39.b17.el6_0.i686.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.20.b17.0.1.el5", "arch": "i386", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.20.b17.0.1.el5.i386.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.39.b17.el6_0", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.39.b17.el6_0.i686.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.20.b17.0.1.el5", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.20.b17.0.1.el5.x86_64.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.20.b17.0.1.el5", "arch": "src", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.20.b17.0.1.el5.src.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.20.b17.0.1.el5", "arch": "src", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.20.b17.0.1.el5.src.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.20.b17.0.1.el5", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.20.b17.0.1.el5.x86_64.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.39.b17.el6_0", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.39.b17.el6_0.x86_64.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.20.b17.0.1.el5", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.20.b17.0.1.el5.x86_64.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.39.b17.el6_0", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.39.b17.el6_0.i686.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.20.b17.0.1.el5", "arch": "i386", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.20.b17.0.1.el5.i386.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.39.b17.el6_0", "arch": "src", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.39.b17.el6_0.src.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.39.b17.el6_0", "arch": "src", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.39.b17.el6_0.src.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}], "description": "[1.6.0.0-1.39.b17]\n- respin of IcedTea6 1.7.10\n- Resolves: rhbz#676276\n[1.6.0.0-1.37.b17]\n- Updated to IcedTea6 1.7.10\n- Resolves: rhbz#676276", "edition": 3, "reporter": "Oracle", "published": "2011-02-17T00:00:00", "title": "java-1.6.0-openjdk security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4470"], "modified": "2011-02-17T00:00:00", "id": "ELSA-2011-0281", "href": "http://linux.oracle.com/errata/ELSA-2011-0281.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-12-11T19:40:51", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.0-1.20.b17.el5", "arch": "i386", "packageName": "java-1.6.0-openjdk", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.20.b17.el5.i386.rpm", "operator": "lt"}], "description": "These packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nA flaw was found in the Swing library. Forged TimerEvents could be used to\nbypass SecurityManager checks, allowing access to otherwise blocked files\nand directories. (CVE-2010-4465)\n\nA flaw was found in the HotSpot component in OpenJDK. Certain bytecode\ninstructions confused the memory management within the Java Virtual Machine\n(JVM), which could lead to heap corruption. (CVE-2010-4469)\n\nA flaw was found in the way JAXP (Java API for XML Processing) components\nwere handled, allowing them to be manipulated by untrusted applets. This\ncould be used to elevate privileges and bypass secure XML processing\nrestrictions. (CVE-2010-4470)\n\nIt was found that untrusted applets could create and place cache entries in\nthe name resolution cache. This could allow an attacker targeted\nmanipulation over name resolution until the OpenJDK VM is restarted.\n(CVE-2010-4448)\n\nIt was found that the Java launcher provided by OpenJDK did not check the\nLD_LIBRARY_PATH environment variable for insecure empty path elements. A\nlocal attacker able to trick a user into running the Java launcher while\nworking from an attacker-writable directory could use this flaw to load an\nuntrusted library, subverting the Java security model. (CVE-2010-4450)\n\nA flaw was found in the XML Digital Signature component in OpenJDK.\nUntrusted code could use this flaw to replace the Java Runtime Environment\n(JRE) XML Digital Signature Transform or C14N algorithm implementations to\nintercept digital signature operations. (CVE-2010-4472)\n\nNote: All of the above flaws can only be remotely triggered in OpenJDK by\ncalling the \"appletviewer\" application.\n\nThis update also provides one defense in depth patch. (BZ#676019)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "reporter": "RedHat", "published": "2011-02-17T05:00:00", "type": "redhat", "title": "(RHSA-2011:0281) Important: java-1.6.0-openjdk security update", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-4448", "CVE-2010-4450", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4470", "CVE-2010-4472"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:25", "id": "RHSA-2011:0281", "href": "https://access.redhat.com/errata/RHSA-2011:0281", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:42:18", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.24-1jpp.1.el6", "arch": "x86_64", "packageName": "java-1.6.0-sun-jdbc", "packageFilename": "java-1.6.0-sun-jdbc-1.6.0.24-1jpp.1.el6.x86_64.rpm", "operator": "lt"}], "description": "The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and\nthe Sun Java 6 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 6 Runtime\nEnvironment and the Sun Java 6 Software Development Kit. Further\ninformation about these flaws can be found on the \"Oracle Java SE and Java\nfor Business Critical Patch Update Advisory\" page, listed in the References\nsection. (CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4450,\nCVE-2010-4451, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463,\nCVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4469,\nCVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4475,\nCVE-2010-4476)\n\nAll users of java-1.6.0-sun are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of Sun Java\nmust be restarted for the update to take effect.\n", "reporter": "RedHat", "published": "2011-02-17T05:00:00", "type": "redhat", "title": "(RHSA-2011:0282) Critical: java-1.6.0-sun security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-4422", "CVE-2010-4447", "CVE-2010-4448", "CVE-2010-4450", "CVE-2010-4451", "CVE-2010-4452", "CVE-2010-4454", "CVE-2010-4462", "CVE-2010-4463", "CVE-2010-4465", "CVE-2010-4466", "CVE-2010-4467", "CVE-2010-4468", "CVE-2010-4469", "CVE-2010-4470", "CVE-2010-4471", "CVE-2010-4472", "CVE-2010-4473", "CVE-2010-4475", "CVE-2010-4476"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T09:04:34", "id": "RHSA-2011:0282", "href": "https://access.redhat.com/errata/RHSA-2011:0282", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:41:27", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.12.4-1jpp.1.el5", "arch": "i386", "packageName": "java-1.5.0-ibm", "packageFilename": "java-1.5.0-ibm-1.5.0.12.4-1jpp.1.el5.i386.rpm", "operator": "lt"}], "description": "The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM \"Security alerts\" page,\nlisted in the References section. (CVE-2010-4447, CVE-2010-4448,\nCVE-2010-4450, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465, CVE-2010-4466,\nCVE-2010-4468, CVE-2010-4471, CVE-2010-4473, CVE-2010-4475)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR12-FP4 Java release. All running\ninstances of IBM Java must be restarted for this update to take effect.\n", "reporter": "RedHat", "published": "2011-03-17T04:00:00", "type": "redhat", "title": "(RHSA-2011:0364) Critical: java-1.5.0-ibm security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-4447", "CVE-2010-4448", "CVE-2010-4450", "CVE-2010-4454", "CVE-2010-4462", "CVE-2010-4465", "CVE-2010-4466", "CVE-2010-4468", "CVE-2010-4471", "CVE-2010-4473", "CVE-2010-4475"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T09:04:30", "id": "RHSA-2011:0364", "href": "https://access.redhat.com/errata/RHSA-2011:0364", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:42:42", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.9.sap-1jpp.1.el5", "arch": "x86_64", "packageName": "java-1.4.2-ibm-sap", "packageFilename": "java-1.4.2-ibm-sap-1.4.2.13.9.sap-1jpp.1.el5.x86_64.rpm", "operator": "lt"}], "description": "The IBM 1.4.2 SR13-FP9 Java release includes the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM \"Security alerts\" page,\nlisted in the References section. (CVE-2010-4447, CVE-2010-4448,\nCVE-2010-4454, CVE-2010-4462, CVE-2010-4465, CVE-2010-4466, CVE-2010-4473,\nCVE-2010-4475, CVE-2011-0311)\n\nAll users of java-1.4.2-ibm-sap for Red Hat Enterprise Linux 4, 5 and 6 for\nSAP are advised to upgrade to these updated packages, which contain the IBM\n1.4.2 SR13-FP9 Java release. All running instances of IBM Java must be\nrestarted for this update to take effect.\n", "reporter": "RedHat", "published": "2011-06-15T04:00:00", "type": "redhat", "title": "(RHSA-2011:0870) Moderate: java-1.4.2-ibm-sap security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-4447", "CVE-2010-4448", "CVE-2010-4454", "CVE-2010-4462", "CVE-2010-4465", "CVE-2010-4466", "CVE-2010-4473", "CVE-2010-4475", "CVE-2011-0311"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-09T14:15:18", "id": "RHSA-2011:0870", "href": "https://access.redhat.com/errata/RHSA-2011:0870", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:45:48", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.4.2.13.9-1jpp.1.el5", "arch": "i386", "packageName": "java-1.4.2-ibm", "packageFilename": "java-1.4.2-ibm-1.4.2.13.9-1jpp.1.el5.i386.rpm", "operator": "lt"}], "description": "The IBM 1.4.2 SR13-FP9 Java release includes the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM \"Security alerts\" page,\nlisted in the References section. (CVE-2010-4447, CVE-2010-4448,\nCVE-2010-4454, CVE-2010-4462, CVE-2010-4465, CVE-2010-4466, CVE-2010-4473,\nCVE-2010-4475, CVE-2011-0311)\n\nAll users of java-1.4.2-ibm are advised to upgrade to these updated\npackages, which contain the IBM 1.4.2 SR13-FP9 Java release. All running\ninstances of IBM Java must be restarted for this update to take effect.\n", "reporter": "RedHat", "published": "2011-05-05T04:00:00", "type": "redhat", "title": "(RHSA-2011:0490) Critical: java-1.4.2-ibm security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-4447", "CVE-2010-4448", "CVE-2010-4454", "CVE-2010-4462", "CVE-2010-4465", "CVE-2010-4466", "CVE-2010-4473", "CVE-2010-4475", "CVE-2011-0311"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T11:51:22", "id": "RHSA-2011:0490", "href": "https://access.redhat.com/errata/RHSA-2011:0490", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:42:50", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.1-1jpp.1.el5", "arch": "i386", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el5.i386.rpm", "operator": "lt"}], "description": "The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM \"Security alerts\" page,\nlisted in the References section. (CVE-2010-4422, CVE-2010-4447,\nCVE-2010-4448, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463,\nCVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4471,\nCVE-2010-4473, CVE-2010-4475)\n\nNote: The RHSA-2010:0987 and RHSA-2011:0290 java-1.6.0-ibm errata were\nmissing 64-bit PowerPC packages for Red Hat Enterprise Linux 4 Extras. This\nerratum provides 64-bit PowerPC packages for Red Hat Enterprise Linux 4\nExtras as expected.\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.6.0 SR9-FP1 Java release. All running\ninstances of IBM Java must be restarted for the update to take effect.\n", "reporter": "RedHat", "published": "2011-03-16T04:00:00", "type": "redhat", "title": "(RHSA-2011:0357) Critical: java-1.6.0-ibm security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-4422", "CVE-2010-4447", "CVE-2010-4448", "CVE-2010-4452", "CVE-2010-4454", "CVE-2010-4462", "CVE-2010-4463", "CVE-2010-4465", "CVE-2010-4466", "CVE-2010-4467", "CVE-2010-4468", "CVE-2010-4471", "CVE-2010-4473", "CVE-2010-4475"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T09:04:29", "id": "RHSA-2011:0357", "href": "https://access.redhat.com/errata/RHSA-2011:0357", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:43:49", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.9.1-1jpp.1.el5", "arch": "i386", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el5.i386.rpm", "operator": "lt"}], "description": "This update corrects several security vulnerabilities in the IBM Java\nRuntime Environment shipped as part of Red Hat Network Satellite 5.4.1. In\na typical operating environment, these are of low security risk as the\nruntime is not used on untrusted applets.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment. Detailed vulnerability descriptions are linked from the IBM\n\"Security alerts\" page, listed in the References section. (CVE-2009-3555,\nCVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550,\nCVE-2010-3551, CVE-2010-3553, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557,\nCVE-2010-3558, CVE-2010-3560, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565,\nCVE-2010-3566, CVE-2010-3568, CVE-2010-3569, CVE-2010-3571, CVE-2010-3572,\nCVE-2010-3573, CVE-2010-3574, CVE-2010-4422, CVE-2010-4447, CVE-2010-4448,\nCVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465,\nCVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4471, CVE-2010-4473,\nCVE-2010-4475, CVE-2010-4476)\n\nUsers of Red Hat Network Satellite 5.4.1 are advised to upgrade to these\nupdated java-1.6.0-ibm packages, which contain the IBM 1.6.0 SR9-FP1 Java\nrelease. For this update to take effect, Red Hat Network Satellite must be\nrestarted. Refer to the Solution section for details.\n", "reporter": "RedHat", "published": "2011-06-16T04:00:00", "type": "redhat", "title": "(RHSA-2011:0880) Low: Red Hat Network Satellite server IBM Java Runtime security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555", "CVE-2010-1321", "CVE-2010-3541", "CVE-2010-3548", "CVE-2010-3549", "CVE-2010-3550", "CVE-2010-3551", "CVE-2010-3553", "CVE-2010-3555", "CVE-2010-3556", "CVE-2010-3557", "CVE-2010-3558", "CVE-2010-3560", "CVE-2010-3562", "CVE-2010-3563", "CVE-2010-3565", "CVE-2010-3566", "CVE-2010-3568", "CVE-2010-3569", "CVE-2010-3571", "CVE-2010-3572", "CVE-2010-3573", "CVE-2010-3574", "CVE-2010-4422", "CVE-2010-4447", "CVE-2010-4448", "CVE-2010-4452", "CVE-2010-4454", "CVE-2010-4462", "CVE-2010-4463", "CVE-2010-4465", "CVE-2010-4466", "CVE-2010-4467", "CVE-2010-4468", "CVE-2010-4471", "CVE-2010-4473", "CVE-2010-4475", "CVE-2010-4476"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2016-04-04T18:36:46", "id": "RHSA-2011:0880", "href": "https://access.redhat.com/errata/RHSA-2011:0880", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:24:36", "references": ["https://rhn.redhat.com/errata/RHSA-2011-0281.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.20.b17.el5", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.20.b17.el5.i386.rpm", "packageName": "java-1.6.0-openjdk-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.20.b17.el5", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.20.b17.el5.i386.rpm", "packageName": "java-1.6.0-openjdk-src", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.20.b17.el5", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.20.b17.el5.x86_64.rpm", "packageName": "java-1.6.0-openjdk-demo", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.20.b17.el5", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.20.b17.el5.src.rpm", "packageName": "java-1.6.0-openjdk", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.20.b17.el5", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.20.b17.el5.src.rpm", "packageName": "java-1.6.0-openjdk", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.20.b17.el5", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.20.b17.el5.i386.rpm", "packageName": "java-1.6.0-openjdk-demo", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.20.b17.el5", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.20.b17.el5.x86_64.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.20.b17.el5", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.20.b17.el5.i386.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.20.b17.el5", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.20.b17.el5.i386.rpm", "packageName": "java-1.6.0-openjdk", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.20.b17.el5", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.20.b17.el5.x86_64.rpm", "packageName": "java-1.6.0-openjdk-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.20.b17.el5", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.20.b17.el5.x86_64.rpm", "packageName": "java-1.6.0-openjdk", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.20.b17.el5", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.20.b17.el5.x86_64.rpm", "packageName": "java-1.6.0-openjdk-src", "arch": "x86_64", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2011:0281\n\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nA flaw was found in the Swing library. Forged TimerEvents could be used to\nbypass SecurityManager checks, allowing access to otherwise blocked files\nand directories. (CVE-2010-4465)\n\nA flaw was found in the HotSpot component in OpenJDK. Certain bytecode\ninstructions confused the memory management within the Java Virtual Machine\n(JVM), which could lead to heap corruption. (CVE-2010-4469)\n\nA flaw was found in the way JAXP (Java API for XML Processing) components\nwere handled, allowing them to be manipulated by untrusted applets. This\ncould be used to elevate privileges and bypass secure XML processing\nrestrictions. (CVE-2010-4470)\n\nIt was found that untrusted applets could create and place cache entries in\nthe name resolution cache. This could allow an attacker targeted\nmanipulation over name resolution until the OpenJDK VM is restarted.\n(CVE-2010-4448)\n\nIt was found that the Java launcher provided by OpenJDK did not check the\nLD_LIBRARY_PATH environment variable for insecure empty path elements. A\nlocal attacker able to trick a user into running the Java launcher while\nworking from an attacker-writable directory could use this flaw to load an\nuntrusted library, subverting the Java security model. (CVE-2010-4450)\n\nA flaw was found in the XML Digital Signature component in OpenJDK.\nUntrusted code could use this flaw to replace the Java Runtime Environment\n(JRE) XML Digital Signature Transform or C14N algorithm implementations to\nintercept digital signature operations. (CVE-2010-4472)\n\nNote: All of the above flaws can only be remotely triggered in OpenJDK by\ncalling the \"appletviewer\" application.\n\nThis update also provides one defense in depth patch. (BZ#676019)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-April/017313.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-April/017314.html\n\n**Affected packages:**\njava-1.6.0-openjdk\njava-1.6.0-openjdk-demo\njava-1.6.0-openjdk-devel\njava-1.6.0-openjdk-javadoc\njava-1.6.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-0281.html", "edition": 1, "reporter": "CentOS Project", "published": "2011-04-14T10:33:37", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "java security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4470"], "modified": "2011-04-14T10:33:37", "href": "http://lists.centos.org/pipermail/centos-announce/2011-April/017313.html", "id": "CESA-2011:0281", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2017-12-22T12:41:50", "references": ["http://www.debian.org/security/2011/dsa-2224", "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html", "http://www.redhat.com/support/errata/RHSA-2011-0880.html", "http://www.redhat.com/support/errata/RHSA-2011-0282.html", "http://marc.info/?l=bugtraq&m=134254957702612&w=2", "https://exchange.xforce.ibmcloud.com/vulnerabilities/65405", "http://marc.info/?l=bugtraq&m=134254866602253&w=2", "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html", "http://www.securityfocus.com/bid/46399", "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054", "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html", "http://security.gentoo.org/glsa/glsa-201406-32.xml", "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html"], "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to 2D. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the exposure of system properties via vectors related to Font.createFont and exception text.", "edition": 4, "reporter": "NVD", "published": "2011-02-17T14:00:01", "title": "CVE-2010-4471", "type": "cve", "enchantments": {"score": {"modified": "2017-12-22T12:41:50", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:12089", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12089"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-4471"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:14417", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:14417"}], "modified": "2017-12-21T21:29:02", "cpe": ["cpe:/a:sun:jdk:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_20", "cpe:/a:sun:jdk:1.6.0:update1_b06", "cpe:/a:sun:jdk:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update26", "cpe:/a:sun:jdk:1.6.0:update_17", "cpe:/a:sun:jre:1.6.0:update_22", "cpe:/a:sun:jdk:1.5.0:update3", "cpe:/a:sun:jre:1.6.0:update_2", "cpe:/a:sun:jre:1.6.0:update_7", "cpe:/a:sun:jdk:1.5.0:update27", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jdk:1.5.0:update8", "cpe:/a:sun:jre:1.6.0:update_17", "cpe:/a:sun:jre:1.5.0:update3", "cpe:/a:sun:jdk:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update13", "cpe:/a:sun:jre:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update26", "cpe:/a:sun:jdk:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_19", "cpe:/a:sun:jre:1.6.0:update_13", "cpe:/a:sun:jdk:1.6.0:update2", "cpe:/a:sun:jre:1.5.0:update18", "cpe:/a:sun:jre:1.6.0:update_3", "cpe:/a:sun:jre:1.6.0:update_1", "cpe:/a:sun:jre:1.5.0:update19", "cpe:/a:sun:jre:1.5.0:update27", "cpe:/a:sun:jdk:1.6.0:update_15", "cpe:/a:sun:jdk:1.5.0:update25", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jdk:1.6.0:update_20", "cpe:/a:sun:jdk:1.5.0:update24", "cpe:/a:sun:jdk:1.6.0:update_5", "cpe:/a:sun:jre:1.5.0:update14", "cpe:/a:sun:jre:1.6.0:update_4", "cpe:/a:sun:jre:1.6.0:update_11", "cpe:/a:sun:jdk:1.5.0:update23", "cpe:/a:sun:jre:1.5.0:update6", "cpe:/a:sun:jre:1.6.0:update_10", "cpe:/a:sun:jdk:1.6.0:update_16", "cpe:/a:sun:jdk:1.6.0:update_18", "cpe:/a:sun:jre:1.5.0:update4", "cpe:/a:sun:jdk:1.6.0:update_4", "cpe:/a:sun:jre:1.6.0:update_23", "cpe:/a:sun:jdk:1.6.0:update_11", "cpe:/a:sun:jre:1.5.0:update17", "cpe:/a:sun:jre:1.5.0:update8", "cpe:/a:sun:jdk:1.5.0:update11", "cpe:/a:sun:jdk:1.5.0:update6", "cpe:/a:sun:jdk:1.6.0:update_21", "cpe:/a:sun:jdk:1.5.0:update13", "cpe:/a:sun:jdk:1.5.0:update17", "cpe:/a:sun:jdk:1.5.0:update10", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:jdk:1.6.0:update_13", "cpe:/a:sun:jre:1.5.0:update1", "cpe:/a:sun:jdk:1.5.0:update21", "cpe:/a:sun:jdk:1.6.0:update_23", "cpe:/a:sun:jdk:1.6.0:update1", "cpe:/a:sun:jdk:1.6.0:update_6", "cpe:/a:sun:jre:1.6.0:update_5", "cpe:/a:sun:jdk:1.5.0:update4", "cpe:/a:sun:jre:1.5.0:update15", "cpe:/a:sun:jdk:1.5.0:update1", "cpe:/a:sun:jdk:1.5.0:update20", "cpe:/a:sun:jre:1.5.0:update24", "cpe:/a:sun:jre:1.6.0:update_19", "cpe:/a:sun:jre:1.5.0:update7", "cpe:/a:sun:jdk:1.6.0:update_10", "cpe:/a:sun:jre:1.5.0:update10", "cpe:/a:sun:jdk:1.6.0:update_12", "cpe:/a:sun:jre:1.6.0:update_16", "cpe:/a:sun:jdk:1.5.0:update2", "cpe:/a:sun:jre:1.5.0:update2", "cpe:/a:sun:jdk:1.5.0:update7", "cpe:/a:sun:jre:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update22", "cpe:/a:sun:jdk:1.5.0:update14", "cpe:/a:sun:jre:1.5.0:update23", "cpe:/a:sun:jre:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_18", "cpe:/a:sun:jre:1.6.0:update_14", "cpe:/a:sun:jdk:1.5.0:update15", "cpe:/a:sun:jre:1.6.0:update_12", "cpe:/a:sun:jre:1.5.0:update22", "cpe:/a:sun:jre:1.6.0:update_6", "cpe:/a:sun:jdk:1.5.0:update5", "cpe:/a:sun:jre:1.6.0:update_21", "cpe:/a:sun:jre:1.5.0:update25", "cpe:/a:sun:jdk:1.6.0:update_3", "cpe:/a:sun:jre:1.5.0:update21", "cpe:/a:sun:jre:1.5.0:update5", "cpe:/a:sun:jre:1.6.0:update_15", "cpe:/a:sun:jre:1.5.0:update11", "cpe:/a:sun:jdk:1.5.0:update18", "cpe:/a:sun:jdk:1.6.0:update_14", "cpe:/a:sun:jre:1.5.0:update20", "cpe:/a:sun:jdk:1.5.0:update19", "cpe:/a:sun:jdk:1.6.0:update_7"], "id": "CVE-2010-4471", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4471", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-11-01T05:12:50", "references": ["http://www.debian.org/security/2011/dsa-2224", "http://www.redhat.com/support/errata/RHSA-2011-0281.html", "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html", "http://www.redhat.com/support/errata/RHSA-2011-0880.html", "http://www.redhat.com/support/errata/RHSA-2011-0282.html", "http://marc.info/?l=bugtraq&m=134254957702612&w=2", "http://marc.info/?l=bugtraq&m=133728004526190&w=2", "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html", "http://marc.info/?l=bugtraq&m=134254866602253&w=2", "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html", "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054", "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html", "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html", "http://security.gentoo.org/glsa/glsa-201406-32.xml", "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html"], "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves \"DNS cache poisoning by untrusted applets.\"", "edition": 4, "reporter": "NVD", "published": "2011-02-17T14:00:01", "title": "CVE-2010-4448", "type": "cve", "enchantments": {"score": {"modified": "2018-11-01T05:12:50", "vector": "NONE", "value": 4.3}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:12906", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12906"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-4448"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:12906", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:12906"}], "modified": "2018-10-30T12:26:21", "cpe": ["cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jdk:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_20", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:sdk:1.4.2_23", "cpe:/a:sun:jdk:1.6.0:update1_b06", "cpe:/a:sun:jdk:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update26", "cpe:/a:sun:jdk:1.6.0:update_17", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:jre:1.6.0:update_22", "cpe:/a:sun:sdk:1.4.2_29", "cpe:/a:sun:jdk:1.5.0:update3", "cpe:/a:sun:jre:1.6.0:update_2", "cpe:/a:sun:jre:1.6.0:update_7", "cpe:/a:sun:jdk:1.5.0:update27", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jdk:1.5.0:update8", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.6.0:update_17", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.5.0:update3", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:sun:jdk:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update13", "cpe:/a:sun:jre:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update26", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jdk:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_19", "cpe:/a:sun:jre:1.6.0:update_13", "cpe:/a:sun:jdk:1.6.0:update2", "cpe:/a:sun:jre:1.5.0:update18", "cpe:/a:sun:jre:1.6.0:update_3", "cpe:/a:sun:jre:1.6.0:update_1", "cpe:/a:sun:jre:1.5.0:update19", "cpe:/a:sun:jre:1.5.0:update27", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:jdk:1.6.0:update_15", "cpe:/a:sun:jdk:1.5.0:update25", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jdk:1.6.0:update_20", "cpe:/a:sun:jdk:1.5.0:update24", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jdk:1.6.0:update_5", "cpe:/a:sun:jre:1.5.0:update14", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:jre:1.6.0:update_4", "cpe:/a:sun:sdk:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:jre:1.6.0:update_11", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:jdk:1.5.0:update23", "cpe:/a:sun:jre:1.5.0:update6", "cpe:/a:sun:jre:1.6.0:update_10", "cpe:/a:sun:jdk:1.6.0:update_16", "cpe:/a:sun:jdk:1.6.0:update_18", "cpe:/a:sun:jre:1.5.0:update4", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:sdk:1.4.2_24", "cpe:/a:sun:jdk:1.6.0:update_4", "cpe:/a:sun:jre:1.6.0:update_23", "cpe:/a:sun:jdk:1.6.0:update_11", "cpe:/a:sun:jre:1.5.0:update17", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:jre:1.5.0:update8", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:jdk:1.5.0:update11", "cpe:/a:sun:jdk:1.5.0:update6", "cpe:/a:sun:jdk:1.6.0:update_21", "cpe:/a:sun:sdk:1.4.2_27", "cpe:/a:sun:jre:1.4.2_25", "cpe:/a:sun:jdk:1.5.0:update13", "cpe:/a:sun:jdk:1.5.0:update17", "cpe:/a:sun:jdk:1.5.0:update10", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:jre:1.4.2_29", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:sdk:1.4.2_20", "cpe:/a:sun:jdk:1.6.0:update_13", "cpe:/a:sun:jre:1.5.0:update1", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:jdk:1.5.0:update21", "cpe:/a:sun:jdk:1.6.0:update_23", "cpe:/a:sun:jre:1.4.2_26", "cpe:/a:sun:jre:1.4.2_27", "cpe:/a:sun:jdk:1.6.0:update1", "cpe:/a:sun:sdk:1.4.2_22", "cpe:/a:sun:jdk:1.6.0:update_6", "cpe:/a:sun:jre:1.6.0:update_5", "cpe:/a:sun:jdk:1.5.0:update4", "cpe:/a:sun:jre:1.5.0:update15", "cpe:/a:sun:jdk:1.5.0:update1", "cpe:/a:sun:sdk:1.4.2_02", "cpe:/a:sun:sdk:1.4.2_28", "cpe:/a:sun:jdk:1.5.0:update20", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:jre:1.5.0:update24", "cpe:/a:sun:jre:1.6.0:update_19", "cpe:/a:sun:jre:1.5.0:update7", "cpe:/a:sun:jdk:1.6.0:update_10", "cpe:/a:sun:jre:1.5.0:update10", "cpe:/a:sun:jdk:1.6.0:update_12", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:1.6.0:update_16", "cpe:/a:sun:jre:1.4.2_28", "cpe:/a:sun:jdk:1.5.0:update2", "cpe:/a:sun:jre:1.5.0:update2", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:jdk:1.5.0:update7", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:jre:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update22", "cpe:/a:sun:jdk:1.5.0:update14", "cpe:/a:sun:jre:1.5.0:update23", "cpe:/a:sun:jre:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_18", "cpe:/a:sun:jre:1.6.0:update_14", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:jdk:1.5.0:update15", "cpe:/a:sun:jre:1.4.2", "cpe:/a:sun:jre:1.6.0:update_12", "cpe:/a:sun:jre:1.5.0:update22", "cpe:/a:sun:jre:1.6.0:update_6", "cpe:/a:sun:jdk:1.5.0:update5", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:sun:sdk:1.4.2_25", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:jre:1.6.0:update_21", "cpe:/a:sun:sdk:1.4.2_21", "cpe:/a:sun:jre:1.5.0:update25", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jre:1.4.2_23", "cpe:/a:sun:jdk:1.6.0:update_3", "cpe:/a:sun:jre:1.5.0:update21", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.5.0:update5", "cpe:/a:sun:jre:1.6.0:update_15", "cpe:/a:sun:jre:1.5.0:update11", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:sdk:1.4.2_26", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.4.2_24", "cpe:/a:sun:jdk:1.5.0:update18", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:jdk:1.6.0:update_14", "cpe:/a:sun:sdk:1.4.2", "cpe:/a:sun:jre:1.5.0:update20", "cpe:/a:sun:sdk:1.4.2_15", "cpe:/a:sun:jdk:1.5.0:update19", "cpe:/a:sun:jdk:1.6.0:update_7"], "id": "CVE-2010-4448", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4448", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-11-01T05:12:50", "references": ["http://www.debian.org/security/2011/dsa-2224", "http://www.redhat.com/support/errata/RHSA-2011-0281.html", "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html", "http://www.redhat.com/support/errata/RHSA-2011-0880.html", "http://www.redhat.com/support/errata/RHSA-2011-0282.html", "http://marc.info/?l=bugtraq&m=134254957702612&w=2", "http://marc.info/?l=bugtraq&m=133728004526190&w=2", "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html", "http://marc.info/?l=bugtraq&m=134254866602253&w=2", "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html", "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054", "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html", "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html", "http://security.gentoo.org/glsa/glsa-201406-32.xml", "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html"], "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the lack of framework support by AWT event dispatch, and/or \"clipboard access in Applets.\"", "edition": 4, "reporter": "NVD", "published": "2011-02-17T14:00:01", "title": "CVE-2010-4465", "type": "cve", "enchantments": {"score": {"modified": "2018-11-01T05:12:50", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:12925", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12925"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-4465"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:12925", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:12925"}], "modified": "2018-10-30T12:26:21", "cpe": ["cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jdk:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_20", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:sdk:1.4.2_23", "cpe:/a:sun:jdk:1.6.0:update1_b06", "cpe:/a:sun:jdk:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update26", "cpe:/a:sun:jdk:1.6.0:update_17", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:jre:1.6.0:update_22", "cpe:/a:sun:sdk:1.4.2_29", "cpe:/a:sun:jdk:1.5.0:update3", "cpe:/a:sun:jre:1.6.0:update_2", "cpe:/a:sun:jre:1.6.0:update_7", "cpe:/a:sun:jdk:1.5.0:update27", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jdk:1.5.0:update8", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.6.0:update_17", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.5.0:update3", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:sun:jdk:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update13", "cpe:/a:sun:jre:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update26", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jdk:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_19", "cpe:/a:sun:jre:1.6.0:update_13", "cpe:/a:sun:jdk:1.6.0:update2", "cpe:/a:sun:jre:1.5.0:update18", "cpe:/a:sun:jre:1.6.0:update_3", "cpe:/a:sun:jre:1.6.0:update_1", "cpe:/a:sun:jre:1.5.0:update19", "cpe:/a:sun:jre:1.5.0:update27", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:jdk:1.6.0:update_15", "cpe:/a:sun:jdk:1.5.0:update25", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jdk:1.6.0:update_20", "cpe:/a:sun:jdk:1.5.0:update24", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jdk:1.6.0:update_5", "cpe:/a:sun:jre:1.5.0:update14", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:jre:1.6.0:update_4", "cpe:/a:sun:sdk:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:jre:1.6.0:update_11", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:jdk:1.5.0:update23", "cpe:/a:sun:jre:1.5.0:update6", "cpe:/a:sun:jre:1.6.0:update_10", "cpe:/a:sun:jdk:1.6.0:update_16", "cpe:/a:sun:jdk:1.6.0:update_18", "cpe:/a:sun:jre:1.5.0:update4", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:sdk:1.4.2_24", "cpe:/a:sun:jdk:1.6.0:update_4", "cpe:/a:sun:jre:1.6.0:update_23", "cpe:/a:sun:jdk:1.6.0:update_11", "cpe:/a:sun:jre:1.5.0:update17", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:jre:1.5.0:update8", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:jdk:1.5.0:update11", "cpe:/a:sun:jdk:1.5.0:update6", "cpe:/a:sun:jdk:1.6.0:update_21", "cpe:/a:sun:sdk:1.4.2_27", "cpe:/a:sun:jre:1.4.2_25", "cpe:/a:sun:jdk:1.5.0:update13", "cpe:/a:sun:jdk:1.5.0:update17", "cpe:/a:sun:jdk:1.5.0:update10", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:jre:1.4.2_29", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:sdk:1.4.2_20", "cpe:/a:sun:jdk:1.6.0:update_13", "cpe:/a:sun:jre:1.5.0:update1", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:jdk:1.5.0:update21", "cpe:/a:sun:jdk:1.6.0:update_23", "cpe:/a:sun:jre:1.4.2_26", "cpe:/a:sun:jre:1.4.2_27", "cpe:/a:sun:jdk:1.6.0:update1", "cpe:/a:sun:sdk:1.4.2_22", "cpe:/a:sun:jdk:1.6.0:update_6", "cpe:/a:sun:jre:1.6.0:update_5", "cpe:/a:sun:jdk:1.5.0:update4", "cpe:/a:sun:jre:1.5.0:update15", "cpe:/a:sun:jdk:1.5.0:update1", "cpe:/a:sun:sdk:1.4.2_02", "cpe:/a:sun:sdk:1.4.2_28", "cpe:/a:sun:jdk:1.5.0:update20", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:jre:1.5.0:update24", "cpe:/a:sun:jre:1.6.0:update_19", "cpe:/a:sun:jre:1.5.0:update7", "cpe:/a:sun:jdk:1.6.0:update_10", "cpe:/a:sun:jre:1.5.0:update10", "cpe:/a:sun:jdk:1.6.0:update_12", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:1.6.0:update_16", "cpe:/a:sun:jre:1.4.2_28", "cpe:/a:sun:jdk:1.5.0:update2", "cpe:/a:sun:jre:1.5.0:update2", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:jdk:1.5.0:update7", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:jre:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update22", "cpe:/a:sun:jdk:1.5.0:update14", "cpe:/a:sun:jre:1.5.0:update23", "cpe:/a:sun:jre:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_18", "cpe:/a:sun:jre:1.6.0:update_14", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:jdk:1.5.0:update15", "cpe:/a:sun:jre:1.4.2", "cpe:/a:sun:jre:1.6.0:update_12", "cpe:/a:sun:jre:1.5.0:update22", "cpe:/a:sun:jre:1.6.0:update_6", "cpe:/a:sun:jdk:1.5.0:update5", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:sun:sdk:1.4.2_25", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:jre:1.6.0:update_21", "cpe:/a:sun:sdk:1.4.2_21", "cpe:/a:sun:jre:1.5.0:update25", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jre:1.4.2_23", "cpe:/a:sun:jdk:1.6.0:update_3", "cpe:/a:sun:jre:1.5.0:update21", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.5.0:update5", "cpe:/a:sun:jre:1.6.0:update_15", "cpe:/a:sun:jre:1.5.0:update11", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:sdk:1.4.2_26", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.4.2_24", "cpe:/a:sun:jdk:1.5.0:update18", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:jdk:1.6.0:update_14", "cpe:/a:sun:sdk:1.4.2", "cpe:/a:sun:jre:1.5.0:update20", "cpe:/a:sun:sdk:1.4.2_15", "cpe:/a:sun:jdk:1.5.0:update19", "cpe:/a:sun:jdk:1.6.0:update_7"], "id": "CVE-2010-4465", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4465", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-01T05:12:50", "references": ["http://www.debian.org/security/2011/dsa-2224", "http://www.redhat.com/support/errata/RHSA-2011-0281.html", "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html", "http://www.securityfocus.com/bid/46400", "http://www.redhat.com/support/errata/RHSA-2011-0282.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/65399", "http://marc.info/?l=bugtraq&m=134254957702612&w=2", "http://marc.info/?l=bugtraq&m=133728004526190&w=2", "http://marc.info/?l=bugtraq&m=134254866602253&w=2", "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html", "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054", "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html", "http://security.gentoo.org/glsa/glsa-201406-32.xml", "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html"], "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is heap corruption related to the Verifier and \"backward jsrs.\"", "edition": 5, "reporter": "NVD", "published": "2011-02-17T14:00:01", "title": "CVE-2010-4469", "type": "cve", "enchantments": {"score": {"modified": "2018-11-01T05:12:50", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:12833", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12833"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-4469"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:13639", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:13639"}], "modified": "2018-10-30T12:26:21", "cpe": ["cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jdk:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_20", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:sdk:1.4.2_23", "cpe:/a:sun:jdk:1.6.0:update1_b06", "cpe:/a:sun:jdk:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update26", "cpe:/a:sun:jdk:1.6.0:update_17", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:jre:1.6.0:update_22", "cpe:/a:sun:sdk:1.4.2_29", "cpe:/a:sun:jdk:1.5.0:update3", "cpe:/a:sun:jre:1.6.0:update_2", "cpe:/a:sun:jre:1.6.0:update_7", "cpe:/a:sun:jdk:1.5.0:update27", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jdk:1.5.0:update8", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.6.0:update_17", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.5.0:update3", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:sun:jdk:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update13", "cpe:/a:sun:jre:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update26", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jdk:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_19", "cpe:/a:sun:jre:1.6.0:update_13", "cpe:/a:sun:jdk:1.6.0:update2", "cpe:/a:sun:jre:1.5.0:update18", "cpe:/a:sun:jre:1.6.0:update_3", "cpe:/a:sun:jre:1.6.0:update_1", "cpe:/a:sun:jre:1.5.0:update19", "cpe:/a:sun:jre:1.5.0:update27", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:jdk:1.6.0:update_15", "cpe:/a:sun:jdk:1.5.0:update25", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jdk:1.6.0:update_20", "cpe:/a:sun:jdk:1.5.0:update24", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jdk:1.6.0:update_5", "cpe:/a:sun:jre:1.5.0:update14", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:jre:1.6.0:update_4", "cpe:/a:sun:sdk:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:jre:1.6.0:update_11", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:jdk:1.5.0:update23", "cpe:/a:sun:jre:1.5.0:update6", "cpe:/a:sun:jre:1.6.0:update_10", "cpe:/a:sun:jdk:1.6.0:update_16", "cpe:/a:sun:jdk:1.6.0:update_18", "cpe:/a:sun:jre:1.5.0:update4", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:sdk:1.4.2_24", "cpe:/a:sun:jdk:1.6.0:update_4", "cpe:/a:sun:jre:1.6.0:update_23", "cpe:/a:sun:jdk:1.6.0:update_11", "cpe:/a:sun:jre:1.5.0:update17", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:jre:1.5.0:update8", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:jdk:1.5.0:update11", "cpe:/a:sun:jdk:1.5.0:update6", "cpe:/a:sun:jdk:1.6.0:update_21", "cpe:/a:sun:sdk:1.4.2_27", "cpe:/a:sun:jre:1.4.2_25", "cpe:/a:sun:jdk:1.5.0:update13", "cpe:/a:sun:jdk:1.5.0:update17", "cpe:/a:sun:jdk:1.5.0:update10", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:jre:1.4.2_29", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:sdk:1.4.2_20", "cpe:/a:sun:jdk:1.6.0:update_13", "cpe:/a:sun:jre:1.5.0:update1", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:jdk:1.5.0:update21", "cpe:/a:sun:jdk:1.6.0:update_23", "cpe:/a:sun:jre:1.4.2_26", "cpe:/a:sun:jre:1.4.2_27", "cpe:/a:sun:jdk:1.6.0:update1", "cpe:/a:sun:sdk:1.4.2_22", "cpe:/a:sun:jdk:1.6.0:update_6", "cpe:/a:sun:jre:1.6.0:update_5", "cpe:/a:sun:jdk:1.5.0:update4", "cpe:/a:sun:jre:1.5.0:update15", "cpe:/a:sun:jdk:1.5.0:update1", "cpe:/a:sun:sdk:1.4.2_02", "cpe:/a:sun:sdk:1.4.2_28", "cpe:/a:sun:jdk:1.5.0:update20", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:jre:1.5.0:update24", "cpe:/a:sun:jre:1.6.0:update_19", "cpe:/a:sun:jre:1.5.0:update7", "cpe:/a:sun:jdk:1.6.0:update_10", "cpe:/a:sun:jre:1.5.0:update10", "cpe:/a:sun:jdk:1.6.0:update_12", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:1.6.0:update_16", "cpe:/a:sun:jre:1.4.2_28", "cpe:/a:sun:jdk:1.5.0:update2", "cpe:/a:sun:jre:1.5.0:update2", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:jdk:1.5.0:update7", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:jre:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update22", "cpe:/a:sun:jdk:1.5.0:update14", "cpe:/a:sun:jre:1.5.0:update23", "cpe:/a:sun:jre:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_18", "cpe:/a:sun:jre:1.6.0:update_14", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:jdk:1.5.0:update15", "cpe:/a:sun:jre:1.4.2", "cpe:/a:sun:jre:1.6.0:update_12", "cpe:/a:sun:jre:1.5.0:update22", "cpe:/a:sun:jre:1.6.0:update_6", "cpe:/a:sun:jdk:1.5.0:update5", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:sun:sdk:1.4.2_25", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:jre:1.6.0:update_21", "cpe:/a:sun:sdk:1.4.2_21", "cpe:/a:sun:jre:1.5.0:update25", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jre:1.4.2_23", "cpe:/a:sun:jdk:1.6.0:update_3", "cpe:/a:sun:jre:1.5.0:update21", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.5.0:update5", "cpe:/a:sun:jre:1.6.0:update_15", "cpe:/a:sun:jre:1.5.0:update11", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:sdk:1.4.2_26", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.4.2_24", "cpe:/a:sun:jdk:1.5.0:update18", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:jdk:1.6.0:update_14", "cpe:/a:sun:sdk:1.4.2", "cpe:/a:sun:jre:1.5.0:update20", "cpe:/a:sun:sdk:1.4.2_15", "cpe:/a:sun:jdk:1.5.0:update19", "cpe:/a:sun:jdk:1.6.0:update_7"], "id": "CVE-2010-4469", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4469", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-01T05:12:50", "references": ["http://www.debian.org/security/2011/dsa-2224", "http://www.redhat.com/support/errata/RHSA-2011-0281.html", "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html", "http://www.redhat.com/support/errata/RHSA-2011-0282.html", "http://marc.info/?l=bugtraq&m=134254957702612&w=2", "http://www.securityfocus.com/bid/46397", "http://marc.info/?l=bugtraq&m=134254866602253&w=2", "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html", "http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/", "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054", "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html", "http://security.gentoo.org/glsa/glsa-201406-32.xml", "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/65406", "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html"], "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows local standalone applications to affect confidentiality, integrity, and availability via unknown vectors related to Launcher. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable.", "edition": 5, "reporter": "NVD", "published": "2011-02-17T14:00:01", "title": "CVE-2010-4450", "type": "cve", "enchantments": {"score": {"modified": "2018-11-01T05:12:50", "vector": "NONE", "value": 2.1}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:12420", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12420"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-4450"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:14135", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:14135"}], "modified": "2018-10-30T12:26:21", "cpe": ["cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jdk:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_20", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:sdk:1.4.2_23", "cpe:/a:sun:jdk:1.6.0:update1_b06", "cpe:/a:sun:jdk:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update26", "cpe:/a:sun:jdk:1.6.0:update_17", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:jre:1.6.0:update_22", "cpe:/a:sun:sdk:1.4.2_29", "cpe:/a:sun:jdk:1.5.0:update3", "cpe:/a:sun:jre:1.6.0:update_2", "cpe:/a:sun:jre:1.6.0:update_7", "cpe:/a:sun:jdk:1.5.0:update27", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jdk:1.5.0:update8", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.6.0:update_17", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.5.0:update3", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:sun:jdk:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update13", "cpe:/a:sun:jre:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update26", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jdk:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_19", "cpe:/a:sun:jre:1.6.0:update_13", "cpe:/a:sun:jdk:1.6.0:update2", "cpe:/a:sun:jre:1.5.0:update18", "cpe:/a:sun:jre:1.6.0:update_3", "cpe:/a:sun:jre:1.6.0:update_1", "cpe:/a:sun:jre:1.5.0:update19", "cpe:/a:sun:jre:1.5.0:update27", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:jdk:1.6.0:update_15", "cpe:/a:sun:jdk:1.5.0:update25", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jdk:1.6.0:update_20", "cpe:/a:sun:jdk:1.5.0:update24", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jdk:1.6.0:update_5", "cpe:/a:sun:jre:1.5.0:update14", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:jre:1.6.0:update_4", "cpe:/a:sun:sdk:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:jre:1.6.0:update_11", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:jdk:1.5.0:update23", "cpe:/a:sun:jre:1.5.0:update6", "cpe:/a:sun:jre:1.6.0:update_10", "cpe:/a:sun:jdk:1.6.0:update_16", "cpe:/a:sun:jdk:1.6.0:update_18", "cpe:/a:sun:jre:1.5.0:update4", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:sdk:1.4.2_24", "cpe:/a:sun:jdk:1.6.0:update_4", "cpe:/a:sun:jre:1.6.0:update_23", "cpe:/a:sun:jdk:1.6.0:update_11", "cpe:/a:sun:jre:1.5.0:update17", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:jre:1.5.0:update8", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:jdk:1.5.0:update11", "cpe:/a:sun:jdk:1.5.0:update6", "cpe:/a:sun:jdk:1.6.0:update_21", "cpe:/a:sun:sdk:1.4.2_27", "cpe:/a:sun:jre:1.4.2_25", "cpe:/a:sun:jdk:1.5.0:update13", "cpe:/a:sun:jdk:1.5.0:update17", "cpe:/a:sun:jdk:1.5.0:update10", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:jre:1.4.2_29", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:sdk:1.4.2_20", "cpe:/a:sun:jdk:1.6.0:update_13", "cpe:/a:sun:jre:1.5.0:update1", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:jdk:1.5.0:update21", "cpe:/a:sun:jdk:1.6.0:update_23", "cpe:/a:sun:jre:1.4.2_26", "cpe:/a:sun:jre:1.4.2_27", "cpe:/a:sun:jdk:1.6.0:update1", "cpe:/a:sun:sdk:1.4.2_22", "cpe:/a:sun:jdk:1.6.0:update_6", "cpe:/a:sun:jre:1.6.0:update_5", "cpe:/a:sun:jdk:1.5.0:update4", "cpe:/a:sun:jre:1.5.0:update15", "cpe:/a:sun:jdk:1.5.0:update1", "cpe:/a:sun:sdk:1.4.2_02", "cpe:/a:sun:sdk:1.4.2_28", "cpe:/a:sun:jdk:1.5.0:update20", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:jre:1.5.0:update24", "cpe:/a:sun:jre:1.6.0:update_19", "cpe:/a:sun:jre:1.5.0:update7", "cpe:/a:sun:jdk:1.6.0:update_10", "cpe:/a:sun:jre:1.5.0:update10", "cpe:/a:sun:jdk:1.6.0:update_12", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:1.6.0:update_16", "cpe:/a:sun:jre:1.4.2_28", "cpe:/a:sun:jdk:1.5.0:update2", "cpe:/a:sun:jre:1.5.0:update2", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:jdk:1.5.0:update7", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:jre:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update22", "cpe:/a:sun:jdk:1.5.0:update14", "cpe:/a:sun:jre:1.5.0:update23", "cpe:/a:sun:jre:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_18", "cpe:/a:sun:jre:1.6.0:update_14", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:jdk:1.5.0:update15", "cpe:/a:sun:jre:1.4.2", "cpe:/a:sun:jre:1.6.0:update_12", "cpe:/a:sun:jre:1.5.0:update22", "cpe:/a:sun:jre:1.6.0:update_6", "cpe:/a:sun:jdk:1.5.0:update5", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:sun:sdk:1.4.2_25", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:jre:1.6.0:update_21", "cpe:/a:sun:sdk:1.4.2_21", "cpe:/a:sun:jre:1.5.0:update25", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jre:1.4.2_23", "cpe:/a:sun:jdk:1.6.0:update_3", "cpe:/a:sun:jre:1.5.0:update21", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.5.0:update5", "cpe:/a:sun:jre:1.6.0:update_15", "cpe:/a:sun:jre:1.5.0:update11", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:sdk:1.4.2_26", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.4.2_24", "cpe:/a:sun:jdk:1.5.0:update18", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:jdk:1.6.0:update_14", "cpe:/a:sun:sdk:1.4.2", "cpe:/a:sun:jre:1.5.0:update20", "cpe:/a:sun:sdk:1.4.2_15", "cpe:/a:sun:jdk:1.5.0:update19", "cpe:/a:sun:jdk:1.6.0:update_7"], "id": "CVE-2010-4450", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4450", "cvss": {"score": 3.7, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-22T12:41:50", "references": ["http://www.debian.org/security/2011/dsa-2224", "http://www.redhat.com/support/errata/RHSA-2011-0281.html", "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html", "http://www.redhat.com/support/errata/RHSA-2011-0282.html", "http://marc.info/?l=bugtraq&m=134254957702612&w=2", "http://marc.info/?l=bugtraq&m=134254866602253&w=2", "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html", "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054", "http://www.securityfocus.com/bid/46404", "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html", "http://security.gentoo.org/glsa/glsa-201406-32.xml", "https://exchange.xforce.ibmcloud.com/vulnerabilities/65411", "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html"], "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the \"XML DSig Transform or C14N algorithm implementations.\"", "edition": 4, "reporter": "NVD", "published": "2011-02-17T14:00:01", "title": "CVE-2010-4472", "type": "cve", "enchantments": {"score": {"modified": "2017-12-22T12:41:50", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:12903", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12903"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-4472"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:12903", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:12903"}], "modified": "2017-12-21T21:29:02", "cpe": ["cpe:/a:sun:jre:1.6.0:update_20", "cpe:/a:sun:jdk:1.6.0:update1_b06", "cpe:/a:sun:jdk:1.6.0:update_17", "cpe:/a:sun:jre:1.6.0:update_22", "cpe:/a:sun:jre:1.6.0:update_2", "cpe:/a:sun:jre:1.6.0:update_7", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jre:1.6.0:update_17", "cpe:/a:sun:jdk:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_19", "cpe:/a:sun:jre:1.6.0:update_13", "cpe:/a:sun:jdk:1.6.0:update2", "cpe:/a:sun:jre:1.6.0:update_3", "cpe:/a:sun:jre:1.6.0:update_1", "cpe:/a:sun:jdk:1.6.0:update_15", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jdk:1.6.0:update_20", "cpe:/a:sun:jdk:1.6.0:update_5", "cpe:/a:sun:jre:1.6.0:update_4", "cpe:/a:sun:jre:1.6.0:update_11", "cpe:/a:sun:jre:1.6.0:update_10", "cpe:/a:sun:jdk:1.6.0:update_16", "cpe:/a:sun:jdk:1.6.0:update_18", "cpe:/a:sun:jdk:1.6.0:update_4", "cpe:/a:sun:jre:1.6.0:update_23", "cpe:/a:sun:jdk:1.6.0:update_11", "cpe:/a:sun:jdk:1.6.0:update_21", "cpe:/a:sun:jdk:1.6.0:update_13", "cpe:/a:sun:jdk:1.6.0:update_23", "cpe:/a:sun:jdk:1.6.0:update1", "cpe:/a:sun:jdk:1.6.0:update_6", "cpe:/a:sun:jre:1.6.0:update_5", "cpe:/a:sun:jre:1.6.0:update_19", "cpe:/a:sun:jdk:1.6.0:update_10", "cpe:/a:sun:jdk:1.6.0:update_12", "cpe:/a:sun:jre:1.6.0:update_16", "cpe:/a:sun:jre:1.6.0:update_18", "cpe:/a:sun:jre:1.6.0:update_14", "cpe:/a:sun:jre:1.6.0:update_12", "cpe:/a:sun:jre:1.6.0:update_6", "cpe:/a:sun:jre:1.6.0:update_21", "cpe:/a:sun:jdk:1.6.0:update_3", "cpe:/a:sun:jre:1.6.0:update_15", "cpe:/a:sun:jdk:1.6.0:update_14", "cpe:/a:sun:jdk:1.6.0:update_7"], "id": "CVE-2010-4472", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4472", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-09-19T13:37:22", "references": ["http://www.debian.org/security/2011/dsa-2224", "https://exchange.xforce.ibmcloud.com/vulnerabilities/65534", "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html", "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html", "http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/", "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054", "http://www.securityfocus.com/bid/46439", "https://bugzilla.redhat.com/show_bug.cgi?id=677332", "http://security.gentoo.org/glsa/glsa-201406-32.xml"], "description": "The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of \"an inappropriate security descriptor.\"", "edition": 3, "reporter": "NVD", "published": "2011-02-18T20:00:03", "title": "CVE-2011-0706", "type": "cve", "enchantments": {"score": {"modified": "2017-09-19T13:37:22", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:14117", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14117"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2011-0706"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:14117", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:14117"}], "modified": "2017-09-18T21:32:11", "cpe": ["cpe:/a:redhat:icedtea-web:1.0", "cpe:/a:redhat:icedtea-web:1.0.1:pre", "cpe:/a:redhat:icedtea-web:1.0:pre", "cpe:/a:sun:jdk:1.6.0"], "id": "CVE-2011-0706", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0706", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-22T12:41:50", "references": ["http://www.debian.org/security/2011/dsa-2224", "http://www.redhat.com/support/errata/RHSA-2011-0281.html", "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/65404", "http://www.redhat.com/support/errata/RHSA-2011-0282.html", "http://marc.info/?l=bugtraq&m=134254957702612&w=2", "http://marc.info/?l=bugtraq&m=134254866602253&w=2", "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html", "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054", "http://www.securityfocus.com/bid/46387", "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html", "http://security.gentoo.org/glsa/glsa-201406-32.xml", "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html"], "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows remote attackers to affect availability via unknown vectors related to JAXP and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to \"Features set on SchemaFactory not inherited by Validator.\"", "edition": 4, "reporter": "NVD", "published": "2011-02-17T14:00:01", "title": "CVE-2010-4470", "type": "cve", "enchantments": {"score": {"modified": "2017-12-22T12:41:50", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:12887", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12887"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-4470"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:14076", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:14076"}], "modified": "2017-12-21T21:29:02", "cpe": ["cpe:/a:sun:jre:1.6.0:update_20", "cpe:/a:sun:jdk:1.6.0:update1_b06", "cpe:/a:sun:jdk:1.6.0:update_17", "cpe:/a:sun:jre:1.6.0:update_22", "cpe:/a:sun:jre:1.6.0:update_2", "cpe:/a:sun:jre:1.6.0:update_7", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jre:1.6.0:update_17", "cpe:/a:sun:jdk:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_19", "cpe:/a:sun:jre:1.6.0:update_13", "cpe:/a:sun:jdk:1.6.0:update2", "cpe:/a:sun:jre:1.6.0:update_3", "cpe:/a:sun:jre:1.6.0:update_1", "cpe:/a:sun:jdk:1.6.0:update_15", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jdk:1.6.0:update_20", "cpe:/a:sun:jdk:1.6.0:update_5", "cpe:/a:sun:jre:1.6.0:update_4", "cpe:/a:sun:jre:1.6.0:update_11", "cpe:/a:sun:jre:1.6.0:update_10", "cpe:/a:sun:jdk:1.6.0:update_16", "cpe:/a:sun:jdk:1.6.0:update_18", "cpe:/a:sun:jdk:1.6.0:update_4", "cpe:/a:sun:jre:1.6.0:update_23", "cpe:/a:sun:jdk:1.6.0:update_11", "cpe:/a:sun:jdk:1.6.0:update_21", "cpe:/a:sun:jdk:1.6.0:update_13", "cpe:/a:sun:jdk:1.6.0:update_23", "cpe:/a:sun:jdk:1.6.0:update1", "cpe:/a:sun:jdk:1.6.0:update_6", "cpe:/a:sun:jre:1.6.0:update_5", "cpe:/a:sun:jre:1.6.0:update_19", "cpe:/a:sun:jdk:1.6.0:update_10", "cpe:/a:sun:jdk:1.6.0:update_12", "cpe:/a:sun:jre:1.6.0:update_16", "cpe:/a:sun:jre:1.6.0:update_18", "cpe:/a:sun:jre:1.6.0:update_14", "cpe:/a:sun:jre:1.6.0:update_12", "cpe:/a:sun:jre:1.6.0:update_6", "cpe:/a:sun:jre:1.6.0:update_21", "cpe:/a:sun:jdk:1.6.0:update_3", "cpe:/a:sun:jre:1.6.0:update_15", "cpe:/a:sun:jdk:1.6.0:update_14", "cpe:/a:sun:jdk:1.6.0:update_7"], "id": "CVE-2010-4470", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4470", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-16T22:14:06", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "6", "packageVersion": "6b18-1.8.7-2~squeeze1", "arch": "all", "packageFilename": "openjdk-6_6b18-1.8.7-2~squeeze1_all.deb", "packageName": "openjdk-6", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "6b18-1.8.7-2~lenny1", "arch": "all", "packageFilename": "openjdk-6_6b18-1.8.7-2~lenny1_all.deb", "packageName": "openjdk-6", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "6b18-1.8.7-2~lenny1", "arch": "all", "packageFilename": "openjdk-6-dbg_6b18-1.8.7-2~lenny1_all.deb", "packageName": "openjdk-6-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "6b18-1.8.7-2~squeeze1", "arch": "all", "packageFilename": "openjdk-6-jre-zero_6b18-1.8.7-2~squeeze1_all.deb", "packageName": "openjdk-6-jre-zero", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "6b18-1.8.7-2~squeeze1", "arch": "all", "packageFilename": "openjdk-6-jre_6b18-1.8.7-2~squeeze1_all.deb", "packageName": "openjdk-6-jre", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "6b18-1.8.7-2~lenny1", "arch": "all", "packageFilename": "openjdk-6-demo_6b18-1.8.7-2~lenny1_all.deb", "packageName": "openjdk-6-demo", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "6b18-1.8.7-2~lenny1", "arch": "all", "packageFilename": "openjdk-6-jdk_6b18-1.8.7-2~lenny1_all.deb", "packageName": "openjdk-6-jdk", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "6b18-1.8.7-2~lenny1", "arch": "all", "packageFilename": "openjdk-6-jre-headless_6b18-1.8.7-2~lenny1_all.deb", "packageName": "openjdk-6-jre-headless", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "6b18-1.8.7-2~squeeze1", "arch": "all", "packageFilename": "openjdk-6-jre-lib_6b18-1.8.7-2~squeeze1_all.deb", "packageName": "openjdk-6-jre-lib", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "6b18-1.8.7-2~lenny1", "arch": "all", "packageFilename": "openjdk-6-doc_6b18-1.8.7-2~lenny1_all.deb", "packageName": "openjdk-6-doc", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "6b18-1.8.7-2~lenny1", "arch": "all", "packageFilename": "openjdk-6-jre_6b18-1.8.7-2~lenny1_all.deb", "packageName": "openjdk-6-jre", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "6b18-1.8.7-2~squeeze1", "arch": "all", "packageFilename": "icedtea-6-jre-cacao_6b18-1.8.7-2~squeeze1_all.deb", "packageName": "icedtea-6-jre-cacao", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "6b18-1.8.7-2~squeeze1", "arch": "all", "packageFilename": "openjdk-6-source_6b18-1.8.7-2~squeeze1_all.deb", "packageName": "openjdk-6-source", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "6b18-1.8.7-2~lenny1", "arch": "all", "packageFilename": "icedtea6-plugin_6b18-1.8.7-2~lenny1_all.deb", "packageName": "icedtea6-plugin", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "6b18-1.8.7-2~squeeze1", "arch": "all", "packageFilename": "openjdk-6-doc_6b18-1.8.7-2~squeeze1_all.deb", "packageName": "openjdk-6-doc", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "6b18-1.8.7-2~squeeze1", "arch": "all", "packageFilename": "openjdk-6-jdk_6b18-1.8.7-2~squeeze1_all.deb", "packageName": "openjdk-6-jdk", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "6b18-1.8.7-2~squeeze1", "arch": "all", "packageFilename": "openjdk-6-jre-headless_6b18-1.8.7-2~squeeze1_all.deb", "packageName": "openjdk-6-jre-headless", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "6b18-1.8.7-2~squeeze1", "arch": "all", "packageFilename": "openjdk-6-dbg_6b18-1.8.7-2~squeeze1_all.deb", "packageName": "openjdk-6-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "6b18-1.8.7-2~lenny1", "arch": "all", "packageFilename": "openjdk-6-source_6b18-1.8.7-2~lenny1_all.deb", "packageName": "openjdk-6-source", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "6b18-1.8.7-2~squeeze1", "arch": "all", "packageFilename": "openjdk-6-demo_6b18-1.8.7-2~squeeze1_all.deb", "packageName": "openjdk-6-demo", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "6b18-1.8.7-2~squeeze1", "arch": "all", "packageFilename": "icedtea6-plugin_6b18-1.8.7-2~squeeze1_all.deb", "packageName": "icedtea6-plugin", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "6b18-1.8.7-2~lenny1", "arch": "all", "packageFilename": "openjdk-6-jre-lib_6b18-1.8.7-2~lenny1_all.deb", "packageName": "openjdk-6-jre-lib", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2224-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nApril 20, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openjdk-6\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2010-4351 CVE-2010-4448 CVE-2010-4450 CVE-2010-4465 \n CVE-2010-4469 CVE-2010-4470 CVE-2010-4471 CVE-2010-4472\n CVE-2011-0025 CVE-2011-0706\n\nSeveral security vulnerabilities were discovered in OpenJDK, an\nimplementation of the Java platform.\n\nCVE-2010-4351\n The JNLP SecurityManager returns from the checkPermission method\n instead of throwing an exception in certain circumstances, which\n might allow context-dependent attackers to bypass the intended\n security policy by creating instances of ClassLoader.\n\nCVE-2010-4448\n Malicious applets can perform DNS cache poisoning.\n\nCVE-2010-4450\n An empty (but set) LD_LIBRARY_PATH environment variable results in\n a misconstructed library search path, resulting in code execution\n from possibly untrusted sources.\n\nCVE-2010-4465\n Malicious applets can extend their privileges by abusing Swing\n timers.\n\nCVE-2010-4469\n The Hotspot just-in-time compiler miscompiles crafted byte\n sequences, resulting in heap corruption.\n\nCVE-2010-4470\n JAXP can be exploited by untrusted code to elevate privileges.\n\nCVE-2010-4471\n Java2D can be exploited by untrusted code to elevate privileges.\n\nCVE-2010-4472\n Untrusted code can replace the XML DSIG implementation.\n\nCVE-2011-0025\n Signatures on JAR files are not properly verified, which allows\n remote attackers to trick users into executing code that appears\n to come from a trusted source.\n\nCVE-2011-0706\n The JNLPClassLoader class allows remote attackers to gain\n privileges via unknown vectors related to multiple signers and the\n assignment of &quot;an inappropriate security descriptor\n\nIn addition, this security update contains stability fixes, such as\nswitching to the recommended Hotspot version (hs14) for this\nparticular version of OpenJDK.\n\nFor the oldstable distribution (lenny), these problems have been fixed in\nversion 6b18-1.8.7-2~lenny1.\n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 6b18-1.8.7-2~squeeze1.\n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 1.8.7-1.\n\nWe recommend that you upgrade your openjdk-6 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 1, "reporter": "Debian", "published": "2011-04-20T20:20:06", "title": "[SECURITY] [DSA 2224-1] openjdk-6 security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:14:06", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4471", "CVE-2011-0025", "CVE-2010-4470", "CVE-2010-4351", "CVE-2011-0706"], "modified": "2011-04-20T20:20:06", "id": "DEBIAN:DSA-2224-1:ECD2A", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00093.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:41:42", "references": [], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-alsa-1.6.0.u24-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-sun-alsa", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-jdbc-1.6.0.u24-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-sun-jdbc", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-plugin-1.6.0.u24-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-sun-plugin", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-alsa-1.6.0.u24-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-sun-alsa", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-src-1.6.0.u24-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-sun-src", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-src-1.6.0.u24-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-sun-src", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-plugin-1.6.0.u24-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-sun-plugin", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-1.6.0.u24-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-sun", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-src-1.6.0.u24-0.2.1.i586.rpm", "packageName": "java-1_6_0-sun-src", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-demo-1.6.0.u24-0.2.1.i586.rpm", "packageName": "java-1_6_0-sun-demo", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-devel-1.6.0.u24-0.2.1.i586.rpm", "packageName": "java-1_6_0-sun-devel", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-src-1.6.0.u24-0.2.1.i586.rpm", "packageName": "java-1_6_0-sun-src", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-alsa-1.6.0.u24-0.2.1.i586.rpm", "packageName": "java-1_6_0-sun-alsa", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-demo-1.6.0.u24-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-sun-demo", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-jdbc-1.6.0.u24-0.2.1.i586.rpm", "packageName": "java-1_6_0-sun-jdbc", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-demo-1.6.0.u24-0.2.1.i586.rpm", "packageName": "java-1_6_0-sun-demo", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-devel-1.6.0.u24-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-sun-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-plugin-1.6.0.u24-0.2.1.i586.rpm", "packageName": "java-1_6_0-sun-plugin", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-plugin-1.6.0.u24-0.2.1.i586.rpm", "packageName": "java-1_6_0-sun-plugin", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-alsa-1.6.0.u24-0.2.1.i586.rpm", "packageName": "java-1_6_0-sun-alsa", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-1.6.0.u24-0.2.1.i586.rpm", "packageName": "java-1_6_0-sun", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-jdbc-1.6.0.u24-0.2.1.i586.rpm", "packageName": "java-1_6_0-sun-jdbc", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-1.6.0.u24-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-sun", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-src-1.6.0.u24-0.2.1.i586.rpm", "packageName": "java-1_6_0-sun-src", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-devel-1.6.0.u24-0.2.1.i586.rpm", "packageName": "java-1_6_0-sun-devel", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-demo-1.6.0.u24-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-sun-demo", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-devel-1.6.0.u24-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-sun-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-1.6.0.u24-0.2.1.i586.rpm", "packageName": "java-1_6_0-sun", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-jdbc-1.6.0.u24-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-sun-jdbc", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-1.6.0.u24-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-sun", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-alsa-1.6.0.u24-0.2.1.i586.rpm", "packageName": "java-1_6_0-sun-alsa", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-jdbc-1.6.0.u24-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-sun-jdbc", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-alsa-1.6.0.u24-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-sun-alsa", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-1.6.0.u24-0.2.1.i586.rpm", "packageName": "java-1_6_0-sun", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.1", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-src-1.6.0.u24-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-sun-src", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-plugin-1.6.0.u24-0.2.1.i586.rpm", "packageName": "java-1_6_0-sun-plugin", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.2", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-plugin-1.6.0.u24-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-sun-plugin", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.3", "packageVersion": "1.6.0.u24-0.2.1", "packageFilename": "java-1_6_0-sun-jdbc-1.6.0.u24-0.2.1.i586.rpm", "packageName": "java-1_6_0-sun-jdbc", "arch": "i586", "operator": "lt"}], "description": "Sun Java 1.6 was updated to Update 24 fixing various bugs and security issues.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "reporter": "Suse", "published": "2011-02-22T14:41:11", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "remote code execution in java-1_6_0-sun", "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4475", "CVE-2010-4468", "CVE-2010-4452", "CVE-2010-4462", "CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4454", "CVE-2010-4451", "CVE-2010-4422", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4463", "CVE-2010-4473", "CVE-2010-4474", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4447", "CVE-2010-4470", "CVE-2010-4467", "CVE-2010-4466"], "modified": "2011-02-22T14:41:11", "id": "SUSE-SA:2011:010", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00005.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:32:47", "references": [], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "ia64", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.7.1.ia64.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-plugin-1.4.2_sr13.8-1.5.1.i586.rpm", "packageName": "java-1_4_2-ibm-plugin", "operator": "lt"}, {"OS": "Novell Linux Point of Service", "OSVersion": "9", "packageVersion": "1.5.0_sr12.3-0.11", "arch": "i586", "packageFilename": "IBMJava5-JRE-1.5.0_sr12.3-0.11.i586.rpm", "packageName": "IBMJava5-JRE", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-jdbc-1.5.0_sr12.3-0.7.1.i586.rpm", "packageName": "java-1_5_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "Novell Open Enterprise Server (OES)", "OSVersion": "any", "packageVersion": "1.4.2_sr13.8-0.7", "arch": "i586", "packageFilename": "IBMJava2-SDK-1.4.2_sr13.8-0.7.i586.rpm", "packageName": "IBMJava2-SDK", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "s390x", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.5.1.s390x.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "s390x", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.8-1.7.1.s390x.rpm", "packageName": "java-1_4_2-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "x86_64", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.5.1.x86_64.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "ppc", "packageFilename": "java-1_5_0-ibm-jdbc-1.5.0_sr12.3-0.7.1.ppc.rpm", "packageName": "java-1_5_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "ppc", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.7.1.ppc.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-1.5.0_sr12.3-0.7.1.x86_64.rpm", "packageName": "java-1_5_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "ia64", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.7.1.ia64.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "ppc", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.1-1.5.1.ppc.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "s390x", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr12.3-0.7.1.s390x.rpm", "packageName": "java-1_5_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "ppc", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.8-1.7.1.ppc.rpm", "packageName": "java-1_4_2-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.8-1.7.1.i586.rpm", "packageName": "java-1_4_2-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "ppc", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr12.3-0.7.1.ppc.rpm", "packageName": "java-1_5_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "ppc64", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr9.1-1.5.1.ppc64.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "ppc", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.1-1.5.1.ppc.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.1-1.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-plugin-32bit-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-plugin-32bit", "operator": "lt"}, {"OS": "Novell Linux Point of Service", "OSVersion": "9", "packageVersion": "1.4.2_sr13.8-0.15", "arch": "i586", "packageFilename": "IBMJava2-JRE-1.4.2_sr13.8-0.15.i586.rpm", "packageName": "IBMJava2-JRE", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "ppc64", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.1-1.5.1.ppc64.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "s390x", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.7.1.s390x.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "s390x", "packageFilename": "java-1_5_0-ibm-32bit-1.5.0_sr12.3-0.7.1.s390x.rpm", "packageName": "java-1_5_0-ibm-32bit", "operator": "lt"}, {"OS": "Novell Open Enterprise Server (OES)", "OSVersion": "any", "packageVersion": "1.4.2_sr13.8-0.7", "arch": "i586", "packageFilename": "IBMJava2-JRE-1.4.2_sr13.8-0.7.i586.rpm", "packageName": "IBMJava2-JRE", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "s390x", "packageFilename": "java-1_5_0-ibm-1.5.0_sr12.3-0.7.1.s390x.rpm", "packageName": "java-1_5_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-devel-32bit-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-devel-32bit", "operator": "lt"}, {"OS": "Novell Linux Point of Service", "OSVersion": "9", "packageVersion": "1.4.2_sr13.8-0.15", "arch": "i586", "packageFilename": "IBMJava2-SDK-1.4.2_sr13.8-0.15.i586.rpm", "packageName": "IBMJava2-SDK", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.5.1.i586.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-alsa-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-alsa", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-alsa-1.5.0_sr12.3-0.7.1.i586.rpm", "packageName": "java-1_5_0-ibm-alsa", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "ppc", "packageFilename": "java-1_5_0-ibm-64bit-1.5.0_sr12.3-0.7.1.ppc.rpm", "packageName": "java-1_5_0-ibm-64bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.5.1.i586.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-alsa-32bit-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-alsa-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-devel-32bit-1.6.0_sr9.1-1.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr12.3-0.7.1.i586.rpm", "packageName": "java-1_5_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "s390x", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.7.1.s390x.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr9.1-1.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "x86_64", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.8-1.7.1.x86_64.rpm", "packageName": "java-1_4_2-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "ppc", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr9.1-1.5.1.ppc.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "ia64", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.8-1.7.1.ia64.rpm", "packageName": "java-1_4_2-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "s390x", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.8-1.7.1.s390x.rpm", "packageName": "java-1_4_2-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr12.3-0.7.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-32bit-1.6.0_sr9.1-1.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.5.1.i586.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "ppc", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr9.1-1.5.1.ppc.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "Novell Linux Point of Service", "OSVersion": "9", "packageVersion": "1.4.2_sr13.8-0.7", "arch": "i586", "packageFilename": "IBMJava2-SDK-1.4.2_sr13.8-0.7.i586.rpm", "packageName": "IBMJava2-SDK", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "s390x", "packageFilename": "java-1_5_0-ibm-devel-32bit-1.5.0_sr12.3-0.7.1.s390x.rpm", "packageName": "java-1_5_0-ibm-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "x86_64", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.8-1.7.1.x86_64.rpm", "packageName": "java-1_4_2-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.8-1.7.1.i586.rpm", "packageName": "java-1_4_2-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr9.1-1.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "Novell Open Enterprise Server (OES)", "OSVersion": "any", "packageVersion": "1.4.2_sr13.8-0.15", "arch": "i586", "packageFilename": "IBMJava2-JRE-1.4.2_sr13.8-0.15.i586.rpm", "packageName": "IBMJava2-JRE", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.1-1.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr9.1-1.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "x86_64", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.7.1.x86_64.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-32bit-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.8-1.5.1.i586.rpm", "packageName": "java-1_4_2-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "ppc64", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.5.1.ppc64.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-alsa-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-alsa", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr12.3-0.7.1.i586.rpm", "packageName": "java-1_5_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "ppc", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.7.1.ppc.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-plugin-1.4.2_sr13.8-1.7.1.i586.rpm", "packageName": "java-1_4_2-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "ppc64", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.8-1.5.1.ppc64.rpm", "packageName": "java-1_4_2-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-devel-32bit-1.5.0_sr12.3-0.7.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-devel-32bit", "operator": "lt"}, {"OS": "Novell Open Enterprise Server (OES)", "OSVersion": "any", "packageVersion": "1.5.0_sr12.3-0.11", "arch": "i586", "packageFilename": "IBMJava5-SDK-1.5.0_sr12.3-0.11.i586.rpm", "packageName": "IBMJava5-SDK", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.8-1.5.1.i586.rpm", "packageName": "java-1_4_2-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "s390x", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.8-1.5.1.s390x.rpm", "packageName": "java-1_4_2-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "ia64", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.8-1.7.1.ia64.rpm", "packageName": "java-1_4_2-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.1-1.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "Novell Open Enterprise Server (OES)", "OSVersion": "any", "packageVersion": "1.5.0_sr12.3-0.11", "arch": "i586", "packageFilename": "IBMJava5-JRE-1.5.0_sr12.3-0.11.i586.rpm", "packageName": "IBMJava5-JRE", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "ppc", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.8-1.7.1.ppc.rpm", "packageName": "java-1_4_2-ibm-devel", "operator": "lt"}, {"OS": "Novell Linux Point of Service", "OSVersion": "9", "packageVersion": "1.5.0_sr12.3-0.11", "arch": "i586", "packageFilename": "IBMJava5-SDK-1.5.0_sr12.3-0.11.i586.rpm", "packageName": "IBMJava5-SDK", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "s390x", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr12.3-0.7.1.s390x.rpm", "packageName": "java-1_5_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-plugin-1.5.0_sr12.3-0.7.1.i586.rpm", "packageName": "java-1_5_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "ppc", "packageFilename": "java-1_6_0-ibm-64bit-1.6.0_sr9.1-1.5.1.ppc.rpm", "packageName": "java-1_6_0-ibm-64bit", "operator": "lt"}, {"OS": "Novell Open Enterprise Server (OES)", "OSVersion": "any", "packageVersion": "1.4.2_sr13.8-0.15", "arch": "i586", "packageFilename": "IBMJava2-SDK-1.4.2_sr13.8-0.15.i586.rpm", "packageName": "IBMJava2-SDK", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "ppc", "packageFilename": "java-1_5_0-ibm-1.5.0_sr12.3-0.7.1.ppc.rpm", "packageName": "java-1_5_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-plugin-1.4.2_sr13.8-1.5.1.i586.rpm", "packageName": "java-1_4_2-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-1.5.0_sr12.3-0.7.1.i586.rpm", "packageName": "java-1_5_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr9.1-1.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-alsa-32bit-1.5.0_sr12.3-0.7.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-alsa-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "ia64", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.8-1.5.1.ia64.rpm", "packageName": "java-1_4_2-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.8-1.7.1.i586.rpm", "packageName": "java-1_4_2-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "ppc64", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr9.1-1.5.1.ppc64.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-alsa-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-alsa", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.1-1.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.7.1.i586.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.8-1.5.1.i586.rpm", "packageName": "java-1_4_2-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "ppc", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.8-1.7.1.ppc.rpm", "packageName": "java-1_4_2-ibm-jdbc", "operator": "lt"}, {"OS": "Novell Linux Point of Service", "OSVersion": "9", "packageVersion": "1.4.2_sr13.8-0.7", "arch": "i586", "packageFilename": "IBMJava2-JRE-1.4.2_sr13.8-0.7.i586.rpm", "packageName": "IBMJava2-JRE", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "ia64", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.5.1.ia64.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.7.1.i586.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr12.3-0.7.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-32bit-1.5.0_sr12.3-0.7.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "ppc", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr9.1-1.5.1.ppc.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.8-1.7.1.i586.rpm", "packageName": "java-1_4_2-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "ppc", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.8-1.7.1.ppc.rpm", "packageName": "java-1_4_2-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "x86_64", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.7.1.x86_64.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.8-1.7.1", "arch": "i586", "packageFilename": "java-1_4_2-ibm-plugin-1.4.2_sr13.8-1.7.1.i586.rpm", "packageName": "java-1_4_2-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "ppc64", "packageFilename": "java-1_6_0-ibm-1.6.0_sr9.1-1.5.1.ppc64.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "ppc", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr12.3-0.7.1.ppc.rpm", "packageName": "java-1_5_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "x86_64", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.8-1.5.1.x86_64.rpm", "packageName": "java-1_4_2-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.5.0_sr12.3-0.7.1", "arch": "ppc", "packageFilename": "java-1_5_0-ibm-plugin-1.5.0_sr12.3-0.7.1.ppc.rpm", "packageName": "java-1_5_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "x86_64", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.5.1.x86_64.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr9.1-1.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.8-1.5.1", "arch": "x86_64", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.8-1.5.1.x86_64.rpm", "packageName": "java-1_4_2-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.6.0_sr9.1-1.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr9.1-1.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}], "description": "IBM Java 6 was updated to SR9 FP1 was updated to fix a critical security bug in float number handling and also contains other security bugfixes.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "reporter": "Suse", "published": "2011-03-22T13:32:34", "title": "remote code execution in java-1_6_0-ibm,java-1_5_0-ibm,java-1_4_2-ibm", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4475", "CVE-2010-4468", "CVE-2010-3557", "CVE-2010-3553", "CVE-2010-4452", "CVE-2010-4462", "CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4454", "CVE-2010-4422", "CVE-2010-4463", "CVE-2010-3574", "CVE-2010-4473", "CVE-2010-3571", "CVE-2010-4476", "CVE-2010-4471", "CVE-2010-1321", "CVE-2010-4447", "CVE-2010-4467", "CVE-2010-4466"], "modified": "2011-03-22T13:32:34", "id": "SUSE-SA:2011:014", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-03/msg00003.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:14:44", "references": ["http://download.novell.com/patch/finder/?keywords=70735f0d14f1f30c4417ee92ce6af04f", "https://bugzilla.novell.com/704326"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.9-0.3.1", "packageName": "java-1_4_2-ibm-sap", "packageFilename": "java-1_4_2-ibm-sap-1.4.2_sr13.9-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.9-0.3.1", "packageName": "java-1_4_2-ibm-sap-devel", "packageFilename": "java-1_4_2-ibm-sap-devel-1.4.2_sr13.9-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise for SAP Applications", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.9-0.3.1", "packageName": "java-1_4_2-ibm-sap-devel", "packageFilename": "java-1_4_2-ibm-sap-devel-1.4.2_sr13.9-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise for SAP Applications", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.9-0.3.1", "packageName": "java-1_4_2-ibm-sap", "packageFilename": "java-1_4_2-ibm-sap-1.4.2_sr13.9-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "IBM Java 1.4.2 SR13 for SAP fixes various bugs and the\n following security issues:\n\n * CVE-2010-4447\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4447\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4447</a>\n &gt;\n * CVE-2010-4448\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4448\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4448</a>\n &gt;\n * CVE-2010-4454\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4454\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4454</a>\n &gt;\n * CVE-2010-4462\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4462\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4462</a>\n &gt;\n * CVE-2010-4465\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4465\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4465</a>\n &gt;\n * CVE-2010-4466\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4466\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4466</a>\n &gt;\n * CVE-2010-4473\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4473\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4473</a>\n &gt;\n * CVE-2010-4475\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4475\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4475</a>\n &gt;\n * CVE-2010-4476\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476</a>\n &gt;\n * CVE-2011-0311\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0311\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0311</a>\n &gt;\n\n", "edition": 1, "reporter": "Suse", "published": "2011-07-22T05:08:11", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "title": "Security update for IBM Java 1.4.2 (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4475", "CVE-2010-4462", "CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4454", "CVE-2010-4473", "CVE-2010-4476", "CVE-2010-4447", "CVE-2010-4466", "CVE-2011-0311"], "modified": "2011-07-22T05:08:11", "id": "SUSE-SU-2011:0823-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:27:16", "references": [], "affectedPackage": [{"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.9-0.7.1.x86_64.rpm", "packageName": "java-1_4_2-ibm-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.7.1.i586.rpm", "packageName": "java-1_4_2-ibm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.9-0.4.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.4.1.ia64.rpm", "packageName": "java-1_4_2-ibm", "arch": "ia64", "operator": "lt"}, {"OS": "Novell Linux Point of Service", "OSVersion": "9", "packageVersion": "1.4.2_sr13.9-0.6", "packageFilename": "IBMJava2-JRE-1.4.2_sr13.9-0.6.i586.rpm", "packageName": "IBMJava2-JRE", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.9-0.7.1.x86_64.rpm", "packageName": "java-1_4_2-ibm-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.7.1.s390x.rpm", "packageName": "java-1_4_2-ibm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.7.1.s390x.rpm", "packageName": "java-1_4_2-ibm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.7.1.x86_64.rpm", "packageName": "java-1_4_2-ibm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.7.1.ppc.rpm", "packageName": "java-1_4_2-ibm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.9-0.4.1", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.9-0.4.1.ppc64.rpm", "packageName": "java-1_4_2-ibm-devel", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.9-0.4.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.4.1.ppc64.rpm", "packageName": "java-1_4_2-ibm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.9-0.7.1.x86_64.rpm", "packageName": "java-1_4_2-ibm-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.9-0.4.1", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.9-0.4.1.i586.rpm", "packageName": "java-1_4_2-ibm-jdbc", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.9-0.7.1.i586.rpm", "packageName": "java-1_4_2-ibm-devel", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.9-0.7.1.s390x.rpm", "packageName": "java-1_4_2-ibm-devel", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.9-0.7.1.i586.rpm", "packageName": "java-1_4_2-ibm-jdbc", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.9-0.4.1", "packageFilename": "java-1_4_2-ibm-plugin-1.4.2_sr13.9-0.4.1.i586.rpm", "packageName": "java-1_4_2-ibm-plugin", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.9-0.7.1.ia64.rpm", "packageName": "java-1_4_2-ibm-devel", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.9-0.4.1", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.9-0.4.1.s390x.rpm", "packageName": "java-1_4_2-ibm-devel", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.7.1.ia64.rpm", "packageName": "java-1_4_2-ibm", "arch": "ia64", "operator": "lt"}, {"OS": "Novell Linux Point of Service", "OSVersion": "9", "packageVersion": "1.4.2_sr13.9-0.6", "packageFilename": "IBMJava2-SDK-1.4.2_sr13.9-0.6.i586.rpm", "packageName": "IBMJava2-SDK", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.7.1.x86_64.rpm", "packageName": "java-1_4_2-ibm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.7.1.s390x.rpm", "packageName": "java-1_4_2-ibm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.9-0.7.1.i586.rpm", "packageName": "java-1_4_2-ibm-devel", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-plugin-1.4.2_sr13.9-0.7.1.i586.rpm", "packageName": "java-1_4_2-ibm-plugin", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.7.1.ia64.rpm", "packageName": "java-1_4_2-ibm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.9-0.4.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.4.1.x86_64.rpm", "packageName": "java-1_4_2-ibm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.9-0.4.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.4.1.x86_64.rpm", "packageName": "java-1_4_2-ibm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.9-0.7.1.ia64.rpm", "packageName": "java-1_4_2-ibm-devel", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.9-0.4.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.4.1.i586.rpm", "packageName": "java-1_4_2-ibm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.9-0.7.1.ppc.rpm", "packageName": "java-1_4_2-ibm-devel", "arch": "ppc", "operator": "lt"}, {"OS": "Novell Open Enterprise Server (OES)", "OSVersion": "any", "packageVersion": "1.4.2_sr13.9-0.6", "packageFilename": "IBMJava2-SDK-1.4.2_sr13.9-0.6.i586.rpm", "packageName": "IBMJava2-SDK", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-plugin-1.4.2_sr13.9-0.7.1.i586.rpm", "packageName": "java-1_4_2-ibm-plugin", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.9-0.4.1", "packageFilename": "java-1_4_2-ibm-plugin-1.4.2_sr13.9-0.4.1.i586.rpm", "packageName": "java-1_4_2-ibm-plugin", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.9-0.7.1.i586.rpm", "packageName": "java-1_4_2-ibm-jdbc", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.7.1.i586.rpm", "packageName": "java-1_4_2-ibm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.9-0.7.1.ppc.rpm", "packageName": "java-1_4_2-ibm-jdbc", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.7.1.i586.rpm", "packageName": "java-1_4_2-ibm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.9-0.4.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.4.1.i586.rpm", "packageName": "java-1_4_2-ibm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.7.1.ia64.rpm", "packageName": "java-1_4_2-ibm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-plugin-1.4.2_sr13.9-0.7.1.i586.rpm", "packageName": "java-1_4_2-ibm-plugin", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.9-0.4.1", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.9-0.4.1.i586.rpm", "packageName": "java-1_4_2-ibm-jdbc", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.9-0.7.1.ppc.rpm", "packageName": "java-1_4_2-ibm-devel", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.9-0.7.1.ppc.rpm", "packageName": "java-1_4_2-ibm-jdbc", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.7.1.x86_64.rpm", "packageName": "java-1_4_2-ibm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.9-0.4.1", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.9-0.4.1.i586.rpm", "packageName": "java-1_4_2-ibm-devel", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.7.1.ppc.rpm", "packageName": "java-1_4_2-ibm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.9-0.7.1.s390x.rpm", "packageName": "java-1_4_2-ibm-devel", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.9-0.7.1.i586.rpm", "packageName": "java-1_4_2-ibm-devel", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.9-0.4.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.4.1.s390x.rpm", "packageName": "java-1_4_2-ibm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.9-0.7.1.i586.rpm", "packageName": "java-1_4_2-ibm-jdbc", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.9-0.7.1.ia64.rpm", "packageName": "java-1_4_2-ibm-devel", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.9-0.4.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.4.1.x86_64.rpm", "packageName": "java-1_4_2-ibm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.7.1.ppc.rpm", "packageName": "java-1_4_2-ibm", "arch": "ppc", "operator": "lt"}, {"OS": "Novell Open Enterprise Server (OES)", "OSVersion": "any", "packageVersion": "1.4.2_sr13.9-0.6", "packageFilename": "IBMJava2-JRE-1.4.2_sr13.9-0.6.i586.rpm", "packageName": "IBMJava2-JRE", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.9-0.7.1.s390x.rpm", "packageName": "java-1_4_2-ibm-devel", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.9-0.7.1.ppc.rpm", "packageName": "java-1_4_2-ibm-jdbc", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.9-0.4.1", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.9-0.4.1.x86_64.rpm", "packageName": "java-1_4_2-ibm-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.9-0.7.1", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.9-0.7.1.ppc.rpm", "packageName": "java-1_4_2-ibm-devel", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.9-0.4.1", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.9-0.4.1.ia64.rpm", "packageName": "java-1_4_2-ibm-devel", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.9-0.4.1", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.9-0.4.1.i586.rpm", "packageName": "java-1_4_2-ibm", "arch": "i586", "operator": "lt"}], "description": "IBM Java 1.4.2 was updated to SR 13 Fix Pack 9, fixing bugs and security issues.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "reporter": "Suse", "published": "2011-05-13T13:10:27", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "title": "remote code execution in java-1_4_2-ibm", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4475", "CVE-2010-4462", "CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4454", "CVE-2010-4473", "CVE-2010-4476", "CVE-2010-4447", "CVE-2010-4466", "CVE-2011-0311"], "modified": "2011-05-13T13:10:27", "id": "SUSE-SA:2011:024", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:40", "references": ["https://vulners.com/securityvulns/securityvulns:doc:25750", "https://vulners.com/securityvulns/securityvulns:doc:25747", "https://vulners.com/securityvulns/securityvulns:doc:25746", "https://vulners.com/securityvulns/securityvulns:doc:25748", "https://vulners.com/securityvulns/securityvulns:doc:25749"], "description": "Over 20 of different vulnerabilities.", "edition": 1, "reporter": "ORACLE", "published": "2011-02-17T00:00:00", "title": "Oracle Java multiple security vulnerabilities / OpenJDK", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:40", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Jre", "version": "6.0", "operator": "eq"}, {"name": "JDK", "version": "5.0", "operator": "eq"}, {"name": "JDK", "version": "6.0", "operator": "eq"}, {"name": "OpenJDK", "version": "6", "operator": "eq"}], "cvelist": ["CVE-2010-4475", "CVE-2010-4468", "CVE-2010-4452", "CVE-2010-4462", "CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4454", "CVE-2010-4451", "CVE-2010-4422", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4463", "CVE-2010-4473", "CVE-2010-4474", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4447", "CVE-2010-4470", "CVE-2011-0706", "CVE-2010-4467", "CVE-2010-4466"], "modified": "2011-02-17T00:00:00", "id": "SECURITYVULNS:VULN:11443", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11443", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:39", "references": [], "description": "ZDI-11-083: Oracle Java Applet Clipboard Injection Remote Code Execution Vulnerability\r\n\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-083\r\n\r\nFebruary 15, 2011\r\n\r\n-- CVE ID:\r\nCVE-2010-4465\r\n\r\n-- CVSS:\r\n10, &#40;AV:N/AC:L/Au:N/C:C/I:C/A:C&#41;\r\n\r\n-- Affected Vendors:\r\nOracle\r\n\r\n-- Affected Products:\r\nOracle Java Runtime\r\n\r\n-- TippingPoint&#40;TM&#41; IPS Customer Protection:\r\nTippingPoint IPS customers have been protected against this\r\nvulnerability by Digital Vaccine protection filter ID 10851. \r\nFor further product information on the TippingPoint IPS, visit:\r\n\r\n http://www.tippingpoint.com\r\n\r\n-- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code on\r\nvulnerable installations of the Oracle Java Runtime. User interaction is\r\nrequired to exploit this vulnerability in that the target must visit a\r\nmalicious page.\r\n\r\nThe specific flaw is due to insufficient defenses against system\r\nclipboard hijacking. When in focus, a handle to the system clipboard can\r\nbe retrieved without user interaction by a malicious component. The\r\nclipboard can then be arbitrarily read from or written to. By writing a\r\nTransferableProxy object to the system clipboard and then forcing a\r\npaste action, arbitrary code can be executed under the context of the\r\nuser invoking the JRE.\r\n\r\n-- Vendor Response:\r\nOracle has issued an update to correct this vulnerability. More\r\ndetails can be found at:\r\n\r\nhttp://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html\r\n\r\n-- Disclosure Timeline:\r\n2010-01-26 - Vulnerability reported to vendor\r\n2011-02-15 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by:\r\n * Sami Koivu\r\n\r\n-- About the Zero Day Initiative &#40;ZDI&#41;:\r\nEstablished by TippingPoint, The Zero Day Initiative &#40;ZDI&#41; represents \r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors &#40;including competitors&#41; who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\r\n\r\nFollow the ZDI on Twitter:\r\n\r\n http://twitter.com/thezdi", "edition": 1, "reporter": "Securityvulns", "published": "2011-02-17T00:00:00", "title": "ZDI-11-083: Oracle Java Applet Clipboard Injection Remote Code Execution Vulnerability", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:39", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2010-4465"], "modified": "2011-02-17T00:00:00", "id": "SECURITYVULNS:DOC:25749", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25749", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:42", "references": [], "description": "Hey,\r\n\r\nToday we are releasing a very interesting whitepaper which describes a DNS\r\npoisoning attack against stub resolvers.\r\n\r\nIt discloses two vulnerabilities:\r\n\r\n1. A vulnerability in Java &#40;CVE-2011-3552, CVE-2010-4448&#41; which enables remote\r\n DNS poisoning using Java applets. This vulnerability can be triggered when\r\n opening a malicious webpage. A successful exploitation of this vulnerability\r\n may lead to disclosure and manipulation of cookies and web pages, disclosure\r\n of NTLM credentials and clipboard data of the logged-on user, and even\r\n firewall bypass.\r\n\r\n2. A vulnerability in multiuser Windows environments which enables local DNS\r\n cache poisoning of arbitrary domains. This vulnerability can be triggered\r\n by a normal user &#40;i.e. one with non-administrative rights&#41; in order to\r\n attack other users of the system. A successful exploitation of this\r\n vulnerability may lead to information disclosure, privilege escalation,\r\n universal XSS and more.\r\n\r\n Whitepaper: http://bit.ly/q31wSq\r\n A blog post with video demos: http://bit.ly/qu4Ez7\r\n\r\n\r\nRoee Hay &lt;roeeh@il.ibm.com&gt;, IBM Rational Application Security Research Group\r\nYair Amit &lt;yairam@gmail.com&gt;\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2011-10-24T00:00:00", "title": "DNS Poisoning via Port Exhaustion", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:42", "vector": "NONE", "value": 2.1}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2010-4448", "CVE-2011-3552"], "modified": "2011-10-24T00:00:00", "id": "SECURITYVULNS:DOC:27184", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27184", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "seebug": [{"lastseen": "2017-11-19T17:56:50", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "references": [], "enchantments_done": [], "description": "CVE ID\uff1aCVE-2010-4465\r\n\r\nOracle Java Runtime Environment\u662f\u4e00\u6b3e\u4e3aJAVA\u5e94\u7528\u7a0b\u5e8f\u63d0\u4f9b\u53ef\u9760\u7684\u8fd0\u884c\u73af\u5883\u7684\u89e3\u51b3\u65b9\u6848\u3002\r\n\u7531\u4e8e\u4e0d\u5145\u5206\u9632\u5fa1\u7cfb\u7edf\u526a\u8d34\u677f\u52ab\u6301\u653b\u51fb\u3002\u5f53in focus\u65f6\uff0c\u6076\u610f\u7ec4\u4ef6\u53ef\u65e0\u9700\u7528\u6237\u4ea4\u4e92\u83b7\u53d6\u7cfb\u7edf\u526a\u8d34\u677f\u7684\u53e5\u67c4\u3002\u7136\u540e\u53ef\u4ece\u526a\u8d34\u677f\u4e2d\u8bfb\u53d6\u6570\u636e\u6216\u5199\u5165\u3002\u901a\u8fc7\u628aTransferableProxy\u5bf9\u8c61\u5199\u5165\u5230\u7cfb\u7edf\u526a\u8d34\u677f\uff0c\u5e76\u5f3a\u5236\u7c98\u8d34\u64cd\u4f5c\uff0c\u53ef\u8c03\u7528JRE\u7528\u6237\u4e0a\u4e0b\u6587\u6267\u884c\u4efb\u610f\u4ee3\u7801\n\nOracle Java Runtime\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\n\r\n\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html", "reporter": "Root", "published": "2011-12-01T00:00:00", "type": "seebug", "title": "Oracle Java Applet\u526a\u8d34\u677f\u6ce8\u5165\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2010-4465"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2011-12-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-24277", "id": "SSV:24277", "sourceData": "", "sourceHref": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "status": "details"}], "zdi": [{"lastseen": "2016-11-09T00:17:58", "references": ["http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html"], "edition": 2, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.\n\nThe specific flaw is due to insufficient defenses against system clipboard hijacking. When in focus, a handle to the system clipboard can be retrieved without user interaction by a malicious component. The clipboard can then be arbitrarily read from or written to. By writing a TransferableProxy object to the system clipboard and then forcing a paste action, arbitrary code can be executed under the context of the user invoking the JRE.", "reporter": "Sami Koivu", "published": "2011-02-15T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "title": "Oracle Java Applet Clipboard Injection Remote Code Execution Vulnerability", "type": "zdi", "bulletinFamily": "info", "cvelist": ["CVE-2010-4465"], "modified": "2011-11-09T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-11-083", "id": "ZDI-11-083", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "vmware": [{"lastseen": "2018-09-02T02:40:33", "references": [], "affectedPackage": [{"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX410-201110206-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX400-201111201-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX410-201110214-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX400-201203401-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "Windows", "OSVersion": "any", "packageVersion": "Update 4", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "Update Manager", "operator": "lt"}, {"OS": "Windows", "OSVersion": "any", "packageVersion": "Update 2", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "Update Manager", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX410-201110201-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "Windows", "OSVersion": "any", "packageVersion": "Update 4", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vCenter", "operator": "lt"}, {"OS": "Windows", "OSVersion": "any", "packageVersion": "Update 2", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vCenter", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX410-201110204-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "3.0.3", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "eq"}, {"OS": "ESXi", "OSVersion": "any", "packageVersion": "ESXi410-201110201-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESXi", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX400-201203406-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}], "description": "a. ESX third party update for Service Console openssl RPM \nThe Service Console openssl RPM is updated to openssl-0.9.8e.12.el5_5.7 resolving two security issues. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-7270 and CVE-2010-4180 to these issues. \nColumn 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. \n\n", "edition": 3, "reporter": "VMware", "published": "2011-10-27T00:00:00", "title": "VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", "type": "vmware", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-3562", "CVE-2010-4475", "CVE-2011-0865", "CVE-2010-2054", "CVE-2010-4468", "CVE-2010-3557", "CVE-2010-3563", "CVE-2010-3551", "CVE-2011-0802", "CVE-2010-3552", "CVE-2010-3553", "CVE-2010-3550", "CVE-2010-4452", "CVE-2010-4462", "CVE-2010-3566", "CVE-2010-4448", "CVE-2010-4465", "CVE-2010-3565", "CVE-2010-4180", "CVE-2010-4454", "CVE-2010-3572", "CVE-2010-4451", "CVE-2010-4422", "CVE-2010-4469", "CVE-2011-0002", "CVE-2010-4450", "CVE-2010-4463", "CVE-2010-3574", "CVE-2010-4473", "CVE-2010-4474", "CVE-2010-3541", "CVE-2011-0873", "CVE-2010-3571", "CVE-2010-3173", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-3560", "CVE-2010-3559", "CVE-2008-7270", "CVE-2011-0815", "CVE-2010-1321", "CVE-2010-3556", "CVE-2011-0867", "CVE-2010-3561", "CVE-2010-4447", "CVE-2010-3549", "CVE-2010-3554", "CVE-2010-3170", "CVE-2010-4470", "CVE-2010-3555", "CVE-2011-0864", "CVE-2010-3570", "CVE-2010-3567", "CVE-2010-3573", "CVE-2010-3548", "CVE-2010-4467", "CVE-2010-3568", "CVE-2011-0862", "CVE-2010-3558", "CVE-2010-4466", "CVE-2010-3569", "CVE-2011-0871", "CVE-2011-0814"], "modified": "2012-03-29T00:00:00", "id": "VMSA-2011-0013", "href": "https://www.vmware.com/security/advisories/VMSA-2011-0013.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:47:03", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558", "https://bugs.gentoo.org/show_bug.cgi?id=387851", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551", "https://bugs.gentoo.org/show_bug.cgi?id=354213", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553", "https://bugs.gentoo.org/show_bug.cgi?id=340421", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476", "https://bugs.gentoo.org/show_bug.cgi?id=370559", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.6.0.29", "packageFilename": "UNKNOWN", "packageName": "dev-java/sun-jdk", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.6.0.29", "packageFilename": "UNKNOWN", "packageName": "dev-java/sun-jre-bin", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.6.0.29", "packageFilename": "UNKNOWN", "packageName": "app-emulation/emul-linux-x86-java", "arch": "all", "operator": "lt"}], "description": "### Background\n\nThe Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE) provide the Oracle Java platform (formerly known as Sun Java Platform). \n\n### Description\n\nMultiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below and the associated Oracle Critical Patch Update Advisory for details. \n\n### Impact\n\nA remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Oracle JDK 1.6 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-java/sun-jdk-1.6.0.29\"\n \n\nAll Oracle JRE 1.6 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-java/sun-jre-bin-1.6.0.29\"\n \n\nAll users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=app-emulation/emul-linux-x86-java-1.6.0.29\"\n \n\nNOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically. This limitation is not present on a non-fetch restricted implementation such as dev-java/icedtea-bin.", "edition": 1, "reporter": "Gentoo Foundation", "published": "2011-11-05T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "gentoo", "title": "Oracle JRE/JDK: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3562", "CVE-2010-4475", "CVE-2011-0865", "CVE-2011-3557", "CVE-2010-4468", "CVE-2010-3557", "CVE-2011-3551", "CVE-2010-3563", "CVE-2011-3549", "CVE-2010-3551", "CVE-2011-0802", "CVE-2011-0868", "CVE-2010-3552", "CVE-2010-3553", "CVE-2010-3550", "CVE-2010-4452", "CVE-2011-3561", "CVE-2010-4462", "CVE-2010-3566", "CVE-2010-4448", "CVE-2010-4465", "CVE-2011-0869", "CVE-2010-3565", "CVE-2011-0863", "CVE-2010-4454", "CVE-2010-3572", "CVE-2010-4451", "CVE-2011-3548", "CVE-2010-4422", "CVE-2011-3547", "CVE-2010-4469", "CVE-2011-3521", "CVE-2011-3389", "CVE-2010-4450", "CVE-2010-4463", "CVE-2010-3574", "CVE-2011-3544", "CVE-2011-3553", "CVE-2010-4473", "CVE-2010-4474", "CVE-2011-3516", "CVE-2010-3541", "CVE-2011-3558", "CVE-2011-0873", "CVE-2010-3571", "CVE-2011-3555", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-3560", "CVE-2010-3559", "CVE-2011-0815", "CVE-2011-3546", "CVE-2010-3556", "CVE-2011-3554", "CVE-2011-0867", "CVE-2010-3561", "CVE-2010-4447", "CVE-2010-3549", "CVE-2011-3556", "CVE-2010-3554", "CVE-2010-4470", "CVE-2011-3560", "CVE-2010-3555", "CVE-2011-0864", "CVE-2010-3570", "CVE-2011-3545", "CVE-2011-3552", "CVE-2010-3567", "CVE-2010-3573", "CVE-2010-3548", "CVE-2011-3550", "CVE-2010-4467", "CVE-2010-3568", "CVE-2011-0862", "CVE-2010-3558", "CVE-2010-4466", "CVE-2010-3569", "CVE-2011-0871", "CVE-2011-0814", "CVE-2011-0872"], "modified": "2011-11-05T00:00:00", "id": "GLSA-201111-02", "href": "https://security.gentoo.org/glsa/201111-02", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-06T19:46:20", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0446", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0870", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0425", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1480", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0444", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450", "https://bugs.gentoo.org/show_bug.cgi?id=330205", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0427", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548", "https://bugs.gentoo.org/show_bug.cgi?id=457206", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1876", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0458", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0456", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0440", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3422", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868", "https://bugs.gentoo.org/show_bug.cgi?id=477210", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0451", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0706", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0459", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778", "https://bugs.gentoo.org/show_bug.cgi?id=353418", "https://bugs.gentoo.org/show_bug.cgi?id=461714", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0435", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2412", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431", "https://bugs.gentoo.org/show_bug.cgi?id=312297", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0442", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0450", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2423", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555", "https://bugs.gentoo.org/show_bug.cgi?id=421031", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0428", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0433", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3423", "https://bugs.gentoo.org/show_bug.cgi?id=387637", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864", "https://bugs.gentoo.org/show_bug.cgi?id=354231", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0434", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470", "https://bugs.gentoo.org/show_bug.cgi?id=404095", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0453", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4351", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1476", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4002", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802", "https://bugs.gentoo.org/show_bug.cgi?id=438750", "https://bugs.gentoo.org/show_bug.cgi?id=429522", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0025", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0426", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563", "https://bugs.gentoo.org/show_bug.cgi?id=442478", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0431", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569", "https://bugs.gentoo.org/show_bug.cgi?id=370787", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5979", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0441", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521", "https://bugs.gentoo.org/show_bug.cgi?id=489570", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0443", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0452", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089", "https://bugs.gentoo.org/show_bug.cgi?id=458410", "https://bugs.gentoo.org/show_bug.cgi?id=352035", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6629", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4540", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459", "https://bugs.gentoo.org/show_bug.cgi?id=466822", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456", "https://bugs.gentoo.org/show_bug.cgi?id=355127", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1475", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2548", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2397", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2414", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552", "https://bugs.gentoo.org/show_bug.cgi?id=433389", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0424", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2398", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1478", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0461", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2427", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6954", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0460", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0429", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420", "https://bugs.gentoo.org/show_bug.cgi?id=346799", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0822", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3571", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0457", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417", "https://bugs.gentoo.org/show_bug.cgi?id=340819", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3860", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2783", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537", "https://bugs.gentoo.org/show_bug.cgi?id=508270", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0429", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0432", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2421", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2403", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3564", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "6.1.13.3", "packageFilename": "UNKNOWN", "packageName": "dev-java/icedtea-bin", "arch": "all", "operator": "lt"}], "description": "### Background\n\nIcedTea is a distribution of the Java OpenJDK source code built with free build tools. \n\n### Description\n\nMultiple vulnerabilities have been discovered in the IcedTea JDK. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, bypass intended security policies, or have other unspecified impact. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll IcedTea JDK users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-java/icedtea-bin-6.1.13.3\"", "edition": 1, "reporter": "Gentoo Foundation", "published": "2014-06-29T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "gentoo", "title": "IcedTea JDK: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5089", "CVE-2013-0426", "CVE-2013-2431", "CVE-2010-3562", "CVE-2013-2420", "CVE-2011-0865", "CVE-2013-2384", "CVE-2013-2415", "CVE-2012-1711", "CVE-2014-2397", "CVE-2013-1571", "CVE-2013-5782", "CVE-2011-3557", "CVE-2013-2417", "CVE-2013-1500", "CVE-2013-2448", "CVE-2010-3557", "CVE-2011-3551", "CVE-2013-4002", "CVE-2013-0401", "CVE-2012-5074", "CVE-2012-5073", "CVE-2013-0427", "CVE-2012-1725", "CVE-2013-2424", "CVE-2014-0457", "CVE-2013-5850", "CVE-2013-2407", "CVE-2013-5778", "CVE-2013-1478", "CVE-2013-2456", "CVE-2010-3551", "CVE-2011-0868", "CVE-2013-0428", "CVE-2014-0446", "CVE-2013-2436", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-1485", "CVE-2013-0169", "CVE-2010-3553", "CVE-2012-1719", "CVE-2014-1876", "CVE-2014-0458", "CVE-2013-0429", "CVE-2014-2427", "CVE-2011-3563", "CVE-2013-1475", "CVE-2013-2421", "CVE-2013-1518", "CVE-2013-0435", "CVE-2012-5087", "CVE-2013-0809", "CVE-2013-0442", "CVE-2010-3566", "CVE-2013-2452", "CVE-2013-2451", "CVE-2013-5842", "CVE-2010-4448", "CVE-2013-0431", "CVE-2010-4465", "CVE-2012-5085", "CVE-2012-4540", "CVE-2011-0869", "CVE-2010-3565", "CVE-2012-5076", "CVE-2013-5830", "CVE-2013-2473", "CVE-2013-6954", "CVE-2012-4416", "CVE-2012-5075", "CVE-2014-0453", "CVE-2013-1488", "CVE-2012-0424", "CVE-2013-0434", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2011-3548", "CVE-2012-5081", "CVE-2011-3547", "CVE-2013-5817", "CVE-2010-4469", "CVE-2012-0503", "CVE-2011-3521", "CVE-2013-0443", "CVE-2011-5035", "CVE-2013-2419", "CVE-2014-0461", "CVE-2012-1723", "CVE-2013-2463", "CVE-2011-3571", "CVE-2010-3860", "CVE-2011-3389", "CVE-2013-2469", "CVE-2014-0459", "CVE-2014-0456", "CVE-2010-4450", "CVE-2012-1726", "CVE-2013-2465", "CVE-2013-1537", "CVE-2014-0429", "CVE-2013-5806", "CVE-2010-3574", "CVE-2011-3544", "CVE-2013-5805", "CVE-2011-3553", "CVE-2013-0444", "CVE-2012-0506", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-5825", "CVE-2012-1717", "CVE-2013-2423", "CVE-2010-3541", "CVE-2013-5823", "CVE-2011-3558", "CVE-2014-2403", "CVE-2012-1713", "CVE-2013-2461", "CVE-2012-1716", "CVE-2009-3555", "CVE-2013-2429", "CVE-2013-5849", "CVE-2014-2412", "CVE-2010-2548", "CVE-2012-5086", "CVE-2013-2471", "CVE-2012-0497", "CVE-2012-5077", "CVE-2013-1486", "CVE-2013-1476", "CVE-2010-4476", "CVE-2010-4472", "CVE-2013-5780", "CVE-2010-4471", "CVE-2014-2421", "CVE-2012-5069", "CVE-2012-3216", "CVE-2014-0460", "CVE-2011-0870", "CVE-2011-0815", "CVE-2013-0432", "CVE-2012-0505", "CVE-2012-5084", "CVE-2012-1718", "CVE-2010-2783", "CVE-2013-2458", "CVE-2011-3554", "CVE-2013-0424", "CVE-2013-2459", "CVE-2013-0450", "CVE-2012-5071", "CVE-2013-5814", "CVE-2010-3561", "CVE-2011-0025", "CVE-2012-0501", "CVE-2010-3564", "CVE-2013-0440", "CVE-2013-2443", "CVE-2010-3549", "CVE-2012-3422", "CVE-2013-2446", "CVE-2011-3556", "CVE-2012-0547", "CVE-2013-5829", "CVE-2010-3554", "CVE-2013-5803", "CVE-2012-5072", "CVE-2013-2450", "CVE-2013-2472", "CVE-2014-2423", "CVE-2010-4470", "CVE-2011-0822", "CVE-2011-3560", "CVE-2013-1493", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2010-4351", "CVE-2011-0864", "CVE-2013-2453", "CVE-2013-1557", "CVE-2013-2426", "CVE-2013-2455", "CVE-2013-2422", "CVE-2013-2383", "CVE-2013-0425", "CVE-2013-1484", "CVE-2011-3552", "CVE-2013-5774", "CVE-2012-1724", "CVE-2010-3567", "CVE-2010-3573", "CVE-2013-6629", "CVE-2012-5068", "CVE-2013-3829", "CVE-2013-0441", "CVE-2010-3548", "CVE-2011-0706", "CVE-2012-5979", "CVE-2012-0502", "CVE-2013-5783", "CVE-2010-4467", "CVE-2012-3423", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5790", "CVE-2014-2398", "CVE-2010-3568", "CVE-2014-0451", "CVE-2013-1569", "CVE-2013-2412", "CVE-2014-0452", "CVE-2011-0862", "CVE-2013-2445", "CVE-2013-2430", "CVE-2013-2460", "CVE-2013-5840", "CVE-2014-2414", "CVE-2010-3569", "CVE-2011-0871", "CVE-2013-2449", "CVE-2011-0872", "CVE-2012-5070", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2016-04-19T00:00:00", "id": "GLSA-201406-32", "href": "https://security.gentoo.org/glsa/201406-32", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oracle": [{"lastseen": "2018-08-31T04:13:57", "references": [], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are cumulative but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n**Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible.** This Critical Patch Update contains 73 new security fixes across all product families listed below.\n", "edition": 3, "reporter": "Oracle", "published": "2011-04-19T00:00:00", "title": "cpuapr2011", "type": "oracle", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Oracle HTTP Server", "version": "10.1.2.3", "operator": "le"}, {"name": "Oracle Security Service", "version": "10.1.3.5", "operator": "le"}, {"name": "Siebel CRM Core", "version": "8.1.1", "operator": "le"}, {"name": "OpenSSO Enterprise, Sun Java System Access Manager", "version": "7.1", "operator": "le"}, {"name": "Web ADI", "version": "12.1.3", "operator": "le"}, {"name": "Network Foundation", "version": "11.1.0.7", "operator": "le"}, {"name": "Web ADI", "version": "12.1.1", "operator": "le"}, {"name": "PeopleSoft Enterprise ELS", "version": "9.0", "operator": "le"}, {"name": "PeopleSoft Enterprise", "version": "8.51", "operator": "le"}, {"name": "Java Dynamic Management Kit", "version": "5.1", "operator": "le"}, {"name": "PeopleSoft Enterprise HRMS", "version": "9.0", "operator": "le"}, {"name": "Oracle Security Service", "version": "11.1.1.2.0", "operator": "le"}, {"name": "Sun GlassFish Enterprise Server, Sun Java System Application Server", "version": "9.1", "operator": "le"}, {"name": "Oracle Outside In Technology", "version": "8.3.5.0", "operator": "le"}, {"name": "Oracle Open Office, StarOffice, StarSuite", "version": "3", "operator": "le"}, {"name": "Oracle Warehouse Builder", "version": "11.2.0.1", "operator": "le"}, {"name": "Sun GlassFish Enterprise Server, Sun Java System Application Server", "version": "3.0.1", "operator": "le"}, {"name": "Oracle Open Office, StarOffice, StarSuite", "version": "8", "operator": "le"}, {"name": "PeopleSoft Enterprise ELS", "version": "9.1", "operator": "le"}, {"name": "Network Foundation", "version": "11.2.0.2", "operator": "le"}, {"name": "OpenSSO Enterprise, Sun Java System Access Manager", "version": "8.0", "operator": "le"}, {"name": "Single Sign On", "version": "10.1.2.3", "operator": "le"}, {"name": "Oracle Warehouse Builder", "version": "10.2.0.5", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "9.2.4", "operator": "le"}, {"name": "Oracle Security Service", "version": "10.2.0.4", "operator": "le"}, {"name": "Database Vault", "version": "11.2.0.2", "operator": "le"}, {"name": "Oracle iPlanet Web Server (Sun Java System Web Server)", "version": "7.0", "operator": "le"}, {"name": "Oracle Security Service", "version": "10.1.4.3", "operator": "le"}, {"name": "Oracle Security Service", "version": "10.1.4.0.1", "operator": "le"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "8.49", "operator": "le"}, {"name": "Solaris", "version": "8", "operator": "le"}, {"name": "PeopleSoft Enterprise CRM", "version": "8.9", "operator": "le"}, {"name": "Oracle Outside In Technology", "version": "8.3.2.0", "operator": "le"}, {"name": "InForm", "version": "4.5", "operator": "le"}, {"name": "Oracle Security Service", "version": "10.1.2.3", "operator": "le"}, {"name": "Applications Install", "version": "12.0.6", "operator": "le"}, {"name": "Siebel CRM Core", "version": "8.0.0", "operator": "le"}, {"name": "Oracle JRockit", "version": "27.6.8", "operator": "le"}, {"name": "Oracle Security Service", "version": "11.2.0.1", "operator": "le"}, {"name": "PeopleSoft Enterprise", "version": "8.8", "operator": "le"}, {"name": "Database Vault", "version": "11.1.0.7", "operator": "le"}, {"name": "Portal", "version": "10.1.2.3", "operator": "le"}, {"name": "PeopleSoft Enterprise", "version": "9.1", "operator": "le"}, {"name": "Application Object Library", "version": "11.5.10.2", "operator": "le"}, {"name": "PeopleSoft Enterprise", "version": "8.9", "operator": "le"}, {"name": "Solaris", "version": "11", "operator": "le"}, {"name": "UIX", "version": "11.2.0.1", "operator": "le"}, {"name": "UIX", "version": "11.1.0.7", "operator": "le"}, {"name": "Database Vault", "version": "10.2.0.3", "operator": "le"}, {"name": "Network Foundation", "version": "10.2.0.4", "operator": "le"}, {"name": "Siebel CRM Core", "version": "7.8.2", "operator": "le"}, {"name": "Database Vault", "version": "11.2.0.1", "operator": "le"}, {"name": "Sun Java System Messaging Server", "version": "7.0", "operator": "le"}, {"name": "Oracle Security Service", "version": "10.1.0.5", "operator": "le"}, {"name": "Oracle Security Service", "version": "11.1.0.7", "operator": "le"}, {"name": "UIX", "version": "10.2.0.4", "operator": "le"}, {"name": "UIX", "version": "10.1.0.5", "operator": "le"}, {"name": "PeopleSoft Enterprise", "version": "9.0", "operator": "le"}, {"name": "Database Vault", "version": "10.2.0.5", "operator": "le"}, {"name": "Oracle iPlanet Web Server (Sun Java System Web Server)", "version": "6.1", "operator": "le"}, {"name": "Sun Java System Access Manager Policy Agent", "version": "2.2", "operator": "le"}, {"name": "Sun GlassFish Enterprise Server, Sun Java System Application Server", "version": "2.1", "operator": "le"}, {"name": "Database Vault", "version": "10.2.0.4", "operator": "le"}, {"name": "PeopleSoft Enterprise HRMS", "version": "9.1", "operator": "le"}, {"name": "Solaris", "version": "10", "operator": "le"}, {"name": "Portal", "version": "11.1.1.2.0", "operator": "le"}, {"name": "Oracle Security Service", "version": "11.2.0.2", "operator": "le"}, {"name": "Oracle Security Service", "version": "10.2.0.5", "operator": "le"}, {"name": "InForm", "version": "4.6", "operator": "le"}, {"name": "Applications Install", "version": "11.5.10.2", "operator": "le"}, {"name": "Solaris", "version": "9", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "10.3.2", "operator": "le"}, {"name": "Oracle JRockit", "version": "5", "operator": "le"}, {"name": "PeopleSoft Enterprise", "version": "8.49", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "10.3.3", "operator": "le"}, {"name": "Applications Install", "version": "12.1.3", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "10.3.4", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "9.2.3", "operator": "le"}, {"name": "PeopleSoft Enterprise", "version": "8.50", "operator": "le"}, {"name": "Web ADI", "version": "12.1.2", "operator": "le"}, {"name": "InForm", "version": "5.0", "operator": "le"}, {"name": "Application Object Library", "version": "12.1.2", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "8.1.6", "operator": "le"}, {"name": "Application Service Level Management", "version": "11.1.0.7", "operator": "le"}, {"name": "Application Object Library", "version": "12.1.1", "operator": "le"}, {"name": "Agile Technology Platform", "version": "9.3.1", "operator": "le"}, {"name": "Applications Install", "version": "12.1.1", "operator": "le"}, {"name": "Network Foundation", "version": "10.1.0.5", "operator": "le"}, {"name": "Network Foundation", "version": "10.2.0.5", "operator": "le"}, {"name": "Web ADI", "version": "11.5.10.2", "operator": "le"}, {"name": "Oracle Security Service", "version": "11.1.1.3.0", "operator": "le"}, {"name": "Web ADI", "version": "12.0.6", "operator": "le"}, {"name": "Oracle Security Service", "version": "10.2.0.3", "operator": "le"}, {"name": "Application Object Library", "version": "12.0.6", "operator": "le"}, {"name": "Application Object Library", "version": "12.1.3", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "10.0.2", "operator": "le"}, {"name": "Sun Java System Messaging Server", "version": "6.3", "operator": "le"}, {"name": "Sun GlassFish Enterprise Server, Sun Java System Application Server", "version": "2.1.1", "operator": "le"}, {"name": "Network Foundation", "version": "11.2.0.1", "operator": "le"}, {"name": "Applications Install", "version": "12.1.2", "operator": "le"}, {"name": "Oracle Warehouse Builder", "version": "11.1.0.7", "operator": "le"}, {"name": "JD Edwards EnterpriseOne Tools", "version": "8.9", "operator": "le"}, {"name": "Agile Technology Platform", "version": "9.3.0.2", "operator": "le"}], "cvelist": ["CVE-2011-0799", "CVE-2011-0412", "CVE-2011-0801", "CVE-2011-0808", "CVE-2011-0859", "CVE-2011-0856", "CVE-2011-0793", "CVE-2011-0791", "CVE-2010-4468", "CVE-2010-3450", "CVE-2011-0837", "CVE-2011-0787", "CVE-2011-0821", "CVE-2011-0812", "CVE-2011-0827", "CVE-2011-0805", "CVE-2011-0846", "CVE-2011-0824", "CVE-2011-0807", "CVE-2010-4452", "CVE-2011-0810", "CVE-2011-0790", "CVE-2010-4462", "CVE-2011-0851", "CVE-2010-4448", "CVE-2010-4465", "CVE-2011-0803", "CVE-2011-0798", "CVE-2010-3689", "CVE-2011-0820", "CVE-2010-4454", "CVE-2011-0806", "CVE-2010-4253", "CVE-2011-0809", "CVE-2011-0789", "CVE-2011-0841", "CVE-2011-0861", "CVE-2010-3451", "CVE-2011-0795", "CVE-2010-4450", "CVE-2011-0834", "CVE-2011-0825", "CVE-2011-0823", "CVE-2011-0850", "CVE-2010-4473", "CVE-2011-0860", "CVE-2011-0828", "CVE-2011-0858", "CVE-2011-0847", "CVE-2009-3555", "CVE-2010-3454", "CVE-2010-4476", "CVE-2010-4472", "CVE-2011-0843", "CVE-2010-4471", "CVE-2011-0849", "CVE-2011-0800", "CVE-2011-0826", "CVE-2011-0840", "CVE-2011-0857", "CVE-2011-0792", "CVE-2011-0818", "CVE-2010-4643", "CVE-2011-0853", "CVE-2011-0794", "CVE-2010-3453", "CVE-2011-0836", "CVE-2011-0839", "CVE-2010-4470", "CVE-2011-0796", "CVE-2011-0833", "CVE-2011-0813", "CVE-2011-0804", "CVE-2011-0819", "CVE-2011-0844", "CVE-2011-0829", "CVE-2011-0855", "CVE-2011-0797", "CVE-2011-0411", "CVE-2011-0785", "CVE-2010-3452", "CVE-2011-0854"], "modified": "2011-04-28T00:00:00", "id": "ORACLE:CPUAPR2011-301950", "href": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}