ID SUSE_11_3_JAVA-1_6_0-OPENJDK-110228.NASL Type nessus Reporter This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2014-06-13T00:00:00
Description
Multiple vulnerabilities were fixed in java-1_6_0-openjdk :
CVE-2010-4448: CVSS v2 Base Score: 2.6
(AV:N/AC:H/Au:N/C:N/I:P/A:N): DNS cache poisoning by
untrusted applets
CVE-2010-4450: CVSS v2 Base Score: 3.7
(AV:L/AC:H/Au:N/C:P/I:P/A:P): Launcher incorrect
processing of empty library path entries
{"nessus": [{"lastseen": "2021-01-12T10:09:21", "description": "This update fixes the following security issues :\n\nS6378709, CVE-2010-4465: AWT event dispatch does not support framework\ncode \n\nS6854912, CVE-2010-4465: Security issue with the clipboard access in\nApplets \n\nS6878713, CVE-2010-4469: Verifier heap corruption, relating to\nbackward jsrs \n\nS6907662, CVE-2010-4465: System clipboard should ensure access\nrestrictions \n\nS6927050, CVE-2010-4470: Features set on SchemaFactory not inherited\nby Validator \n\nS6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets \n\nS6983554, CVE-2010-4450: (launcher) Fix empty user's LD_LIBRARY_PATH\nenvironment variable in the launcher \n\nS6985453, CVE-2010-4471: Font.createFont may expose some system\nproperties in exception text \n\nS6994263, CVE-2010-4472: Untrusted code can replace JRE's XML DSig\nTransform or C14N algorithm implementations \n\nRH677332, CVE-2011-0706: IcedTea multiple signers privilege escalation\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "published": "2011-02-17T00:00:00", "title": "Fedora 14 : java-1.6.0-openjdk-1.6.0.0-52.1.9.7.fc14 (2011-1645)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "modified": "2011-02-17T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:14", "p-cpe:/a:fedoraproject:fedora:java-1.6.0-openjdk"], "id": "FEDORA_2011-1645.NASL", "href": "https://www.tenable.com/plugins/nessus/52006", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-1645.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(52006);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2011-0706\");\n script_xref(name:\"FEDORA\", value:\"2011-1645\");\n\n script_name(english:\"Fedora 14 : java-1.6.0-openjdk-1.6.0.0-52.1.9.7.fc14 (2011-1645)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issues :\n\nS6378709, CVE-2010-4465: AWT event dispatch does not support framework\ncode \n\nS6854912, CVE-2010-4465: Security issue with the clipboard access in\nApplets \n\nS6878713, CVE-2010-4469: Verifier heap corruption, relating to\nbackward jsrs \n\nS6907662, CVE-2010-4465: System clipboard should ensure access\nrestrictions \n\nS6927050, CVE-2010-4470: Features set on SchemaFactory not inherited\nby Validator \n\nS6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets \n\nS6983554, CVE-2010-4450: (launcher) Fix empty user's LD_LIBRARY_PATH\nenvironment variable in the launcher \n\nS6985453, CVE-2010-4471: Font.createFont may expose some system\nproperties in exception text \n\nS6994263, CVE-2010-4472: Untrusted code can replace JRE's XML DSig\nTransform or C14N algorithm implementations \n\nRH677332, CVE-2011-0706: IcedTea multiple signers privilege escalation\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?48fd0267\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/02/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"java-1.6.0-openjdk-1.6.0.0-52.1.9.7.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:09:21", "description": "This update fixes the following security issues :\n\nS6378709, CVE-2010-4465: AWT event dispatch does not support framework\ncode \n\nS6854912, CVE-2010-4465: Security issue with the clipboard access in\nApplets \n\nS6878713, CVE-2010-4469: Verifier heap corruption, relating to\nbackward jsrs \n\nS6907662, CVE-2010-4465: System clipboard should ensure access\nrestrictions \n\nS6927050, CVE-2010-4470: Features set on SchemaFactory not inherited\nby Validator \n\nS6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets \n\nS6983554, CVE-2010-4450: (launcher) Fix empty user's LD_LIBRARY_PATH\nenvironment variable in the launcher \n\nS6985453, CVE-2010-4471: Font.createFont may expose some system\nproperties in exception text \n\nS6994263, CVE-2010-4472: Untrusted code can replace JRE's XML DSig\nTransform or C14N algorithm implementations \n\nRH677332, CVE-2011-0706: IcedTea multiple signers privilege escalation\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "published": "2011-02-17T00:00:00", "title": "Fedora 13 : java-1.6.0-openjdk-1.6.0.0-50.1.8.7.fc13 (2011-1631)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "modified": "2011-02-17T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:13", "p-cpe:/a:fedoraproject:fedora:java-1.6.0-openjdk"], "id": "FEDORA_2011-1631.NASL", "href": "https://www.tenable.com/plugins/nessus/52005", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-1631.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(52005);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2011-0706\");\n script_xref(name:\"FEDORA\", value:\"2011-1631\");\n\n script_name(english:\"Fedora 13 : java-1.6.0-openjdk-1.6.0.0-50.1.8.7.fc13 (2011-1631)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issues :\n\nS6378709, CVE-2010-4465: AWT event dispatch does not support framework\ncode \n\nS6854912, CVE-2010-4465: Security issue with the clipboard access in\nApplets \n\nS6878713, CVE-2010-4469: Verifier heap corruption, relating to\nbackward jsrs \n\nS6907662, CVE-2010-4465: System clipboard should ensure access\nrestrictions \n\nS6927050, CVE-2010-4470: Features set on SchemaFactory not inherited\nby Validator \n\nS6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets \n\nS6983554, CVE-2010-4450: (launcher) Fix empty user's LD_LIBRARY_PATH\nenvironment variable in the launcher \n\nS6985453, CVE-2010-4471: Font.createFont may expose some system\nproperties in exception text \n\nS6994263, CVE-2010-4472: Untrusted code can replace JRE's XML DSig\nTransform or C14N algorithm implementations \n\nRH677332, CVE-2011-0706: IcedTea multiple signers privilege escalation\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9a673f3e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/02/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"java-1.6.0-openjdk-1.6.0.0-50.1.8.7.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:05:45", "description": "Multiple vulnerabilities were fixed in java-1_6_0-openjdk :\n\n - CVE-2010-4448: CVSS v2 Base Score: 2.6\n (AV:N/AC:H/Au:N/C:N/I:P/A:N): DNS cache poisoning by\n untrusted applets\n\n - CVE-2010-4450: CVSS v2 Base Score: 3.7\n (AV:L/AC:H/Au:N/C:P/I:P/A:P): Launcher incorrect\n processing of empty library path entries\n\n - CVE-2010-4465: CVSS v2 Base Score: 6.8\n (AV:N/AC:M/Au:N/C:P/I:P/A:P): Swing timer-based security\n manager bypass\n\n - CVE-2010-4469: CVSS v2 Base Score: 6.8\n (AV:N/AC:M/Au:N/C:P/I:P/A:P): Hotspot backward jsr heap\n corruption\n\n - CVE-2010-4470: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:N/A:P): JAXP untrusted component\n state manipulation\n\n - CVE-2010-4471: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:P/A:N): Java2D font-related system\n property leak\n\n - CVE-2010-4472: CVSS v2 Base Score: 2.6\n (AV:N/AC:H/Au:N/C:P/I:N/A:N): Untrusted code allowed to\n replace DSIG/C14N implementation\n\n - CVE-2011-0706: CVSS v2 Base Score: 7.5\n (AV:N/AC:L/Au:N/C:P/I:P/A:P): Permissions, Privileges,\n and Access Control (CWE-264)", "edition": 26, "published": "2011-05-05T00:00:00", "title": "openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2011:0155-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "modified": "2011-05-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_6_0-openjdk", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-plugin", "cpe:/o:novell:opensuse:11.2", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src"], "id": "SUSE_11_2_JAVA-1_6_0-OPENJDK-110228.NASL", "href": "https://www.tenable.com/plugins/nessus/53735", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_6_0-openjdk-4038.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53735);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2011-0706\");\n\n script_name(english:\"openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2011:0155-1)\");\n script_summary(english:\"Check for the java-1_6_0-openjdk-4038 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were fixed in java-1_6_0-openjdk :\n\n - CVE-2010-4448: CVSS v2 Base Score: 2.6\n (AV:N/AC:H/Au:N/C:N/I:P/A:N): DNS cache poisoning by\n untrusted applets\n\n - CVE-2010-4450: CVSS v2 Base Score: 3.7\n (AV:L/AC:H/Au:N/C:P/I:P/A:P): Launcher incorrect\n processing of empty library path entries\n\n - CVE-2010-4465: CVSS v2 Base Score: 6.8\n (AV:N/AC:M/Au:N/C:P/I:P/A:P): Swing timer-based security\n manager bypass\n\n - CVE-2010-4469: CVSS v2 Base Score: 6.8\n (AV:N/AC:M/Au:N/C:P/I:P/A:P): Hotspot backward jsr heap\n corruption\n\n - CVE-2010-4470: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:N/A:P): JAXP untrusted component\n state manipulation\n\n - CVE-2010-4471: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:P/A:N): Java2D font-related system\n property leak\n\n - CVE-2010-4472: CVSS v2 Base Score: 2.6\n (AV:N/AC:H/Au:N/C:P/I:N/A:N): Untrusted code allowed to\n replace DSIG/C14N implementation\n\n - CVE-2011-0706: CVSS v2 Base Score: 7.5\n (AV:N/AC:L/Au:N/C:P/I:P/A:P): Permissions, Privileges,\n and Access Control (CWE-264)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=671714\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-03/msg00002.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_6_0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"java-1_6_0-openjdk-1.6.0.0_b20.1.9.7-1.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"java-1_6_0-openjdk-demo-1.6.0.0_b20.1.9.7-1.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"java-1_6_0-openjdk-devel-1.6.0.0_b20.1.9.7-1.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"java-1_6_0-openjdk-javadoc-1.6.0.0_b20.1.9.7-1.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"java-1_6_0-openjdk-plugin-1.6.0.0_b20.1.9.7-1.2.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"java-1_6_0-openjdk-src-1.6.0.0_b20.1.9.7-1.2.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_6_0-openjdk\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:34:27", "description": "USN-1079-1 fixed vulnerabilities in OpenJDK 6 for non-armel (ARM)\narchitectures. This update provides the corresponding updates for\nOpenJDK 6 for use with the armel (ARM) architectures.\n\nIn order to build the armel (ARM) OpenJDK 6 update for Ubuntu 10.04\nLTS, it was necessary to rebuild binutils and gcj-4.4 from Ubuntu\n10.04 LTS updates.\n\nIt was discovered that untrusted Java applets could create domain name\nresolution cache entries, allowing an attacker to manipulate name\nresolution within the JVM. (CVE-2010-4448)\n\nIt was discovered that the Java launcher did not did not\nproperly setup the LD_LIBRARY_PATH environment variable. A\nlocal attacker could exploit this to execute arbitrary code\nas the user invoking the program. (CVE-2010-4450)\n\nIt was discovered that within the Swing library, forged\ntimer events could allow bypass of SecurityManager checks.\nThis could allow an attacker to access restricted resources.\n(CVE-2010-4465)\n\nIt was discovered that certain bytecode combinations\nconfused memory management within the HotSpot JVM. This\ncould allow an attacker to cause a denial of service through\nan application crash or possibly inject code.\n(CVE-2010-4469)\n\nIt was discovered that the way JAXP components were handled\nallowed them to be manipulated by untrusted applets. An\nattacker could use this to bypass XML processing\nrestrictions and elevate privileges. (CVE-2010-4470)\n\nIt was discovered that the Java2D subcomponent, when\nprocessing broken CFF fonts could leak system properties.\n(CVE-2010-4471)\n\nIt was discovered that a flaw in the XML Digital Signature\ncomponent could allow an attacker to cause untrusted code to\nreplace the XML Digital Signature Transform or C14N\nalgorithm implementations. (CVE-2010-4472)\n\nKonstantin Preisser and others discovered that specific\ndouble literals were improperly handled, allowing a remote\nattacker to cause a denial of service. (CVE-2010-4476)\n\nIt was discovered that the JNLPClassLoader class when\nhandling multiple signatures allowed remote attackers to\ngain privileges due to the assignment of an inappropriate\nsecurity descriptor. (CVE-2011-0706).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2013-03-09T00:00:00", "title": "Ubuntu 9.10 / 10.04 LTS : openjdk-6b18 vulnerabilities (USN-1079-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre", "cpe:/o:canonical:ubuntu_linux:9.10", "p-cpe:/a:canonical:ubuntu_linux:icedtea6-plugin", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless"], "id": "UBUNTU_USN-1079-2.NASL", "href": "https://www.tenable.com/plugins/nessus/65099", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1079-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65099);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:26\");\n\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2010-4476\", \"CVE-2011-0706\");\n script_bugtraq_id(46091, 46387, 46397, 46398, 46399, 46400, 46404, 46406, 46439);\n script_xref(name:\"USN\", value:\"1079-2\");\n\n script_name(english:\"Ubuntu 9.10 / 10.04 LTS : openjdk-6b18 vulnerabilities (USN-1079-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-1079-1 fixed vulnerabilities in OpenJDK 6 for non-armel (ARM)\narchitectures. This update provides the corresponding updates for\nOpenJDK 6 for use with the armel (ARM) architectures.\n\nIn order to build the armel (ARM) OpenJDK 6 update for Ubuntu 10.04\nLTS, it was necessary to rebuild binutils and gcj-4.4 from Ubuntu\n10.04 LTS updates.\n\nIt was discovered that untrusted Java applets could create domain name\nresolution cache entries, allowing an attacker to manipulate name\nresolution within the JVM. (CVE-2010-4448)\n\nIt was discovered that the Java launcher did not did not\nproperly setup the LD_LIBRARY_PATH environment variable. A\nlocal attacker could exploit this to execute arbitrary code\nas the user invoking the program. (CVE-2010-4450)\n\nIt was discovered that within the Swing library, forged\ntimer events could allow bypass of SecurityManager checks.\nThis could allow an attacker to access restricted resources.\n(CVE-2010-4465)\n\nIt was discovered that certain bytecode combinations\nconfused memory management within the HotSpot JVM. This\ncould allow an attacker to cause a denial of service through\nan application crash or possibly inject code.\n(CVE-2010-4469)\n\nIt was discovered that the way JAXP components were handled\nallowed them to be manipulated by untrusted applets. An\nattacker could use this to bypass XML processing\nrestrictions and elevate privileges. (CVE-2010-4470)\n\nIt was discovered that the Java2D subcomponent, when\nprocessing broken CFF fonts could leak system properties.\n(CVE-2010-4471)\n\nIt was discovered that a flaw in the XML Digital Signature\ncomponent could allow an attacker to cause untrusted code to\nreplace the XML Digital Signature Transform or C14N\nalgorithm implementations. (CVE-2010-4472)\n\nKonstantin Preisser and others discovered that specific\ndouble literals were improperly handled, allowing a remote\nattacker to cause a denial of service. (CVE-2010-4476)\n\nIt was discovered that the JNLPClassLoader class when\nhandling multiple signatures allowed remote attackers to\ngain privileges due to the assignment of an inappropriate\nsecurity descriptor. (CVE-2011-0706).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1079-2/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected icedtea6-plugin, openjdk-6-jre and / or\nopenjdk-6-jre-headless packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea6-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(9\\.10|10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 9.10 / 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"9.10\", pkgname:\"icedtea6-plugin\", pkgver:\"6b18-1.8.7-0ubuntu1~9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"openjdk-6-jre\", pkgver:\"6b18-1.8.7-0ubuntu1~9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b18-1.8.7-0ubuntu1~9.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"icedtea6-plugin\", pkgver:\"6b18-1.8.7-0ubuntu1~10.04.2\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre\", pkgver:\"6b18-1.8.7-0ubuntu1~10.04.2\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b18-1.8.7-0ubuntu1~10.04.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea6-plugin / openjdk-6-jre / openjdk-6-jre-headless\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:34:27", "description": "USN-1079-2 fixed vulnerabilities in OpenJDK 6 for armel (ARM)\narchitectures in Ubuntu 9.10 and Ubuntu 10.04 LTS. This update fixes\nvulnerabilities in OpenJDK 6 for armel (ARM) architectures for Ubuntu\n10.10.\n\nIt was discovered that untrusted Java applets could create domain name\nresolution cache entries, allowing an attacker to manipulate name\nresolution within the JVM. (CVE-2010-4448)\n\nIt was discovered that the Java launcher did not did not\nproperly setup the LD_LIBRARY_PATH environment variable. A\nlocal attacker could exploit this to execute arbitrary code\nas the user invoking the program. (CVE-2010-4450)\n\nIt was discovered that within the Swing library, forged\ntimer events could allow bypass of SecurityManager checks.\nThis could allow an attacker to access restricted resources.\n(CVE-2010-4465)\n\nIt was discovered that certain bytecode combinations\nconfused memory management within the HotSpot JVM. This\ncould allow an attacker to cause a denial of service through\nan application crash or possibly inject code.\n(CVE-2010-4469)\n\nIt was discovered that the way JAXP components were handled\nallowed them to be manipulated by untrusted applets. An\nattacker could use this to bypass XML processing\nrestrictions and elevate privileges. (CVE-2010-4470)\n\nIt was discovered that the Java2D subcomponent, when\nprocessing broken CFF fonts could leak system properties.\n(CVE-2010-4471)\n\nIt was discovered that a flaw in the XML Digital Signature\ncomponent could allow an attacker to cause untrusted code to\nreplace the XML Digital Signature Transform or C14N\nalgorithm implementations. (CVE-2010-4472)\n\nKonstantin Preisser and others discovered that specific\ndouble literals were improperly handled, allowing a remote\nattacker to cause a denial of service. (CVE-2010-4476)\n\nIt was discovered that the JNLPClassLoader class when\nhandling multiple signatures allowed remote attackers to\ngain privileges due to the assignment of an inappropriate\nsecurity descriptor. (CVE-2011-0706).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2013-03-09T00:00:00", "title": "Ubuntu 10.10 : openjdk-6b18 vulnerabilities (USN-1079-3)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre", "cpe:/o:canonical:ubuntu_linux:10.10", "p-cpe:/a:canonical:ubuntu_linux:icedtea6-plugin", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless"], "id": "UBUNTU_USN-1079-3.NASL", "href": "https://www.tenable.com/plugins/nessus/65100", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1079-3. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65100);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:26\");\n\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2010-4476\", \"CVE-2011-0706\");\n script_bugtraq_id(46091, 46387, 46397, 46398, 46399, 46400, 46404, 46406, 46439);\n script_xref(name:\"USN\", value:\"1079-3\");\n\n script_name(english:\"Ubuntu 10.10 : openjdk-6b18 vulnerabilities (USN-1079-3)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-1079-2 fixed vulnerabilities in OpenJDK 6 for armel (ARM)\narchitectures in Ubuntu 9.10 and Ubuntu 10.04 LTS. This update fixes\nvulnerabilities in OpenJDK 6 for armel (ARM) architectures for Ubuntu\n10.10.\n\nIt was discovered that untrusted Java applets could create domain name\nresolution cache entries, allowing an attacker to manipulate name\nresolution within the JVM. (CVE-2010-4448)\n\nIt was discovered that the Java launcher did not did not\nproperly setup the LD_LIBRARY_PATH environment variable. A\nlocal attacker could exploit this to execute arbitrary code\nas the user invoking the program. (CVE-2010-4450)\n\nIt was discovered that within the Swing library, forged\ntimer events could allow bypass of SecurityManager checks.\nThis could allow an attacker to access restricted resources.\n(CVE-2010-4465)\n\nIt was discovered that certain bytecode combinations\nconfused memory management within the HotSpot JVM. This\ncould allow an attacker to cause a denial of service through\nan application crash or possibly inject code.\n(CVE-2010-4469)\n\nIt was discovered that the way JAXP components were handled\nallowed them to be manipulated by untrusted applets. An\nattacker could use this to bypass XML processing\nrestrictions and elevate privileges. (CVE-2010-4470)\n\nIt was discovered that the Java2D subcomponent, when\nprocessing broken CFF fonts could leak system properties.\n(CVE-2010-4471)\n\nIt was discovered that a flaw in the XML Digital Signature\ncomponent could allow an attacker to cause untrusted code to\nreplace the XML Digital Signature Transform or C14N\nalgorithm implementations. (CVE-2010-4472)\n\nKonstantin Preisser and others discovered that specific\ndouble literals were improperly handled, allowing a remote\nattacker to cause a denial of service. (CVE-2010-4476)\n\nIt was discovered that the JNLPClassLoader class when\nhandling multiple signatures allowed remote attackers to\ngain privileges due to the assignment of an inappropriate\nsecurity descriptor. (CVE-2011-0706).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1079-3/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected icedtea6-plugin, openjdk-6-jre and / or\nopenjdk-6-jre-headless packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea6-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.10\", pkgname:\"icedtea6-plugin\", pkgver:\"6b18-1.8.7-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"openjdk-6-jre\", pkgver:\"6b18-1.8.7-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b18-1.8.7-0ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea6-plugin / openjdk-6-jre / openjdk-6-jre-headless\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:34:25", "description": "It was discovered that untrusted Java applets could create domain name\nresolution cache entries, allowing an attacker to manipulate name\nresolution within the JVM. (CVE-2010-4448)\n\nIt was discovered that the Java launcher did not did not properly\nsetup the LD_LIBRARY_PATH environment variable. A local attacker could\nexploit this to execute arbitrary code as the user invoking the\nprogram. (CVE-2010-4450)\n\nIt was discovered that within the Swing library, forged timer events\ncould allow bypass of SecurityManager checks. This could allow an\nattacker to access restricted resources. (CVE-2010-4465)\n\nIt was discovered that certain bytecode combinations confused memory\nmanagement within the HotSpot JVM. This could allow an attacker to\ncause a denial of service through an application crash or possibly\ninject code. (CVE-2010-4469)\n\nIt was discovered that the way JAXP components were handled allowed\nthem to be manipulated by untrusted applets. An attacker could use\nthis to bypass XML processing restrictions and elevate privileges.\n(CVE-2010-4470)\n\nIt was discovered that the Java2D subcomponent, when processing broken\nCFF fonts could leak system properties. (CVE-2010-4471)\n\nIt was discovered that a flaw in the XML Digital Signature component\ncould allow an attacker to cause untrusted code to replace the XML\nDigital Signature Transform or C14N algorithm implementations.\n(CVE-2010-4472)\n\nKonstantin Preisser and others discovered that specific double\nliterals were improperly handled, allowing a remote attacker to cause\na denial of service. (CVE-2010-4476)\n\nIt was discovered that the JNLPClassLoader class when handling\nmultiple signatures allowed remote attackers to gain privileges due to\nthe assignment of an inappropriate security descriptor.\n(CVE-2011-0706).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2011-03-02T00:00:00", "title": "Ubuntu 9.10 / 10.04 LTS / 10.10 : openjdk-6 vulnerabilities (USN-1079-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:openjdk-6-source", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jdk", "p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-cacao", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-zero", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-doc", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-demo", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-dbg", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:9.10", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-lib", "p-cpe:/a:canonical:ubuntu_linux:icedtea6-plugin", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless"], "id": "UBUNTU_USN-1079-1.NASL", "href": "https://www.tenable.com/plugins/nessus/52498", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1079-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(52498);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/09/19 12:54:26\");\n\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2010-4476\", \"CVE-2011-0706\");\n script_bugtraq_id(46091, 46387, 46397, 46398, 46399, 46400, 46404, 46406, 46439);\n script_xref(name:\"USN\", value:\"1079-1\");\n\n script_name(english:\"Ubuntu 9.10 / 10.04 LTS / 10.10 : openjdk-6 vulnerabilities (USN-1079-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that untrusted Java applets could create domain name\nresolution cache entries, allowing an attacker to manipulate name\nresolution within the JVM. (CVE-2010-4448)\n\nIt was discovered that the Java launcher did not did not properly\nsetup the LD_LIBRARY_PATH environment variable. A local attacker could\nexploit this to execute arbitrary code as the user invoking the\nprogram. (CVE-2010-4450)\n\nIt was discovered that within the Swing library, forged timer events\ncould allow bypass of SecurityManager checks. This could allow an\nattacker to access restricted resources. (CVE-2010-4465)\n\nIt was discovered that certain bytecode combinations confused memory\nmanagement within the HotSpot JVM. This could allow an attacker to\ncause a denial of service through an application crash or possibly\ninject code. (CVE-2010-4469)\n\nIt was discovered that the way JAXP components were handled allowed\nthem to be manipulated by untrusted applets. An attacker could use\nthis to bypass XML processing restrictions and elevate privileges.\n(CVE-2010-4470)\n\nIt was discovered that the Java2D subcomponent, when processing broken\nCFF fonts could leak system properties. (CVE-2010-4471)\n\nIt was discovered that a flaw in the XML Digital Signature component\ncould allow an attacker to cause untrusted code to replace the XML\nDigital Signature Transform or C14N algorithm implementations.\n(CVE-2010-4472)\n\nKonstantin Preisser and others discovered that specific double\nliterals were improperly handled, allowing a remote attacker to cause\na denial of service. (CVE-2010-4476)\n\nIt was discovered that the JNLPClassLoader class when handling\nmultiple signatures allowed remote attackers to gain privileges due to\nthe assignment of an inappropriate security descriptor.\n(CVE-2011-0706).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1079-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-cacao\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea6-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-zero\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-source\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(9\\.10|10\\.04|10\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 9.10 / 10.04 / 10.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"9.10\", pkgname:\"icedtea-6-jre-cacao\", pkgver:\"6b20-1.9.7-0ubuntu1~9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"icedtea6-plugin\", pkgver:\"6b20-1.9.7-0ubuntu1~9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"openjdk-6-dbg\", pkgver:\"6b20-1.9.7-0ubuntu1~9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"openjdk-6-demo\", pkgver:\"6b20-1.9.7-0ubuntu1~9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"openjdk-6-doc\", pkgver:\"6b20-1.9.7-0ubuntu1~9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"openjdk-6-jdk\", pkgver:\"6b20-1.9.7-0ubuntu1~9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"openjdk-6-jre\", pkgver:\"6b20-1.9.7-0ubuntu1~9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b20-1.9.7-0ubuntu1~9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"openjdk-6-jre-lib\", pkgver:\"6b20-1.9.7-0ubuntu1~9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"openjdk-6-jre-zero\", pkgver:\"6b20-1.9.7-0ubuntu1~9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"openjdk-6-source\", pkgver:\"6b20-1.9.7-0ubuntu1~9.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"icedtea-6-jre-cacao\", pkgver:\"6b20-1.9.7-0ubuntu1~10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"icedtea6-plugin\", pkgver:\"6b20-1.9.7-0ubuntu1~10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-dbg\", pkgver:\"6b20-1.9.7-0ubuntu1~10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-demo\", pkgver:\"6b20-1.9.7-0ubuntu1~10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-doc\", pkgver:\"6b20-1.9.7-0ubuntu1~10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jdk\", pkgver:\"6b20-1.9.7-0ubuntu1~10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre\", pkgver:\"6b20-1.9.7-0ubuntu1~10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b20-1.9.7-0ubuntu1~10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre-lib\", pkgver:\"6b20-1.9.7-0ubuntu1~10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre-zero\", pkgver:\"6b20-1.9.7-0ubuntu1~10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-source\", pkgver:\"6b20-1.9.7-0ubuntu1~10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"icedtea-6-jre-cacao\", pkgver:\"6b20-1.9.7-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"icedtea6-plugin\", pkgver:\"6b20-1.9.7-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"openjdk-6-dbg\", pkgver:\"6b20-1.9.7-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"openjdk-6-demo\", pkgver:\"6b20-1.9.7-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"openjdk-6-doc\", pkgver:\"6b20-1.9.7-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"openjdk-6-jdk\", pkgver:\"6b20-1.9.7-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"openjdk-6-jre\", pkgver:\"6b20-1.9.7-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b20-1.9.7-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"openjdk-6-jre-lib\", pkgver:\"6b20-1.9.7-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"openjdk-6-jre-zero\", pkgver:\"6b20-1.9.7-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"openjdk-6-source\", pkgver:\"6b20-1.9.7-0ubuntu1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-6-jre-cacao / icedtea6-plugin / openjdk-6-dbg / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:45:27", "description": "A flaw was found in the Swing library. Forged TimerEvents could be\nused to bypass SecurityManager checks, allowing access to otherwise\nblocked files and directories. (CVE-2010-4465)\n\nA flaw was found in the HotSpot component in OpenJDK. Certain bytecode\ninstructions confused the memory management within the Java Virtual\nMachine (JVM), which could lead to heap corruption. (CVE-2010-4469)\n\nA flaw was found in the way JAXP (Java API for XML Processing)\ncomponents were handled, allowing them to be manipulated by untrusted\napplets. This could be used to elevate privileges and bypass secure\nXML processing restrictions. (CVE-2010-4470)\n\nIt was found that untrusted applets could create and place cache\nentries in the name resolution cache. This could allow an attacker\ntargeted manipulation over name resolution until the OpenJDK VM is\nrestarted. (CVE-2010-4448)\n\nIt was found that the Java launcher provided by OpenJDK did not check\nthe LD_LIBRARY_PATH environment variable for insecure empty path\nelements. A local attacker able to trick a user into running the Java\nlauncher while working from an attacker-writable directory could use\nthis flaw to load an untrusted library, subverting the Java security\nmodel. (CVE-2010-4450)\n\nA flaw was found in the XML Digital Signature component in OpenJDK.\nUntrusted code could use this flaw to replace the Java Runtime\nEnvironment (JRE) XML Digital Signature Transform or C14N algorithm\nimplementations to intercept digital signature operations.\n(CVE-2010-4472)\n\nNote: All of the above flaws can only be remotely triggered in OpenJDK\nby calling the 'appletviewer' application.\n\nThis update also provides one defense in depth patch. (BZ#676019)\n\nAll running instances of OpenJDK Java must be restarted for the update\nto take effect.", "edition": 27, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4470"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110217_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60963", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60963);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4472\");\n\n script_name(english:\"Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the Swing library. Forged TimerEvents could be\nused to bypass SecurityManager checks, allowing access to otherwise\nblocked files and directories. (CVE-2010-4465)\n\nA flaw was found in the HotSpot component in OpenJDK. Certain bytecode\ninstructions confused the memory management within the Java Virtual\nMachine (JVM), which could lead to heap corruption. (CVE-2010-4469)\n\nA flaw was found in the way JAXP (Java API for XML Processing)\ncomponents were handled, allowing them to be manipulated by untrusted\napplets. This could be used to elevate privileges and bypass secure\nXML processing restrictions. (CVE-2010-4470)\n\nIt was found that untrusted applets could create and place cache\nentries in the name resolution cache. This could allow an attacker\ntargeted manipulation over name resolution until the OpenJDK VM is\nrestarted. (CVE-2010-4448)\n\nIt was found that the Java launcher provided by OpenJDK did not check\nthe LD_LIBRARY_PATH environment variable for insecure empty path\nelements. A local attacker able to trick a user into running the Java\nlauncher while working from an attacker-writable directory could use\nthis flaw to load an untrusted library, subverting the Java security\nmodel. (CVE-2010-4450)\n\nA flaw was found in the XML Digital Signature component in OpenJDK.\nUntrusted code could use this flaw to replace the Java Runtime\nEnvironment (JRE) XML Digital Signature Transform or C14N algorithm\nimplementations to intercept digital signature operations.\n(CVE-2010-4472)\n\nNote: All of the above flaws can only be remotely triggered in OpenJDK\nby calling the 'appletviewer' application.\n\nThis update also provides one defense in depth patch. (BZ#676019)\n\nAll running instances of OpenJDK Java must be restarted for the update\nto take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=676019\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1102&L=scientific-linux-errata&T=0&P=1369\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e3b14f6e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.20.b17.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.20.b17.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.20.b17.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.20.b17.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.20.b17.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:45:42", "description": "From Red Hat Security Advisory 2011:0281 :\n\nUpdated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nA flaw was found in the Swing library. Forged TimerEvents could be\nused to bypass SecurityManager checks, allowing access to otherwise\nblocked files and directories. (CVE-2010-4465)\n\nA flaw was found in the HotSpot component in OpenJDK. Certain bytecode\ninstructions confused the memory management within the Java Virtual\nMachine (JVM), which could lead to heap corruption. (CVE-2010-4469)\n\nA flaw was found in the way JAXP (Java API for XML Processing)\ncomponents were handled, allowing them to be manipulated by untrusted\napplets. This could be used to elevate privileges and bypass secure\nXML processing restrictions. (CVE-2010-4470)\n\nIt was found that untrusted applets could create and place cache\nentries in the name resolution cache. This could allow an attacker\ntargeted manipulation over name resolution until the OpenJDK VM is\nrestarted. (CVE-2010-4448)\n\nIt was found that the Java launcher provided by OpenJDK did not check\nthe LD_LIBRARY_PATH environment variable for insecure empty path\nelements. A local attacker able to trick a user into running the Java\nlauncher while working from an attacker-writable directory could use\nthis flaw to load an untrusted library, subverting the Java security\nmodel. (CVE-2010-4450)\n\nA flaw was found in the XML Digital Signature component in OpenJDK.\nUntrusted code could use this flaw to replace the Java Runtime\nEnvironment (JRE) XML Digital Signature Transform or C14N algorithm\nimplementations to intercept digital signature operations.\n(CVE-2010-4472)\n\nNote: All of the above flaws can only be remotely triggered in OpenJDK\nby calling the 'appletviewer' application.\n\nThis update also provides one defense in depth patch. (BZ#676019)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.", "edition": 26, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 / 6 : java-1.6.0-openjdk (ELSA-2011-0281)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4470"], "modified": "2013-07-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-devel", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-src", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-demo", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-javadoc"], "id": "ORACLELINUX_ELSA-2011-0281.NASL", "href": "https://www.tenable.com/plugins/nessus/68205", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:0281 and \n# Oracle Linux Security Advisory ELSA-2011-0281 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68205);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4472\");\n script_bugtraq_id(46387, 46397, 46398, 46400, 46404, 46406);\n script_xref(name:\"RHSA\", value:\"2011:0281\");\n\n script_name(english:\"Oracle Linux 5 / 6 : java-1.6.0-openjdk (ELSA-2011-0281)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:0281 :\n\nUpdated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nA flaw was found in the Swing library. Forged TimerEvents could be\nused to bypass SecurityManager checks, allowing access to otherwise\nblocked files and directories. (CVE-2010-4465)\n\nA flaw was found in the HotSpot component in OpenJDK. Certain bytecode\ninstructions confused the memory management within the Java Virtual\nMachine (JVM), which could lead to heap corruption. (CVE-2010-4469)\n\nA flaw was found in the way JAXP (Java API for XML Processing)\ncomponents were handled, allowing them to be manipulated by untrusted\napplets. This could be used to elevate privileges and bypass secure\nXML processing restrictions. (CVE-2010-4470)\n\nIt was found that untrusted applets could create and place cache\nentries in the name resolution cache. This could allow an attacker\ntargeted manipulation over name resolution until the OpenJDK VM is\nrestarted. (CVE-2010-4448)\n\nIt was found that the Java launcher provided by OpenJDK did not check\nthe LD_LIBRARY_PATH environment variable for insecure empty path\nelements. A local attacker able to trick a user into running the Java\nlauncher while working from an attacker-writable directory could use\nthis flaw to load an untrusted library, subverting the Java security\nmodel. (CVE-2010-4450)\n\nA flaw was found in the XML Digital Signature component in OpenJDK.\nUntrusted code could use this flaw to replace the Java Runtime\nEnvironment (JRE) XML Digital Signature Transform or C14N algorithm\nimplementations to intercept digital signature operations.\n(CVE-2010-4472)\n\nNote: All of the above flaws can only be remotely triggered in OpenJDK\nby calling the 'appletviewer' application.\n\nThis update also provides one defense in depth patch. (BZ#676019)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-February/001890.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-February/001891.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.20.b17.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.20.b17.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.20.b17.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.20.b17.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.20.b17.0.1.el5\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.39.b17.el6_0\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.39.b17.el6_0\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.39.b17.el6_0\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.39.b17.el6_0\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.39.b17.el6_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:08:55", "description": "Updated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nA flaw was found in the Swing library. Forged TimerEvents could be\nused to bypass SecurityManager checks, allowing access to otherwise\nblocked files and directories. (CVE-2010-4465)\n\nA flaw was found in the HotSpot component in OpenJDK. Certain bytecode\ninstructions confused the memory management within the Java Virtual\nMachine (JVM), which could lead to heap corruption. (CVE-2010-4469)\n\nA flaw was found in the way JAXP (Java API for XML Processing)\ncomponents were handled, allowing them to be manipulated by untrusted\napplets. This could be used to elevate privileges and bypass secure\nXML processing restrictions. (CVE-2010-4470)\n\nIt was found that untrusted applets could create and place cache\nentries in the name resolution cache. This could allow an attacker\ntargeted manipulation over name resolution until the OpenJDK VM is\nrestarted. (CVE-2010-4448)\n\nIt was found that the Java launcher provided by OpenJDK did not check\nthe LD_LIBRARY_PATH environment variable for insecure empty path\nelements. A local attacker able to trick a user into running the Java\nlauncher while working from an attacker-writable directory could use\nthis flaw to load an untrusted library, subverting the Java security\nmodel. (CVE-2010-4450)\n\nA flaw was found in the XML Digital Signature component in OpenJDK.\nUntrusted code could use this flaw to replace the Java Runtime\nEnvironment (JRE) XML Digital Signature Transform or C14N algorithm\nimplementations to intercept digital signature operations.\n(CVE-2010-4472)\n\nNote: All of the above flaws can only be remotely triggered in OpenJDK\nby calling the 'appletviewer' application.\n\nThis update also provides one defense in depth patch. (BZ#676019)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.", "edition": 29, "published": "2011-02-18T00:00:00", "title": "RHEL 5 / 6 : java-1.6.0-openjdk (RHSA-2011:0281)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4470"], "modified": "2011-02-18T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo", "cpe:/o:redhat:enterprise_linux:5.6", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk", "cpe:/o:redhat:enterprise_linux:6.0", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-debuginfo"], "id": "REDHAT-RHSA-2011-0281.NASL", "href": "https://www.tenable.com/plugins/nessus/52020", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0281. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(52020);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4472\");\n script_bugtraq_id(46387, 46397, 46398, 46400, 46404, 46406);\n script_xref(name:\"RHSA\", value:\"2011:0281\");\n\n script_name(english:\"RHEL 5 / 6 : java-1.6.0-openjdk (RHSA-2011:0281)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nA flaw was found in the Swing library. Forged TimerEvents could be\nused to bypass SecurityManager checks, allowing access to otherwise\nblocked files and directories. (CVE-2010-4465)\n\nA flaw was found in the HotSpot component in OpenJDK. Certain bytecode\ninstructions confused the memory management within the Java Virtual\nMachine (JVM), which could lead to heap corruption. (CVE-2010-4469)\n\nA flaw was found in the way JAXP (Java API for XML Processing)\ncomponents were handled, allowing them to be manipulated by untrusted\napplets. This could be used to elevate privileges and bypass secure\nXML processing restrictions. (CVE-2010-4470)\n\nIt was found that untrusted applets could create and place cache\nentries in the name resolution cache. This could allow an attacker\ntargeted manipulation over name resolution until the OpenJDK VM is\nrestarted. (CVE-2010-4448)\n\nIt was found that the Java launcher provided by OpenJDK did not check\nthe LD_LIBRARY_PATH environment variable for insecure empty path\nelements. A local attacker able to trick a user into running the Java\nlauncher while working from an attacker-writable directory could use\nthis flaw to load an untrusted library, subverting the Java security\nmodel. (CVE-2010-4450)\n\nA flaw was found in the XML Digital Signature component in OpenJDK.\nUntrusted code could use this flaw to replace the Java Runtime\nEnvironment (JRE) XML Digital Signature Transform or C14N algorithm\nimplementations to intercept digital signature operations.\n(CVE-2010-4472)\n\nNote: All of the above flaws can only be remotely triggered in OpenJDK\nby calling the 'appletviewer' application.\n\nThis update also provides one defense in depth patch. (BZ#676019)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4448\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4465\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4472\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:0281\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/02/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0281\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.20.b17.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.20.b17.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.20.b17.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.20.b17.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.20.b17.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.20.b17.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.20.b17.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.20.b17.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.20.b17.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.20.b17.el5\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.39.b17.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.39.b17.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.39.b17.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.39.b17.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.39.b17.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.39.b17.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.39.b17.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.39.b17.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.39.b17.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.39.b17.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.39.b17.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.39.b17.el6_0\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:26:53", "description": "Updated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nA flaw was found in the Swing library. Forged TimerEvents could be\nused to bypass SecurityManager checks, allowing access to otherwise\nblocked files and directories. (CVE-2010-4465)\n\nA flaw was found in the HotSpot component in OpenJDK. Certain bytecode\ninstructions confused the memory management within the Java Virtual\nMachine (JVM), which could lead to heap corruption. (CVE-2010-4469)\n\nA flaw was found in the way JAXP (Java API for XML Processing)\ncomponents were handled, allowing them to be manipulated by untrusted\napplets. This could be used to elevate privileges and bypass secure\nXML processing restrictions. (CVE-2010-4470)\n\nIt was found that untrusted applets could create and place cache\nentries in the name resolution cache. This could allow an attacker\ntargeted manipulation over name resolution until the OpenJDK VM is\nrestarted. (CVE-2010-4448)\n\nIt was found that the Java launcher provided by OpenJDK did not check\nthe LD_LIBRARY_PATH environment variable for insecure empty path\nelements. A local attacker able to trick a user into running the Java\nlauncher while working from an attacker-writable directory could use\nthis flaw to load an untrusted library, subverting the Java security\nmodel. (CVE-2010-4450)\n\nA flaw was found in the XML Digital Signature component in OpenJDK.\nUntrusted code could use this flaw to replace the Java Runtime\nEnvironment (JRE) XML Digital Signature Transform or C14N algorithm\nimplementations to intercept digital signature operations.\n(CVE-2010-4472)\n\nNote: All of the above flaws can only be remotely triggered in OpenJDK\nby calling the 'appletviewer' application.\n\nThis update also provides one defense in depth patch. (BZ#676019)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.", "edition": 28, "published": "2011-04-15T00:00:00", "title": "CentOS 5 : java-1.6.0-openjdk (CESA-2011:0281)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4470"], "modified": "2011-04-15T00:00:00", "cpe": ["p-cpe:/a:centos:centos:java-1.6.0-openjdk", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-src", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2011-0281.NASL", "href": "https://www.tenable.com/plugins/nessus/53421", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0281 and \n# CentOS Errata and Security Advisory 2011:0281 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53421);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4472\");\n script_bugtraq_id(46387, 46397, 46398, 46400, 46404, 46406);\n script_xref(name:\"RHSA\", value:\"2011:0281\");\n\n script_name(english:\"CentOS 5 : java-1.6.0-openjdk (CESA-2011:0281)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nA flaw was found in the Swing library. Forged TimerEvents could be\nused to bypass SecurityManager checks, allowing access to otherwise\nblocked files and directories. (CVE-2010-4465)\n\nA flaw was found in the HotSpot component in OpenJDK. Certain bytecode\ninstructions confused the memory management within the Java Virtual\nMachine (JVM), which could lead to heap corruption. (CVE-2010-4469)\n\nA flaw was found in the way JAXP (Java API for XML Processing)\ncomponents were handled, allowing them to be manipulated by untrusted\napplets. This could be used to elevate privileges and bypass secure\nXML processing restrictions. (CVE-2010-4470)\n\nIt was found that untrusted applets could create and place cache\nentries in the name resolution cache. This could allow an attacker\ntargeted manipulation over name resolution until the OpenJDK VM is\nrestarted. (CVE-2010-4448)\n\nIt was found that the Java launcher provided by OpenJDK did not check\nthe LD_LIBRARY_PATH environment variable for insecure empty path\nelements. A local attacker able to trick a user into running the Java\nlauncher while working from an attacker-writable directory could use\nthis flaw to load an untrusted library, subverting the Java security\nmodel. (CVE-2010-4450)\n\nA flaw was found in the XML Digital Signature component in OpenJDK.\nUntrusted code could use this flaw to replace the Java Runtime\nEnvironment (JRE) XML Digital Signature Transform or C14N algorithm\nimplementations to intercept digital signature operations.\n(CVE-2010-4472)\n\nNote: All of the above flaws can only be remotely triggered in OpenJDK\nby calling the 'appletviewer' application.\n\nThis update also provides one defense in depth patch. (BZ#676019)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-April/017313.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2ed2b1b4\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-April/017314.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1285f749\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.20.b17.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.20.b17.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.20.b17.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.20.b17.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.20.b17.el5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:39:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:1361412562310881416", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881416", "type": "openvas", "title": "CentOS Update for java CESA-2011:0281 centos5 x86_64", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2011:0281 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-April/017314.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881416\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:49:38 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\",\n \"CVE-2010-4470\", \"CVE-2010-4472\", \"CVE-2010-4471\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2011:0281\");\n script_name(\"CentOS Update for java CESA-2011:0281 centos5 x86_64\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"java on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n A flaw was found in the Swing library. Forged TimerEvents could be used to\n bypass SecurityManager checks, allowing access to otherwise blocked files\n and directories. (CVE-2010-4465)\n\n A flaw was found in the HotSpot component in OpenJDK. Certain bytecode\n instructions confused the memory management within the Java Virtual Machine\n (JVM), which could lead to heap corruption. (CVE-2010-4469)\n\n A flaw was found in the way JAXP (Java API for XML Processing) components\n were handled, allowing them to be manipulated by untrusted applets. This\n could be used to elevate privileges and bypass secure XML processing\n restrictions. (CVE-2010-4470)\n\n It was found that untrusted applets could create and place cache entries in\n the name resolution cache. This could allow an attacker targeted\n manipulation over name resolution until the OpenJDK VM is restarted.\n (CVE-2010-4448)\n\n It was found that the Java launcher provided by OpenJDK did not check the\n LD_LIBRARY_PATH environment variable for insecure empty path elements. A\n local attacker able to trick a user into running the Java launcher while\n working from an attacker-writable directory could use this flaw to load an\n untrusted library, subverting the Java security model. (CVE-2010-4450)\n\n A flaw was found in the XML Digital Signature component in OpenJDK.\n Untrusted code could use this flaw to replace the Java Runtime Environment\n (JRE) XML Digital Signature Transform or C14N algorithm implementations to\n intercept digital signature operations. (CVE-2010-4472)\n\n Note: All of the above flaws can only be remotely triggered in OpenJDK by\n calling the 'appletviewer' application.\n\n This update also provides one defense in depth patch. (BZ#676019)\n\n All users of java-1.6.0-openjdk are advised to upgrade to these updated\n packages, which resolve these issues. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-27T10:55:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470"], "description": "Check for the Version of java-1.6.0-openjdk", "modified": "2017-07-12T00:00:00", "published": "2011-02-18T00:00:00", "id": "OPENVAS:870394", "href": "http://plugins.openvas.org/nasl.php?oid=870394", "type": "openvas", "title": "RedHat Update for java-1.6.0-openjdk RHSA-2011:0281-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.6.0-openjdk RHSA-2011:0281-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n A flaw was found in the Swing library. Forged TimerEvents could be used to\n bypass SecurityManager checks, allowing access to otherwise blocked files\n and directories. (CVE-2010-4465)\n \n A flaw was found in the HotSpot component in OpenJDK. Certain bytecode\n instructions confused the memory management within the Java Virtual Machine\n (JVM), which could lead to heap corruption. (CVE-2010-4469)\n \n A flaw was found in the way JAXP (Java API for XML Processing) components\n were handled, allowing them to be manipulated by untrusted applets. This\n could be used to elevate privileges and bypass secure XML processing\n restrictions. (CVE-2010-4470)\n \n It was found that untrusted applets could create and place cache entries in\n the name resolution cache. This could allow an attacker targeted\n manipulation over name resolution until the OpenJDK VM is restarted.\n (CVE-2010-4448)\n \n It was found that the Java launcher provided by OpenJDK did not check the\n LD_LIBRARY_PATH environment variable for insecure empty path elements. A\n local attacker able to trick a user into running the Java launcher while\n working from an attacker-writable directory could use this flaw to load an\n untrusted library, subverting the Java security model. (CVE-2010-4450)\n \n A flaw was found in the XML Digital Signature component in OpenJDK.\n Untrusted code could use this flaw to replace the Java Runtime Environment\n (JRE) XML Digital Signature Transform or C14N algorithm implementations to\n intercept digital signature operations. (CVE-2010-4472)\n \n Note: All of the above flaws can only be remotely triggered in OpenJDK by\n calling the "appletviewer" application.\n \n This update also provides one defense in depth patch. (BZ#676019)\n \n All users of java-1.6.0-openjdk are advised to upgrade to these updated\n packages, which resolve these issues. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\";\n\ntag_affected = \"java-1.6.0-openjdk on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-February/msg00024.html\");\n script_id(870394);\n script_version(\"$Revision: 6685 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:44:46 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-02-18 15:15:05 +0100 (Fri, 18 Feb 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2011:0281-01\");\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4472\", \"CVE-2010-4471\");\n script_name(\"RedHat Update for java-1.6.0-openjdk RHSA-2011:0281-01\");\n\n script_summary(\"Check for the Version of java-1.6.0-openjdk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.20.b17.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~1.20.b17.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.20.b17.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.20.b17.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.20.b17.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.20.b17.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:58:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470"], "description": "Check for the Version of java", "modified": "2017-12-29T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:881416", "href": "http://plugins.openvas.org/nasl.php?oid=881416", "type": "openvas", "title": "CentOS Update for java CESA-2011:0281 centos5 x86_64", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2011:0281 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n A flaw was found in the Swing library. Forged TimerEvents could be used to\n bypass SecurityManager checks, allowing access to otherwise blocked files\n and directories. (CVE-2010-4465)\n \n A flaw was found in the HotSpot component in OpenJDK. Certain bytecode\n instructions confused the memory management within the Java Virtual Machine\n (JVM), which could lead to heap corruption. (CVE-2010-4469)\n \n A flaw was found in the way JAXP (Java API for XML Processing) components\n were handled, allowing them to be manipulated by untrusted applets. This\n could be used to elevate privileges and bypass secure XML processing\n restrictions. (CVE-2010-4470)\n \n It was found that untrusted applets could create and place cache entries in\n the name resolution cache. This could allow an attacker targeted\n manipulation over name resolution until the OpenJDK VM is restarted.\n (CVE-2010-4448)\n \n It was found that the Java launcher provided by OpenJDK did not check the\n LD_LIBRARY_PATH environment variable for insecure empty path elements. A\n local attacker able to trick a user into running the Java launcher while\n working from an attacker-writable directory could use this flaw to load an\n untrusted library, subverting the Java security model. (CVE-2010-4450)\n \n A flaw was found in the XML Digital Signature component in OpenJDK.\n Untrusted code could use this flaw to replace the Java Runtime Environment\n (JRE) XML Digital Signature Transform or C14N algorithm implementations to\n intercept digital signature operations. (CVE-2010-4472)\n \n Note: All of the above flaws can only be remotely triggered in OpenJDK by\n calling the "appletviewer" application.\n \n This update also provides one defense in depth patch. (BZ#676019)\n \n All users of java-1.6.0-openjdk are advised to upgrade to these updated\n packages, which resolve these issues. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\";\n\ntag_affected = \"java on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-April/017314.html\");\n script_id(881416);\n script_version(\"$Revision: 8257 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:49:38 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\",\n \"CVE-2010-4470\", \"CVE-2010-4472\", \"CVE-2010-4471\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2011:0281\");\n script_name(\"CentOS Update for java CESA-2011:0281 centos5 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470"], "description": "Check for the Version of java", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:880559", "href": "http://plugins.openvas.org/nasl.php?oid=880559", "type": "openvas", "title": "CentOS Update for java CESA-2011:0281 centos5 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2011:0281 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n A flaw was found in the Swing library. Forged TimerEvents could be used to\n bypass SecurityManager checks, allowing access to otherwise blocked files\n and directories. (CVE-2010-4465)\n \n A flaw was found in the HotSpot component in OpenJDK. Certain bytecode\n instructions confused the memory management within the Java Virtual Machine\n (JVM), which could lead to heap corruption. (CVE-2010-4469)\n \n A flaw was found in the way JAXP (Java API for XML Processing) components\n were handled, allowing them to be manipulated by untrusted applets. This\n could be used to elevate privileges and bypass secure XML processing\n restrictions. (CVE-2010-4470)\n \n It was found that untrusted applets could create and place cache entries in\n the name resolution cache. This could allow an attacker targeted\n manipulation over name resolution until the OpenJDK VM is restarted.\n (CVE-2010-4448)\n \n It was found that the Java launcher provided by OpenJDK did not check the\n LD_LIBRARY_PATH environment variable for insecure empty path elements. A\n local attacker able to trick a user into running the Java launcher while\n working from an attacker-writable directory could use this flaw to load an\n untrusted library, subverting the Java security model. (CVE-2010-4450)\n \n A flaw was found in the XML Digital Signature component in OpenJDK.\n Untrusted code could use this flaw to replace the Java Runtime Environment\n (JRE) XML Digital Signature Transform or C14N algorithm implementations to\n intercept digital signature operations. (CVE-2010-4472)\n \n Note: All of the above flaws can only be remotely triggered in OpenJDK by\n calling the "appletviewer" application.\n \n This update also provides one defense in depth patch. (BZ#676019)\n \n All users of java-1.6.0-openjdk are advised to upgrade to these updated\n packages, which resolve these issues. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"java on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-April/017313.html\");\n script_id(880559);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2011:0281\");\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4472\", \"CVE-2010-4471\");\n script_name(\"CentOS Update for java CESA-2011:0281 centos5 i386\");\n\n script_summary(\"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-1.6.0.0\", rpm:\"java-1.6.0-openjdk-1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo-1.6.0.0\", rpm:\"java-1.6.0-openjdk-demo-1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel-1.6.0.0\", rpm:\"java-1.6.0-openjdk-devel-1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc-1.6.0.0\", rpm:\"java-1.6.0-openjdk-javadoc-1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src-1.6.0.0\", rpm:\"java-1.6.0-openjdk-src-1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470"], "description": "The remote host is missing an update for the ", "modified": "2019-03-12T00:00:00", "published": "2011-02-18T00:00:00", "id": "OPENVAS:1361412562310870394", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870394", "type": "openvas", "title": "RedHat Update for java-1.6.0-openjdk RHSA-2011:0281-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.6.0-openjdk RHSA-2011:0281-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-February/msg00024.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870394\");\n script_version(\"$Revision: 14114 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-12 12:48:52 +0100 (Tue, 12 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-02-18 15:15:05 +0100 (Fri, 18 Feb 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2011:0281-01\");\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4472\", \"CVE-2010-4471\");\n script_name(\"RedHat Update for java-1.6.0-openjdk RHSA-2011:0281-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1.6.0-openjdk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"java-1.6.0-openjdk on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n A flaw was found in the Swing library. Forged TimerEvents could be used to\n bypass SecurityManager checks, allowing access to otherwise blocked files\n and directories. (CVE-2010-4465)\n\n A flaw was found in the HotSpot component in OpenJDK. Certain bytecode\n instructions confused the memory management within the Java Virtual Machine\n (JVM), which could lead to heap corruption. (CVE-2010-4469)\n\n A flaw was found in the way JAXP (Java API for XML Processing) components\n were handled, allowing them to be manipulated by untrusted applets. This\n could be used to elevate privileges and bypass secure XML processing\n restrictions. (CVE-2010-4470)\n\n It was found that untrusted applets could create and place cache entries in\n the name resolution cache. This could allow an attacker targeted\n manipulation over name resolution until the OpenJDK VM is restarted.\n (CVE-2010-4448)\n\n It was found that the Java launcher provided by OpenJDK did not check the\n LD_LIBRARY_PATH environment variable for insecure empty path elements. A\n local attacker able to trick a user into running the Java launcher while\n working from an attacker-writable directory could use this flaw to load an\n untrusted library, subverting the Java security model. (CVE-2010-4450)\n\n A flaw was found in the XML Digital Signature component in OpenJDK.\n Untrusted code could use this flaw to replace the Java Runtime Environment\n (JRE) XML Digital Signature Transform or C14N algorithm implementations to\n intercept digital signature operations. (CVE-2010-4472)\n\n Note: All of the above flaws can only be remotely triggered in OpenJDK by\n calling the 'appletviewer' application.\n\n This update also provides one defense in depth patch. (BZ#676019)\n\n All users of java-1.6.0-openjdk are advised to upgrade to these updated\n packages, which resolve these issues. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.20.b17.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~1.20.b17.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.20.b17.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.20.b17.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.20.b17.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.20.b17.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-14T19:05:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470"], "description": "The remote host is missing an update for the ", "modified": "2020-03-13T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:1361412562310880559", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880559", "type": "openvas", "title": "CentOS Update for java CESA-2011:0281 centos5 i386", "sourceData": "# Copyright (C) 2011 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-April/017313.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880559\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2011:0281\");\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4472\", \"CVE-2010-4471\");\n script_name(\"CentOS Update for java CESA-2011:0281 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"java on CentOS 5\");\n script_tag(name:\"insight\", value:\"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n A flaw was found in the Swing library. Forged TimerEvents could be used to\n bypass SecurityManager checks, allowing access to otherwise blocked files\n and directories. (CVE-2010-4465)\n\n A flaw was found in the HotSpot component in OpenJDK. Certain bytecode\n instructions confused the memory management within the Java Virtual Machine\n (JVM), which could lead to heap corruption. (CVE-2010-4469)\n\n A flaw was found in the way JAXP (Java API for XML Processing) components\n were handled, allowing them to be manipulated by untrusted applets. This\n could be used to elevate privileges and bypass secure XML processing\n restrictions. (CVE-2010-4470)\n\n It was found that untrusted applets could create and place cache entries in\n the name resolution cache. This could allow an attacker targeted\n manipulation over name resolution until the OpenJDK VM is restarted.\n (CVE-2010-4448)\n\n It was found that the Java launcher provided by OpenJDK did not check the\n LD_LIBRARY_PATH environment variable for insecure empty path elements. A\n local attacker able to trick a user into running the Java launcher while\n working from an attacker-writable directory could use this flaw to load an\n untrusted library, subverting the Java security model. (CVE-2010-4450)\n\n A flaw was found in the XML Digital Signature component in OpenJDK.\n Untrusted code could use this flaw to replace the Java Runtime Environment\n (JRE) XML Digital Signature Transform or C14N algorithm implementations to\n intercept digital signature operations. (CVE-2010-4472)\n\n Note: All of the above flaws can only be remotely triggered in OpenJDK by\n calling the 'appletviewer' application.\n\n This update also provides one defense in depth patch. (BZ#676019)\n\n All users of java-1.6.0-openjdk are advised to upgrade to these updated\n packages, which resolve these issues. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"CentOS5\") {\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.20.b17.el5\", rls:\"CentOS5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1079-1", "modified": "2019-03-13T00:00:00", "published": "2011-03-07T00:00:00", "id": "OPENVAS:1361412562310840607", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840607", "type": "openvas", "title": "Ubuntu Update for openjdk-6 vulnerabilities USN-1079-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1079_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for openjdk-6 vulnerabilities USN-1079-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1079-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840607\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-07 06:45:55 +0100 (Mon, 07 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1079-1\");\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2010-4476\", \"CVE-2011-0706\");\n script_name(\"Ubuntu Update for openjdk-6 vulnerabilities USN-1079-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(9\\.10|10\\.10|10\\.04 LTS)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1079-1\");\n script_tag(name:\"affected\", value:\"openjdk-6 vulnerabilities on Ubuntu 9.10,\n Ubuntu 10.04 LTS,\n Ubuntu 10.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that untrusted Java applets could create domain\n name resolution cache entries, allowing an attacker to manipulate\n name resolution within the JVM. (CVE-2010-4448)\n\n It was discovered that the Java launcher did not did not properly\n setup the LD_LIBRARY_PATH environment variable. A local attacker\n could exploit this to execute arbitrary code as the user invoking\n the program. (CVE-2010-4450)\n\n It was discovered that within the Swing library, forged timer events\n could allow bypass of SecurityManager checks. This could allow an\n attacker to access restricted resources. (CVE-2010-4465)\n\n It was discovered that certain bytecode combinations confused memory\n management within the HotSpot JVM. This could allow an attacker to\n cause a denial of service through an application crash or possibly\n inject code. (CVE-2010-4469)\n\n It was discovered that the way JAXP components were handled\n allowed them to be manipulated by untrusted applets. An attacker\n could use this to bypass XML processing restrictions and elevate\n privileges. (CVE-2010-4470)\n\n It was discovered that the Java2D subcomponent, when processing broken\n CFF fonts could leak system properties. (CVE-2010-4471)\n\n It was discovered that a flaw in the XML Digital Signature\n component could allow an attacker to cause untrusted code to\n replace the XML Digital Signature Transform or C14N algorithm\n implementations. (CVE-2010-4472)\n\n Konstantin Preisser and others discovered that specific double literals\n were improperly handled, allowing a remote attacker to cause a denial\n of service. (CVE-2010-4476)\n\n It was discovered that the JNLPClassLoader class when handling multiple\n signatures allowed remote attackers to gain privileges due to the\n assignment of an inappropriate security descriptor. (CVE-2011-0706)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea6-plugin\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea6-plugin\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea6-plugin\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:26:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1079-1", "modified": "2017-12-01T00:00:00", "published": "2011-03-07T00:00:00", "id": "OPENVAS:840607", "href": "http://plugins.openvas.org/nasl.php?oid=840607", "type": "openvas", "title": "Ubuntu Update for openjdk-6 vulnerabilities USN-1079-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1079_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for openjdk-6 vulnerabilities USN-1079-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that untrusted Java applets could create domain\n name resolution cache entries, allowing an attacker to manipulate\n name resolution within the JVM. (CVE-2010-4448)\n\n It was discovered that the Java launcher did not did not properly\n setup the LD_LIBRARY_PATH environment variable. A local attacker\n could exploit this to execute arbitrary code as the user invoking\n the program. (CVE-2010-4450)\n \n It was discovered that within the Swing library, forged timer events\n could allow bypass of SecurityManager checks. This could allow an\n attacker to access restricted resources. (CVE-2010-4465)\n \n It was discovered that certain bytecode combinations confused memory\n management within the HotSpot JVM. This could allow an attacker to\n cause a denial of service through an application crash or possibly\n inject code. (CVE-2010-4469)\n \n It was discovered that the way JAXP components were handled\n allowed them to be manipulated by untrusted applets. An attacker\n could use this to bypass XML processing restrictions and elevate\n privileges. (CVE-2010-4470)\n \n It was discovered that the Java2D subcomponent, when processing broken\n CFF fonts could leak system properties. (CVE-2010-4471)\n \n It was discovered that a flaw in the XML Digital Signature\n component could allow an attacker to cause untrusted code to\n replace the XML Digital Signature Transform or C14N algorithm\n implementations. (CVE-2010-4472)\n \n Konstantin Preißer and others discovered that specific double literals\n were improperly handled, allowing a remote attacker to cause a denial\n of service. (CVE-2010-4476)\n \n It was discovered that the JNLPClassLoader class when handling multiple\n signatures allowed remote attackers to gain privileges due to the\n assignment of an inappropriate security descriptor. (CVE-2011-0706)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1079-1\";\ntag_affected = \"openjdk-6 vulnerabilities on Ubuntu 9.10 ,\n Ubuntu 10.04 LTS ,\n Ubuntu 10.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1079-1/\");\n script_id(840607);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-07 06:45:55 +0100 (Mon, 07 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1079-1\");\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2010-4476\", \"CVE-2011-0706\");\n script_name(\"Ubuntu Update for openjdk-6 vulnerabilities USN-1079-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea6-plugin\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b20-1.9.7-0ubuntu1~9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea6-plugin\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b20-1.9.7-0ubuntu1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea6-plugin\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b20-1.9.7-0ubuntu1~10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:37:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4470"], "description": "Oracle Linux Local Security Checks ELSA-2011-0281", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122240", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122240", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-0281", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-0281.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122240\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:15:19 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-0281\");\n script_tag(name:\"insight\", value:\"ELSA-2011-0281 - java-1.6.0-openjdk security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-0281\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-0281.html\");\n script_cve_id(\"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4472\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.20.b17.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.20.b17.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.20.b17.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.20.b17.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.20.b17.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.39.b17.el6_0\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.39.b17.el6_0\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.39.b17.el6_0\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.39.b17.el6_0\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.39.b17.el6_0\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2011-0025", "CVE-2010-4470", "CVE-2011-0706"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-02-18T00:00:00", "id": "OPENVAS:1361412562310862853", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862853", "type": "openvas", "title": "Fedora Update for java-1.6.0-openjdk FEDORA-2011-1631", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for java-1.6.0-openjdk FEDORA-2011-1631\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862853\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-02-18 15:15:05 +0100 (Fri, 18 Feb 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2011-1631\");\n script_cve_id(\"CVE-2010-4465\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4448\",\n \"CVE-2010-4450\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2011-0706\",\n \"CVE-2010-4476\", \"CVE-2011-0025\");\n script_name(\"Fedora Update for java-1.6.0-openjdk FEDORA-2011-1631\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1.6.0-openjdk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC13\");\n script_tag(name:\"affected\", value:\"java-1.6.0-openjdk on Fedora 13\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~50.1.8.7.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-09T00:29:06", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "description": "It was discovered that untrusted Java applets could create domain \nname resolution cache entries, allowing an attacker to manipulate \nname resolution within the JVM. (CVE-2010-4448)\n\nIt was discovered that the Java launcher did not did not properly \nsetup the LD_LIBRARY_PATH environment variable. A local attacker \ncould exploit this to execute arbitrary code as the user invoking \nthe program. (CVE-2010-4450)\n\nIt was discovered that within the Swing library, forged timer events \ncould allow bypass of SecurityManager checks. This could allow an \nattacker to access restricted resources. (CVE-2010-4465)\n\nIt was discovered that certain bytecode combinations confused memory \nmanagement within the HotSpot JVM. This could allow an attacker to \ncause a denial of service through an application crash or possibly \ninject code. (CVE-2010-4469)\n\nIt was discovered that the way JAXP components were handled \nallowed them to be manipulated by untrusted applets. An attacker \ncould use this to bypass XML processing restrictions and elevate \nprivileges. (CVE-2010-4470)\n\nIt was discovered that the Java2D subcomponent, when processing broken \nCFF fonts could leak system properties. (CVE-2010-4471)\n\nIt was discovered that a flaw in the XML Digital Signature \ncomponent could allow an attacker to cause untrusted code to \nreplace the XML Digital Signature Transform or C14N algorithm \nimplementations. (CVE-2010-4472)\n\nKonstantin Preisser and others discovered that specific double literals \nwere improperly handled, allowing a remote attacker to cause a denial \nof service. (CVE-2010-4476)\n\nIt was discovered that the JNLPClassLoader class when handling multiple \nsignatures allowed remote attackers to gain privileges due to the \nassignment of an inappropriate security descriptor. (CVE-2011-0706)", "edition": 5, "modified": "2011-03-01T00:00:00", "published": "2011-03-01T00:00:00", "id": "USN-1079-1", "href": "https://ubuntu.com/security/notices/USN-1079-1", "title": "OpenJDK 6 vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:21:16", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "description": "USN-1079-1 fixed vulnerabilities in OpenJDK 6 for non-armel (ARM) \narchitectures. This update provides the corresponding updates for \nOpenJDK 6 for use with the armel (ARM) architectures.\n\nIn order to build the armel (ARM) OpenJDK 6 update for Ubuntu 10.04 \nLTS, it was necessary to rebuild binutils and gcj-4.4 from Ubuntu \n10.04 LTS updates.\n\nOriginal advisory details:\n\nIt was discovered that untrusted Java applets could create domain \nname resolution cache entries, allowing an attacker to manipulate \nname resolution within the JVM. (CVE-2010-4448)\n\nIt was discovered that the Java launcher did not did not properly \nsetup the LD_LIBRARY_PATH environment variable. A local attacker \ncould exploit this to execute arbitrary code as the user invoking \nthe program. (CVE-2010-4450)\n\nIt was discovered that within the Swing library, forged timer events \ncould allow bypass of SecurityManager checks. This could allow an \nattacker to access restricted resources. (CVE-2010-4465)\n\nIt was discovered that certain bytecode combinations confused memory \nmanagement within the HotSpot JVM. This could allow an attacker to \ncause a denial of service through an application crash or possibly \ninject code. (CVE-2010-4469)\n\nIt was discovered that the way JAXP components were handled \nallowed them to be manipulated by untrusted applets. An attacker \ncould use this to bypass XML processing restrictions and elevate \nprivileges. (CVE-2010-4470)\n\nIt was discovered that the Java2D subcomponent, when processing broken \nCFF fonts could leak system properties. (CVE-2010-4471)\n\nIt was discovered that a flaw in the XML Digital Signature \ncomponent could allow an attacker to cause untrusted code to \nreplace the XML Digital Signature Transform or C14N algorithm \nimplementations. (CVE-2010-4472)\n\nKonstantin Preisser and others discovered that specific double literals \nwere improperly handled, allowing a remote attacker to cause a denial \nof service. (CVE-2010-4476)\n\nIt was discovered that the JNLPClassLoader class when handling multiple \nsignatures allowed remote attackers to gain privileges due to the \nassignment of an inappropriate security descriptor. (CVE-2011-0706)", "edition": 5, "modified": "2011-03-15T00:00:00", "published": "2011-03-15T00:00:00", "id": "USN-1079-2", "href": "https://ubuntu.com/security/notices/USN-1079-2", "title": "OpenJDK 6 vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T01:41:44", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4470", "CVE-2011-0706"], "description": "USN-1079-2 fixed vulnerabilities in OpenJDK 6 for armel (ARM) \narchitectures in Ubuntu 9.10 and Ubuntu 10.04 LTS. This update fixes \nvulnerabilities in OpenJDK 6 for armel (ARM) architectures for Ubuntu \n10.10.\n\nOriginal advisory details:\n\nIt was discovered that untrusted Java applets could create domain \nname resolution cache entries, allowing an attacker to manipulate \nname resolution within the JVM. (CVE-2010-4448)\n\nIt was discovered that the Java launcher did not did not properly \nsetup the LD_LIBRARY_PATH environment variable. A local attacker \ncould exploit this to execute arbitrary code as the user invoking \nthe program. (CVE-2010-4450)\n\nIt was discovered that within the Swing library, forged timer events \ncould allow bypass of SecurityManager checks. This could allow an \nattacker to access restricted resources. (CVE-2010-4465)\n\nIt was discovered that certain bytecode combinations confused memory \nmanagement within the HotSpot JVM. This could allow an attacker to \ncause a denial of service through an application crash or possibly \ninject code. (CVE-2010-4469)\n\nIt was discovered that the way JAXP components were handled \nallowed them to be manipulated by untrusted applets. An attacker \ncould use this to bypass XML processing restrictions and elevate \nprivileges. (CVE-2010-4470)\n\nIt was discovered that the Java2D subcomponent, when processing broken \nCFF fonts could leak system properties. (CVE-2010-4471)\n\nIt was discovered that a flaw in the XML Digital Signature \ncomponent could allow an attacker to cause untrusted code to \nreplace the XML Digital Signature Transform or C14N algorithm \nimplementations. (CVE-2010-4472)\n\nKonstantin Preisser and others discovered that specific double literals \nwere improperly handled, allowing a remote attacker to cause a denial \nof service. (CVE-2010-4476)\n\nIt was discovered that the JNLPClassLoader class when handling multiple \nsignatures allowed remote attackers to gain privileges due to the \nassignment of an inappropriate security descriptor. (CVE-2011-0706)", "edition": 5, "modified": "2011-03-17T00:00:00", "published": "2011-03-17T00:00:00", "id": "USN-1079-3", "href": "https://ubuntu.com/security/notices/USN-1079-3", "title": "OpenJDK 6 vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:26:42", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4470"], "description": "**CentOS Errata and Security Advisory** CESA-2011:0281\n\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nA flaw was found in the Swing library. Forged TimerEvents could be used to\nbypass SecurityManager checks, allowing access to otherwise blocked files\nand directories. (CVE-2010-4465)\n\nA flaw was found in the HotSpot component in OpenJDK. Certain bytecode\ninstructions confused the memory management within the Java Virtual Machine\n(JVM), which could lead to heap corruption. (CVE-2010-4469)\n\nA flaw was found in the way JAXP (Java API for XML Processing) components\nwere handled, allowing them to be manipulated by untrusted applets. This\ncould be used to elevate privileges and bypass secure XML processing\nrestrictions. (CVE-2010-4470)\n\nIt was found that untrusted applets could create and place cache entries in\nthe name resolution cache. This could allow an attacker targeted\nmanipulation over name resolution until the OpenJDK VM is restarted.\n(CVE-2010-4448)\n\nIt was found that the Java launcher provided by OpenJDK did not check the\nLD_LIBRARY_PATH environment variable for insecure empty path elements. A\nlocal attacker able to trick a user into running the Java launcher while\nworking from an attacker-writable directory could use this flaw to load an\nuntrusted library, subverting the Java security model. (CVE-2010-4450)\n\nA flaw was found in the XML Digital Signature component in OpenJDK.\nUntrusted code could use this flaw to replace the Java Runtime Environment\n(JRE) XML Digital Signature Transform or C14N algorithm implementations to\nintercept digital signature operations. (CVE-2010-4472)\n\nNote: All of the above flaws can only be remotely triggered in OpenJDK by\ncalling the \"appletviewer\" application.\n\nThis update also provides one defense in depth patch. (BZ#676019)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-April/029351.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-April/029352.html\n\n**Affected packages:**\njava-1.6.0-openjdk\njava-1.6.0-openjdk-demo\njava-1.6.0-openjdk-devel\njava-1.6.0-openjdk-javadoc\njava-1.6.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-0281.html", "edition": 3, "modified": "2011-04-14T14:33:37", "published": "2011-04-14T14:33:37", "href": "http://lists.centos.org/pipermail/centos-announce/2011-April/029351.html", "id": "CESA-2011:0281", "title": "java security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:18", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4448", "CVE-2010-4450", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4470", "CVE-2010-4472"], "description": "These packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nA flaw was found in the Swing library. Forged TimerEvents could be used to\nbypass SecurityManager checks, allowing access to otherwise blocked files\nand directories. (CVE-2010-4465)\n\nA flaw was found in the HotSpot component in OpenJDK. Certain bytecode\ninstructions confused the memory management within the Java Virtual Machine\n(JVM), which could lead to heap corruption. (CVE-2010-4469)\n\nA flaw was found in the way JAXP (Java API for XML Processing) components\nwere handled, allowing them to be manipulated by untrusted applets. This\ncould be used to elevate privileges and bypass secure XML processing\nrestrictions. (CVE-2010-4470)\n\nIt was found that untrusted applets could create and place cache entries in\nthe name resolution cache. This could allow an attacker targeted\nmanipulation over name resolution until the OpenJDK VM is restarted.\n(CVE-2010-4448)\n\nIt was found that the Java launcher provided by OpenJDK did not check the\nLD_LIBRARY_PATH environment variable for insecure empty path elements. A\nlocal attacker able to trick a user into running the Java launcher while\nworking from an attacker-writable directory could use this flaw to load an\nuntrusted library, subverting the Java security model. (CVE-2010-4450)\n\nA flaw was found in the XML Digital Signature component in OpenJDK.\nUntrusted code could use this flaw to replace the Java Runtime Environment\n(JRE) XML Digital Signature Transform or C14N algorithm implementations to\nintercept digital signature operations. (CVE-2010-4472)\n\nNote: All of the above flaws can only be remotely triggered in OpenJDK by\ncalling the \"appletviewer\" application.\n\nThis update also provides one defense in depth patch. (BZ#676019)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "modified": "2018-06-06T20:24:25", "published": "2011-02-17T05:00:00", "id": "RHSA-2011:0281", "href": "https://access.redhat.com/errata/RHSA-2011:0281", "type": "redhat", "title": "(RHSA-2011:0281) Important: java-1.6.0-openjdk security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:31", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4422", "CVE-2010-4447", "CVE-2010-4448", "CVE-2010-4450", "CVE-2010-4451", "CVE-2010-4452", "CVE-2010-4454", "CVE-2010-4462", "CVE-2010-4463", "CVE-2010-4465", "CVE-2010-4466", "CVE-2010-4467", "CVE-2010-4468", "CVE-2010-4469", "CVE-2010-4470", "CVE-2010-4471", "CVE-2010-4472", "CVE-2010-4473", "CVE-2010-4475", "CVE-2010-4476"], "description": "The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and\nthe Sun Java 6 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 6 Runtime\nEnvironment and the Sun Java 6 Software Development Kit. Further\ninformation about these flaws can be found on the \"Oracle Java SE and Java\nfor Business Critical Patch Update Advisory\" page, listed in the References\nsection. (CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4450,\nCVE-2010-4451, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463,\nCVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4469,\nCVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4475,\nCVE-2010-4476)\n\nAll users of java-1.6.0-sun are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of Sun Java\nmust be restarted for the update to take effect.\n", "modified": "2018-06-07T09:04:34", "published": "2011-02-17T05:00:00", "id": "RHSA-2011:0282", "href": "https://access.redhat.com/errata/RHSA-2011:0282", "type": "redhat", "title": "(RHSA-2011:0282) Critical: java-1.6.0-sun security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:06", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4447", "CVE-2010-4448", "CVE-2010-4450", "CVE-2010-4454", "CVE-2010-4462", "CVE-2010-4465", "CVE-2010-4466", "CVE-2010-4468", "CVE-2010-4471", "CVE-2010-4473", "CVE-2010-4475"], "description": "The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM \"Security alerts\" page,\nlisted in the References section. (CVE-2010-4447, CVE-2010-4448,\nCVE-2010-4450, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465, CVE-2010-4466,\nCVE-2010-4468, CVE-2010-4471, CVE-2010-4473, CVE-2010-4475)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR12-FP4 Java release. All running\ninstances of IBM Java must be restarted for this update to take effect.\n", "modified": "2018-06-07T09:04:30", "published": "2011-03-17T04:00:00", "id": "RHSA-2011:0364", "href": "https://access.redhat.com/errata/RHSA-2011:0364", "type": "redhat", "title": "(RHSA-2011:0364) Critical: java-1.5.0-ibm security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:40", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4422", "CVE-2010-4447", "CVE-2010-4448", "CVE-2010-4452", "CVE-2010-4454", "CVE-2010-4462", "CVE-2010-4463", "CVE-2010-4465", "CVE-2010-4466", "CVE-2010-4467", "CVE-2010-4468", "CVE-2010-4471", "CVE-2010-4473", "CVE-2010-4475"], "description": "The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM \"Security alerts\" page,\nlisted in the References section. (CVE-2010-4422, CVE-2010-4447,\nCVE-2010-4448, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463,\nCVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4471,\nCVE-2010-4473, CVE-2010-4475)\n\nNote: The RHSA-2010:0987 and RHSA-2011:0290 java-1.6.0-ibm errata were\nmissing 64-bit PowerPC packages for Red Hat Enterprise Linux 4 Extras. This\nerratum provides 64-bit PowerPC packages for Red Hat Enterprise Linux 4\nExtras as expected.\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.6.0 SR9-FP1 Java release. All running\ninstances of IBM Java must be restarted for the update to take effect.\n", "modified": "2018-06-07T09:04:29", "published": "2011-03-16T04:00:00", "id": "RHSA-2011:0357", "href": "https://access.redhat.com/errata/RHSA-2011:0357", "type": "redhat", "title": "(RHSA-2011:0357) Critical: java-1.6.0-ibm security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:44", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4470"], "description": "[1.6.0.0-1.39.b17]\n- respin of IcedTea6 1.7.10\n- Resolves: rhbz#676276\n[1.6.0.0-1.37.b17]\n- Updated to IcedTea6 1.7.10\n- Resolves: rhbz#676276", "edition": 4, "modified": "2011-02-17T00:00:00", "published": "2011-02-17T00:00:00", "id": "ELSA-2011-0281", "href": "http://linux.oracle.com/errata/ELSA-2011-0281.html", "title": "java-1.6.0-openjdk security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-11-11T13:20:00", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4472", "CVE-2010-4471", "CVE-2011-0025", "CVE-2010-4470", "CVE-2010-4351", "CVE-2011-0706"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2224-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nApril 20, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openjdk-6\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2010-4351 CVE-2010-4448 CVE-2010-4450 CVE-2010-4465 \n CVE-2010-4469 CVE-2010-4470 CVE-2010-4471 CVE-2010-4472\n CVE-2011-0025 CVE-2011-0706\n\nSeveral security vulnerabilities were discovered in OpenJDK, an\nimplementation of the Java platform.\n\nCVE-2010-4351\n The JNLP SecurityManager returns from the checkPermission method\n instead of throwing an exception in certain circumstances, which\n might allow context-dependent attackers to bypass the intended\n security policy by creating instances of ClassLoader.\n\nCVE-2010-4448\n Malicious applets can perform DNS cache poisoning.\n\nCVE-2010-4450\n An empty (but set) LD_LIBRARY_PATH environment variable results in\n a misconstructed library search path, resulting in code execution\n from possibly untrusted sources.\n\nCVE-2010-4465\n Malicious applets can extend their privileges by abusing Swing\n timers.\n\nCVE-2010-4469\n The Hotspot just-in-time compiler miscompiles crafted byte\n sequences, resulting in heap corruption.\n\nCVE-2010-4470\n JAXP can be exploited by untrusted code to elevate privileges.\n\nCVE-2010-4471\n Java2D can be exploited by untrusted code to elevate privileges.\n\nCVE-2010-4472\n Untrusted code can replace the XML DSIG implementation.\n\nCVE-2011-0025\n Signatures on JAR files are not properly verified, which allows\n remote attackers to trick users into executing code that appears\n to come from a trusted source.\n\nCVE-2011-0706\n The JNLPClassLoader class allows remote attackers to gain\n privileges via unknown vectors related to multiple signers and the\n assignment of "an inappropriate security descriptor\n\nIn addition, this security update contains stability fixes, such as\nswitching to the recommended Hotspot version (hs14) for this\nparticular version of OpenJDK.\n\nFor the oldstable distribution (lenny), these problems have been fixed in\nversion 6b18-1.8.7-2~lenny1.\n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 6b18-1.8.7-2~squeeze1.\n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 1.8.7-1.\n\nWe recommend that you upgrade your openjdk-6 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 9, "modified": "2011-04-20T20:20:06", "published": "2011-04-20T20:20:06", "id": "DEBIAN:DSA-2224-1:ECD2A", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00093.html", "title": "[SECURITY] [DSA 2224-1] openjdk-6 security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4448", "CVE-2010-4450", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4470", "CVE-2010-4471", "CVE-2010-4472", "CVE-2010-4476", "CVE-2011-0025", "CVE-2011-0706"], "description": "The OpenJDK runtime environment. ", "modified": "2011-02-16T19:17:23", "published": "2011-02-16T19:17:23", "id": "FEDORA:35FB5110DCD", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: java-1.6.0-openjdk-1.6.0.0-50.1.8.7.fc13", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4448", "CVE-2010-4450", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4470", "CVE-2010-4471", "CVE-2010-4472", "CVE-2010-4476", "CVE-2011-0025", "CVE-2011-0706"], "description": "The OpenJDK runtime environment. ", "modified": "2011-02-16T19:20:33", "published": "2011-02-16T19:20:33", "id": "FEDORA:CA1BF110F53", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: java-1.6.0-openjdk-1.6.0.0-52.1.9.7.fc14", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4448", "CVE-2010-4450", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4470", "CVE-2010-4471", "CVE-2010-4472", "CVE-2010-4476", "CVE-2011-0025", "CVE-2011-0706", "CVE-2011-0815", "CVE-2011-0822", "CVE-2011-0862", "CVE-2011-0864", "CVE-2011-0865", "CVE-2011-0867", "CVE-2011-0868", "CVE-2011-0869", "CVE-2011-0870", "CVE-2011-0871", "CVE-2011-0872"], "description": "The OpenJDK runtime environment. ", "modified": "2011-06-15T05:33:46", "published": "2011-06-15T05:33:46", "id": "FEDORA:3C16110F9D3", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: java-1.6.0-openjdk-1.6.0.0-51.1.8.8.fc13", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4448", "CVE-2010-4450", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4470", "CVE-2010-4471", "CVE-2010-4472", "CVE-2010-4476", "CVE-2011-0025", "CVE-2011-0706", "CVE-2011-0815", "CVE-2011-0822", "CVE-2011-0862", "CVE-2011-0864", "CVE-2011-0865", "CVE-2011-0867", "CVE-2011-0868", "CVE-2011-0869", "CVE-2011-0870", "CVE-2011-0871", "CVE-2011-0872"], "description": "The OpenJDK runtime environment. ", "modified": "2011-06-11T04:18:13", "published": "2011-06-11T04:18:13", "id": "FEDORA:5BB2B10F988", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: java-1.6.0-openjdk-1.6.0.0-53.1.9.8.fc14", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4448", "CVE-2010-4450", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4470", "CVE-2010-4471", "CVE-2010-4472", "CVE-2010-4476", "CVE-2011-0025", "CVE-2011-0706", "CVE-2011-0815", "CVE-2011-0822", "CVE-2011-0862", "CVE-2011-0864", "CVE-2011-0865", "CVE-2011-0867", "CVE-2011-0868", "CVE-2011-0869", "CVE-2011-0870", "CVE-2011-0871", "CVE-2011-0872", "CVE-2011-2513"], "description": "The OpenJDK runtime environment. ", "modified": "2011-08-02T01:56:23", "published": "2011-08-02T01:56:23", "id": "FEDORA:2EE9C110E14", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: java-1.6.0-openjdk-1.6.0.0-54.1.9.9.fc14", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4448", "CVE-2010-4450", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4470", "CVE-2010-4471", "CVE-2010-4472", "CVE-2010-4476", "CVE-2011-0025", "CVE-2011-0706", "CVE-2011-0815", "CVE-2011-0822", "CVE-2011-0862", "CVE-2011-0864", "CVE-2011-0865", "CVE-2011-0867", "CVE-2011-0868", "CVE-2011-0869", "CVE-2011-0870", "CVE-2011-0871", "CVE-2011-0872", "CVE-2011-2513", "CVE-2011-3389", "CVE-2011-3521", "CVE-2011-3544", "CVE-2011-3547", "CVE-2011-3548", "CVE-2011-3551", "CVE-2011-3552", "CVE-2011-3554", "CVE-2011-3556", "CVE-2011-3557", "CVE-2011-3558", "CVE-2011-3560"], "description": "The OpenJDK runtime environment. ", "modified": "2011-10-20T09:53:34", "published": "2011-10-20T09:53:34", "id": "FEDORA:5DDA721219", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: java-1.6.0-openjdk-1.6.0.0-55.1.9.10.fc14", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2020-12-09T19:34:44", "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is heap corruption related to the Verifier and \"backward jsrs.\"", "edition": 5, "cvss3": {}, "published": "2011-02-17T19:00:00", "title": "CVE-2010-4469", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4469"], "modified": "2018-10-30T16:26:00", "cpe": ["cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:sdk:1.4.2_23", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:sdk:1.4.2_29", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:sdk:1.4.2_24", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:sdk:1.4.2_27", "cpe:/a:sun:jre:1.4.2_25", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:jre:1.4.2_29", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:sdk:1.4.2_20", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:jre:1.4.2_26", "cpe:/a:sun:jre:1.4.2_27", "cpe:/a:sun:sdk:1.4.2_22", "cpe:/a:sun:sdk:1.4.2_02", "cpe:/a:sun:sdk:1.4.2_28", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:1.4.2_28", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:jre:1.4.2", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:sun:sdk:1.4.2_25", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_21", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jre:1.4.2_23", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:sdk:1.4.2_26", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.4.2_24", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:sdk:1.4.2", "cpe:/a:sun:sdk:1.4.2_15"], "id": "CVE-2010-4469", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4469", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_29:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_26:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_28:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_28:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update26:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_29:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update22:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_23:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update26:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_27:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update25:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_27:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_23:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update27:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update24:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update27:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_26:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update24:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update25:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:44", "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to 2D. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the exposure of system properties via vectors related to Font.createFont and exception text.", "edition": 5, "cvss3": {}, "published": "2011-02-17T19:00:00", "title": "CVE-2010-4471", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4471"], "modified": "2017-12-22T02:29:00", "cpe": ["cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0"], "id": "CVE-2010-4471", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4471", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update26:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update22:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_23:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update26:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update25:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_23:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update27:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update24:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update27:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update24:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update25:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:44", "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the \"XML DSig Transform or C14N algorithm implementations.\"", "edition": 5, "cvss3": {}, "published": "2011-02-17T19:00:00", "title": "CVE-2010-4472", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4472"], "modified": "2017-12-22T02:29:00", "cpe": ["cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jre:1.6.0"], "id": "CVE-2010-4472", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4472", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_23:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_23:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:44", "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows local standalone applications to affect confidentiality, integrity, and availability via unknown vectors related to Launcher. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable.", "edition": 5, "cvss3": {}, "published": "2011-02-17T19:00:00", "title": "CVE-2010-4450", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.7, "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4450"], "modified": "2018-10-30T16:26:00", "cpe": ["cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:sdk:1.4.2_23", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:sdk:1.4.2_29", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:sdk:1.4.2_24", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:sdk:1.4.2_27", "cpe:/a:sun:jre:1.4.2_25", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:jre:1.4.2_29", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:sdk:1.4.2_20", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:jre:1.4.2_26", "cpe:/a:sun:jre:1.4.2_27", "cpe:/a:sun:sdk:1.4.2_22", "cpe:/a:sun:sdk:1.4.2_02", "cpe:/a:sun:sdk:1.4.2_28", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:1.4.2_28", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:jre:1.4.2", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:sun:sdk:1.4.2_25", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_21", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jre:1.4.2_23", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:sdk:1.4.2_26", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.4.2_24", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:sdk:1.4.2", "cpe:/a:sun:sdk:1.4.2_15"], "id": "CVE-2010-4450", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4450", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_29:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_26:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_28:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_28:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update26:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_29:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update22:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_23:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update26:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_27:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update25:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_27:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_23:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update27:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update24:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update27:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_26:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update24:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update25:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:44", "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves \"DNS cache poisoning by untrusted applets.\"", "edition": 5, "cvss3": {}, "published": "2011-02-17T19:00:00", "title": "CVE-2010-4448", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4448"], "modified": "2018-10-30T16:26:00", "cpe": ["cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:sdk:1.4.2_23", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:sdk:1.4.2_29", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:sdk:1.4.2_24", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:sdk:1.4.2_27", "cpe:/a:sun:jre:1.4.2_25", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:jre:1.4.2_29", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:sdk:1.4.2_20", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:jre:1.4.2_26", "cpe:/a:sun:jre:1.4.2_27", "cpe:/a:sun:sdk:1.4.2_22", "cpe:/a:sun:sdk:1.4.2_02", "cpe:/a:sun:sdk:1.4.2_28", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:1.4.2_28", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:jre:1.4.2", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:sun:sdk:1.4.2_25", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_21", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jre:1.4.2_23", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:sdk:1.4.2_26", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.4.2_24", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:sdk:1.4.2", "cpe:/a:sun:sdk:1.4.2_15"], "id": "CVE-2010-4448", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4448", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_29:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_26:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_28:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_28:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update26:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_29:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update22:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_23:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update26:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_27:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update25:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_27:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_23:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update27:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update24:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update27:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_26:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update24:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update25:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:44", "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the lack of framework support by AWT event dispatch, and/or \"clipboard access in Applets.\"", "edition": 5, "cvss3": {}, "published": "2011-02-17T19:00:00", "title": "CVE-2010-4465", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4465"], "modified": "2018-10-30T16:26:00", "cpe": ["cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:sdk:1.4.2_23", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:sdk:1.4.2_29", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:sdk:1.4.2_24", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:sdk:1.4.2_27", "cpe:/a:sun:jre:1.4.2_25", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:jre:1.4.2_29", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:sdk:1.4.2_20", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:jre:1.4.2_26", "cpe:/a:sun:jre:1.4.2_27", "cpe:/a:sun:sdk:1.4.2_22", "cpe:/a:sun:sdk:1.4.2_02", "cpe:/a:sun:sdk:1.4.2_28", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:1.4.2_28", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:jre:1.4.2", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:sun:sdk:1.4.2_25", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_21", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jre:1.4.2_23", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:sdk:1.4.2_26", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.4.2_24", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:sdk:1.4.2", "cpe:/a:sun:sdk:1.4.2_15"], "id": "CVE-2010-4465", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4465", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_29:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_26:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_28:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_28:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update26:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_29:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update22:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_23:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update26:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_27:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update25:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_27:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_23:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update27:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update24:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update27:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_26:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update24:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update25:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:39:24", "description": "The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of \"an inappropriate security descriptor.\"", "edition": 3, "cvss3": {}, "published": "2011-02-19T01:00:00", "title": "CVE-2011-0706", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0706"], "modified": "2017-09-19T01:32:00", "cpe": ["cpe:/a:redhat:icedtea-web:1.0", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:redhat:icedtea-web:1.0.1"], "id": "CVE-2011-0706", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0706", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:redhat:icedtea-web:1.0.1:pre:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea-web:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea-web:1.0:pre:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:44", "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows remote attackers to affect availability via unknown vectors related to JAXP and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to \"Features set on SchemaFactory not inherited by Validator.\"", "edition": 5, "cvss3": {}, "published": "2011-02-17T19:00:00", "title": "CVE-2010-4470", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4470"], "modified": "2017-12-22T02:29:00", "cpe": ["cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jre:1.6.0"], "id": "CVE-2010-4470", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4470", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_23:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_23:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*"]}], "securityvulns": [{"lastseen": "2018-08-31T11:09:40", "bulletinFamily": "software", "cvelist": ["CVE-2010-4475", "CVE-2010-4468", "CVE-2010-4452", "CVE-2010-4462", "CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4454", "CVE-2010-4451", "CVE-2010-4422", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4463", "CVE-2010-4473", "CVE-2010-4474", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4447", "CVE-2010-4470", "CVE-2011-0706", "CVE-2010-4467", "CVE-2010-4466"], "description": "Over 20 of different vulnerabilities.", "edition": 1, "modified": "2011-02-17T00:00:00", "published": "2011-02-17T00:00:00", "id": "SECURITYVULNS:VULN:11443", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11443", "title": "Oracle Java multiple security vulnerabilities / OpenJDK", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:39", "bulletinFamily": "software", "cvelist": ["CVE-2010-4465"], "description": "ZDI-11-083: Oracle Java Applet Clipboard Injection Remote Code Execution Vulnerability\r\n\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-083\r\n\r\nFebruary 15, 2011\r\n\r\n-- CVE ID:\r\nCVE-2010-4465\r\n\r\n-- CVSS:\r\n10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)\r\n\r\n-- Affected Vendors:\r\nOracle\r\n\r\n-- Affected Products:\r\nOracle Java Runtime\r\n\r\n-- TippingPoint(TM) IPS Customer Protection:\r\nTippingPoint IPS customers have been protected against this\r\nvulnerability by Digital Vaccine protection filter ID 10851. \r\nFor further product information on the TippingPoint IPS, visit:\r\n\r\n http://www.tippingpoint.com\r\n\r\n-- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code on\r\nvulnerable installations of the Oracle Java Runtime. User interaction is\r\nrequired to exploit this vulnerability in that the target must visit a\r\nmalicious page.\r\n\r\nThe specific flaw is due to insufficient defenses against system\r\nclipboard hijacking. When in focus, a handle to the system clipboard can\r\nbe retrieved without user interaction by a malicious component. The\r\nclipboard can then be arbitrarily read from or written to. By writing a\r\nTransferableProxy object to the system clipboard and then forcing a\r\npaste action, arbitrary code can be executed under the context of the\r\nuser invoking the JRE.\r\n\r\n-- Vendor Response:\r\nOracle has issued an update to correct this vulnerability. More\r\ndetails can be found at:\r\n\r\nhttp://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html\r\n\r\n-- Disclosure Timeline:\r\n2010-01-26 - Vulnerability reported to vendor\r\n2011-02-15 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by:\r\n * Sami Koivu\r\n\r\n-- About the Zero Day Initiative (ZDI):\r\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents \r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors (including competitors) who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\r\n\r\nFollow the ZDI on Twitter:\r\n\r\n http://twitter.com/thezdi", "edition": 1, "modified": "2011-02-17T00:00:00", "published": "2011-02-17T00:00:00", "id": "SECURITYVULNS:DOC:25749", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25749", "title": "ZDI-11-083: Oracle Java Applet Clipboard Injection Remote Code Execution Vulnerability", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:42", "bulletinFamily": "software", "cvelist": ["CVE-2010-4448", "CVE-2011-3552"], "description": "Hey,\r\n\r\nToday we are releasing a very interesting whitepaper which describes a DNS\r\npoisoning attack against stub resolvers.\r\n\r\nIt discloses two vulnerabilities:\r\n\r\n1. A vulnerability in Java (CVE-2011-3552, CVE-2010-4448) which enables remote\r\n DNS poisoning using Java applets. This vulnerability can be triggered when\r\n opening a malicious webpage. A successful exploitation of this vulnerability\r\n may lead to disclosure and manipulation of cookies and web pages, disclosure\r\n of NTLM credentials and clipboard data of the logged-on user, and even\r\n firewall bypass.\r\n\r\n2. A vulnerability in multiuser Windows environments which enables local DNS\r\n cache poisoning of arbitrary domains. This vulnerability can be triggered\r\n by a normal user (i.e. one with non-administrative rights) in order to\r\n attack other users of the system. A successful exploitation of this\r\n vulnerability may lead to information disclosure, privilege escalation,\r\n universal XSS and more.\r\n\r\n Whitepaper: http://bit.ly/q31wSq\r\n A blog post with video demos: http://bit.ly/qu4Ez7\r\n\r\n\r\nRoee Hay <roeeh@il.ibm.com>, IBM Rational Application Security Research Group\r\nYair Amit <yairam@gmail.com>\r\n", "edition": 1, "modified": "2011-10-24T00:00:00", "published": "2011-10-24T00:00:00", "id": "SECURITYVULNS:DOC:27184", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27184", "title": "DNS Poisoning via Port Exhaustion", "type": "securityvulns", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "suse": [{"lastseen": "2016-09-04T11:41:42", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4475", "CVE-2010-4468", "CVE-2010-4452", "CVE-2010-4462", "CVE-2010-4448", "CVE-2010-4465", "CVE-2010-4454", "CVE-2010-4451", "CVE-2010-4422", "CVE-2010-4469", "CVE-2010-4450", "CVE-2010-4463", "CVE-2010-4473", "CVE-2010-4474", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-4447", "CVE-2010-4470", "CVE-2010-4467", "CVE-2010-4466"], "description": "Sun Java 1.6 was updated to Update 24 fixing various bugs and security issues.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2011-02-22T14:41:11", "published": "2011-02-22T14:41:11", "id": "SUSE-SA:2011:010", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00005.html", "title": "remote code execution in java-1_6_0-sun", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T17:56:50", "description": "CVE ID\uff1aCVE-2010-4465\r\n\r\nOracle Java Runtime Environment\u662f\u4e00\u6b3e\u4e3aJAVA\u5e94\u7528\u7a0b\u5e8f\u63d0\u4f9b\u53ef\u9760\u7684\u8fd0\u884c\u73af\u5883\u7684\u89e3\u51b3\u65b9\u6848\u3002\r\n\u7531\u4e8e\u4e0d\u5145\u5206\u9632\u5fa1\u7cfb\u7edf\u526a\u8d34\u677f\u52ab\u6301\u653b\u51fb\u3002\u5f53in focus\u65f6\uff0c\u6076\u610f\u7ec4\u4ef6\u53ef\u65e0\u9700\u7528\u6237\u4ea4\u4e92\u83b7\u53d6\u7cfb\u7edf\u526a\u8d34\u677f\u7684\u53e5\u67c4\u3002\u7136\u540e\u53ef\u4ece\u526a\u8d34\u677f\u4e2d\u8bfb\u53d6\u6570\u636e\u6216\u5199\u5165\u3002\u901a\u8fc7\u628aTransferableProxy\u5bf9\u8c61\u5199\u5165\u5230\u7cfb\u7edf\u526a\u8d34\u677f\uff0c\u5e76\u5f3a\u5236\u7c98\u8d34\u64cd\u4f5c\uff0c\u53ef\u8c03\u7528JRE\u7528\u6237\u4e0a\u4e0b\u6587\u6267\u884c\u4efb\u610f\u4ee3\u7801\n\nOracle Java Runtime\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\n\r\n\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html", "published": "2011-12-01T00:00:00", "type": "seebug", "title": "Oracle Java Applet\u526a\u8d34\u677f\u6ce8\u5165\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-4465"], "modified": "2011-12-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-24277", "id": "SSV:24277", "sourceData": "", "sourceHref": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "zdi": [{"lastseen": "2020-06-22T11:42:28", "bulletinFamily": "info", "cvelist": ["CVE-2010-4465"], "edition": 3, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw is due to insufficient defenses against system clipboard hijacking. When in focus, a handle to the system clipboard can be retrieved without user interaction by a malicious component. The clipboard can then be arbitrarily read from or written to. By writing a TransferableProxy object to the system clipboard and then forcing a paste action, arbitrary code can be executed under the context of the user invoking the JRE.", "modified": "2011-06-22T00:00:00", "published": "2011-02-15T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-11-083/", "id": "ZDI-11-083", "title": "Oracle Java Applet Clipboard Injection Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
