SuSE 11.3 Security Update : icedtea-web (SAT Patch Number 7981)
2013-07-18T00:00:00
ID SUSE_11_ICEDTEA-WEB-130702.NASL Type nessus Reporter This script is Copyright (C) 2013-2021 Tenable Network Security, Inc. Modified 2021-01-19T00:00:00
Description
This update to IcedTea-Web 1.4 provides the following fixes and enhancements :
Security updates
RH916774: Class-loader incorrectly shared for applets with same relative-path. (CVE-2013-1926)
PR1157: Applets can hang browser after fatal exception.
Common
PR1049: Extension jnlp's signed jar with the content of only META-INF/* is considered
PR955: regression: SweetHome3D fails to run
PR1145: IcedTea-Web can cause ClassCircularityError
PR1161: X509VariableTrustManager does not work correctly with OpenJDK7
PR822: Applets fail to load if jars have different signers
PR1186:
System.getProperty('deployment.user.security.trusted.cac erts') is null
PR909: The Java applet at http://de.gosupermodel.com/games/wardrobegame.jsp fails
PR1299: WebStart doesn't read socket proxy settings from firefox correctly.
Added cs, de, pl localization
Splash screen for javaws and plugin
Better error reporting for plugin via Error-splash-screen
All IcedTea-Web dialogues are centered to middle of active screen
Download indicator made compact for more then one jar
User can select its own JVM via itw-settings and deploy.properties
Added extended applets security settings and dialogue
Added new option in itw-settings which allows users to set JVM arguments when plugin is initialized
Fixed a build failure with older xulrunner
Changed strict openjdk6 dependencies to anything java-openjdk >= 1.6.0.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#
if (NASL_LEVEL < 3000) exit(0);
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(68953);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2012-3422", "CVE-2012-3423", "CVE-2013-1926", "CVE-2013-1927");
script_name(english:"SuSE 11.3 Security Update : icedtea-web (SAT Patch Number 7981)");
script_summary(english:"Checks rpm output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote SuSE 11 host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This update to IcedTea-Web 1.4 provides the following fixes and
enhancements :
- Security updates
- RH916774: Class-loader incorrectly shared for applets
with same relative-path. (CVE-2013-1926)
- RH884705: fixed gifar vulnerabilit. (CVE-2013-1927)
- RH840592: Potential read from an uninitialized memory
location. (CVE-2012-3422)
- RH841345: Incorrect handling of not 0-terminated
strings. (CVE-2012-3423)
- RH884705: fixed gifar vulnerability. (CVE-2013-1927)
- RH916774: Class-loader incorrectly shared for applets
with same relative-path. (CVE-2013-1926)
- NetX
- PR1027: DownloadService is not supported by IcedTea-Web
- PR725: JNLP applications will prompt for creating
desktop shortcuts every time they are run
- PR1292: Javaws does not resolve versioned jar names with
periods correctly
- PR580: http://www.horaoficial.cl/ loads improperly.
- Plugin
- PR1106: Buffer overflow in plugin table-
- PR1166: Embedded JNLP File is not supported in applet
tag
- PR1217: Add command line arguments for plugins
- PR1189: Icedtea-plugin requires code attribute when
using jnlp_href
- PR1198: JSObject is not passed to JavaScript correctly
- PR1260: IcedTea-Web should not rely on GTK
- PR1157: Applets can hang browser after fatal exception
- PR580: http://www.horaoficial.cl/ loads improperly
- PR1260: IcedTea-Web should not rely on GTK
- PR1157: Applets can hang browser after fatal exception.
- Common
- PR1049: Extension jnlp's signed jar with the content of
only META-INF/* is considered
- PR955: regression: SweetHome3D fails to run
- PR1145: IcedTea-Web can cause ClassCircularityError
- PR1161: X509VariableTrustManager does not work correctly
with OpenJDK7
- PR822: Applets fail to load if jars have different
signers
- PR1186:
System.getProperty('deployment.user.security.trusted.cac
erts') is null
- PR909: The Java applet at
http://de.gosupermodel.com/games/wardrobegame.jsp fails
- PR1299: WebStart doesn't read socket proxy settings from
firefox correctly.
- Added cs, de, pl localization
- Splash screen for javaws and plugin
- Better error reporting for plugin via
Error-splash-screen
- All IcedTea-Web dialogues are centered to middle of
active screen
- Download indicator made compact for more then one jar
- User can select its own JVM via itw-settings and
deploy.properties
- Added extended applets security settings and dialogue
- Added new option in itw-settings which allows users to
set JVM arguments when plugin is initialized
- Fixed a build failure with older xulrunner
- Changed strict openjdk6 dependencies to anything
java-openjdk >= 1.6.0."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=815596"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=818768"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=825880"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2012-3422.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2012-3423.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2013-1926.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2013-1927.html"
);
script_set_attribute(attribute:"solution", value:"Apply SAT patch number 7981.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:icedtea-web");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
script_set_attribute(attribute:"patch_publication_date", value:"2013/07/02");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/18");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
pl = get_kb_item("Host/SuSE/patchlevel");
if (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3");
flag = 0;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"icedtea-web-1.4-0.10.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"icedtea-web-1.4-0.10.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"id": "SUSE_11_ICEDTEA-WEB-130702.NASL", "type": "nessus", "bulletinFamily": "scanner", "title": "SuSE 11.3 Security Update : icedtea-web (SAT Patch Number 7981)", "description": "This update to IcedTea-Web 1.4 provides the following fixes and enhancements :\n\n - Security updates\n\n - RH916774: Class-loader incorrectly shared for applets with same relative-path. (CVE-2013-1926)\n\n - RH884705: fixed gifar vulnerabilit. (CVE-2013-1927)\n\n - RH840592: Potential read from an uninitialized memory location. (CVE-2012-3422)\n\n - RH841345: Incorrect handling of not 0-terminated strings. (CVE-2012-3423)\n\n - RH884705: fixed gifar vulnerability. (CVE-2013-1927)\n\n - RH916774: Class-loader incorrectly shared for applets with same relative-path. (CVE-2013-1926)\n\n - NetX\n\n - PR1027: DownloadService is not supported by IcedTea-Web\n\n - PR725: JNLP applications will prompt for creating desktop shortcuts every time they are run\n\n - PR1292: Javaws does not resolve versioned jar names with periods correctly\n\n - PR580: http://www.horaoficial.cl/ loads improperly.\n\n - Plugin\n\n - PR1106: Buffer overflow in plugin table-\n\n - PR1166: Embedded JNLP File is not supported in applet tag\n\n - PR1217: Add command line arguments for plugins\n\n - PR1189: Icedtea-plugin requires code attribute when using jnlp_href\n\n - PR1198: JSObject is not passed to JavaScript correctly\n\n - PR1260: IcedTea-Web should not rely on GTK\n\n - PR1157: Applets can hang browser after fatal exception\n\n - PR580: http://www.horaoficial.cl/ loads improperly\n\n - PR1260: IcedTea-Web should not rely on GTK\n\n - PR1157: Applets can hang browser after fatal exception.\n\n - Common\n\n - PR1049: Extension jnlp's signed jar with the content of only META-INF/* is considered\n\n - PR955: regression: SweetHome3D fails to run\n\n - PR1145: IcedTea-Web can cause ClassCircularityError\n\n - PR1161: X509VariableTrustManager does not work correctly with OpenJDK7\n\n - PR822: Applets fail to load if jars have different signers\n\n - PR1186:\n System.getProperty('deployment.user.security.trusted.cac erts') is null\n\n - PR909: The Java applet at http://de.gosupermodel.com/games/wardrobegame.jsp fails\n\n - PR1299: WebStart doesn't read socket proxy settings from firefox correctly.\n\n - Added cs, de, pl localization\n\n - Splash screen for javaws and plugin\n\n - Better error reporting for plugin via Error-splash-screen\n\n - All IcedTea-Web dialogues are centered to middle of active screen\n\n - Download indicator made compact for more then one jar\n\n - User can select its own JVM via itw-settings and deploy.properties\n\n - Added extended applets security settings and dialogue\n\n - Added new option in itw-settings which allows users to set JVM arguments when plugin is initialized\n\n - Fixed a build failure with older xulrunner\n\n - Changed strict openjdk6 dependencies to anything java-openjdk >= 1.6.0.", "published": "2013-07-18T00:00:00", "modified": "2021-01-19T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/68953", "reporter": "This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.", "references": ["http://support.novell.com/security/cve/CVE-2012-3422.html", "https://bugzilla.novell.com/show_bug.cgi?id=815596", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3423", "http://support.novell.com/security/cve/CVE-2013-1927.html", "https://bugzilla.novell.com/show_bug.cgi?id=818768", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3422", "http://support.novell.com/security/cve/CVE-2012-3423.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1926", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1927", "https://bugzilla.novell.com/show_bug.cgi?id=825880", "http://support.novell.com/security/cve/CVE-2013-1926.html"], "cvelist": ["CVE-2012-3422", "CVE-2012-3423", "CVE-2013-1926", "CVE-2013-1927"], "immutableFields": [], "lastseen": "2021-08-19T12:54:25", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "centos", "idList": ["CESA-2012:1132", "CESA-2013:0753"]}, {"type": "cve", "idList": ["CVE-2012-3422", "CVE-2012-3423", "CVE-2013-1926", "CVE-2013-1927"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2012-3422", "DEBIANCVE:CVE-2012-3423", "DEBIANCVE:CVE-2013-1926", "DEBIANCVE:CVE-2013-1927"]}, {"type": "fedora", "idList": ["FEDORA:15D842097C", "FEDORA:21E4420AE9", "FEDORA:2BE0C236C7", "FEDORA:2C8212639F", "FEDORA:4D72321870", "FEDORA:5AFD220FF3", "FEDORA:841ED27B00", "FEDORA:9DB5F21CA4", "FEDORA:9E7EB210DC"]}, {"type": "freebsd", "idList": ["55B498E2-E56C-11E1-BBD5-001C25E46B1D"]}, {"type": "gentoo", "idList": ["GLSA-201406-32"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2012-1132.NASL", "CENTOS_RHSA-2013-0753.NASL", "FEDORA_2012-14316.NASL", "FEDORA_2012-14370.NASL", "FREEBSD_PKG_55B498E2E56C11E1BBD5001C25E46B1D.NASL", "GENTOO_GLSA-201406-32.NASL", "MANDRIVA_MDVSA-2012-122.NASL", "OPENSUSE-2012-512.NASL", "OPENSUSE-2012-513.NASL", "OPENSUSE-2013-371.NASL", "OPENSUSE-2013-372.NASL", "OPENSUSE-2013-373.NASL", "OPENSUSE-2013-439.NASL", "ORACLELINUX_ELSA-2012-1132.NASL", "ORACLELINUX_ELSA-2013-0753.NASL", "REDHAT-RHSA-2012-1132.NASL", "REDHAT-RHSA-2013-0753.NASL", "SL_20120731_ICEDTEA_WEB_ON_SL6_X.NASL", "SL_20130417_ICEDTEA_WEB_ON_SL6_X.NASL", "SUSE_11_ICEDTEA-WEB-120802.NASL", "SUSE_11_ICEDTEA-WEB-130419.NASL", "SUSE_11_ICEDTEA-WEB-130517.NASL", "UBUNTU_USN-1521-1.NASL", "UBUNTU_USN-1804-1.NASL", "UBUNTU_USN-1804-2.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310121235", "OPENVAS:1361412562310123640", "OPENVAS:1361412562310123853", "OPENVAS:136141256231071848", "OPENVAS:1361412562310831710", "OPENVAS:1361412562310841098", "OPENVAS:1361412562310841401", "OPENVAS:1361412562310841407", "OPENVAS:1361412562310850308", "OPENVAS:1361412562310850309", "OPENVAS:1361412562310864706", "OPENVAS:1361412562310864713", "OPENVAS:1361412562310864857", "OPENVAS:1361412562310864864", "OPENVAS:1361412562310865567", "OPENVAS:1361412562310865574", "OPENVAS:1361412562310866958", "OPENVAS:1361412562310870802", "OPENVAS:1361412562310870984", "OPENVAS:1361412562310881466", "OPENVAS:1361412562310881713", "OPENVAS:71848", "OPENVAS:831710", "OPENVAS:841098", "OPENVAS:841401", "OPENVAS:841407", "OPENVAS:850308", "OPENVAS:850309", "OPENVAS:864706", "OPENVAS:864713", "OPENVAS:864857", "OPENVAS:864864", "OPENVAS:865567", "OPENVAS:865574", "OPENVAS:866958", "OPENVAS:870802", "OPENVAS:870984", "OPENVAS:881466", "OPENVAS:881713"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-1132", "ELSA-2013-0753"]}, {"type": "redhat", "idList": ["RHSA-2012:1132", "RHSA-2013:0753"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:29259", "SECURITYVULNS:VULN:13018"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2012:0981-1", "OPENSUSE-SU-2012:0982-1", "SUSE-SU-2012:0979-1", "SUSE-SU-2013:0851-1", "SUSE-SU-2013:1174-1"]}, {"type": "ubuntu", "idList": ["USN-1521-1", "USN-1804-1", "USN-1804-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2012-3422", "UB:CVE-2012-3423", "UB:CVE-2013-1926", "UB:CVE-2013-1927"]}], "rev": 4}, "score": {"value": 8.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2012:1132", "CESA-2013:0753"]}, {"type": "cve", "idList": ["CVE-2012-3422", "CVE-2012-3423", "CVE-2013-1926", "CVE-2013-1927"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2012-3422", "DEBIANCVE:CVE-2012-3423"]}, {"type": "fedora", "idList": ["FEDORA:9E7EB210DC"]}, {"type": "freebsd", "idList": ["55B498E2-E56C-11E1-BBD5-001C25E46B1D"]}, {"type": "nessus", "idList": ["SL_20120731_ICEDTEA_WEB_ON_SL6_X.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310865574", "OPENVAS:870802"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-0753"]}, {"type": "redhat", "idList": ["RHSA-2013:0753"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:29259"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2012:0982-1"]}, {"type": "ubuntu", "idList": ["USN-1804-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2012-3422"]}]}, "exploitation": null, "vulnersScore": 8.1}, "pluginID": "68953", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68953);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-3422\", \"CVE-2012-3423\", \"CVE-2013-1926\", \"CVE-2013-1927\");\n\n script_name(english:\"SuSE 11.3 Security Update : icedtea-web (SAT Patch Number 7981)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update to IcedTea-Web 1.4 provides the following fixes and\nenhancements :\n\n - Security updates\n\n - RH916774: Class-loader incorrectly shared for applets\n with same relative-path. (CVE-2013-1926)\n\n - RH884705: fixed gifar vulnerabilit. (CVE-2013-1927)\n\n - RH840592: Potential read from an uninitialized memory\n location. (CVE-2012-3422)\n\n - RH841345: Incorrect handling of not 0-terminated\n strings. (CVE-2012-3423)\n\n - RH884705: fixed gifar vulnerability. (CVE-2013-1927)\n\n - RH916774: Class-loader incorrectly shared for applets\n with same relative-path. (CVE-2013-1926)\n\n - NetX\n\n - PR1027: DownloadService is not supported by IcedTea-Web\n\n - PR725: JNLP applications will prompt for creating\n desktop shortcuts every time they are run\n\n - PR1292: Javaws does not resolve versioned jar names with\n periods correctly\n\n - PR580: http://www.horaoficial.cl/ loads improperly.\n\n - Plugin\n\n - PR1106: Buffer overflow in plugin table-\n\n - PR1166: Embedded JNLP File is not supported in applet\n tag\n\n - PR1217: Add command line arguments for plugins\n\n - PR1189: Icedtea-plugin requires code attribute when\n using jnlp_href\n\n - PR1198: JSObject is not passed to JavaScript correctly\n\n - PR1260: IcedTea-Web should not rely on GTK\n\n - PR1157: Applets can hang browser after fatal exception\n\n - PR580: http://www.horaoficial.cl/ loads improperly\n\n - PR1260: IcedTea-Web should not rely on GTK\n\n - PR1157: Applets can hang browser after fatal exception.\n\n - Common\n\n - PR1049: Extension jnlp's signed jar with the content of\n only META-INF/* is considered\n\n - PR955: regression: SweetHome3D fails to run\n\n - PR1145: IcedTea-Web can cause ClassCircularityError\n\n - PR1161: X509VariableTrustManager does not work correctly\n with OpenJDK7\n\n - PR822: Applets fail to load if jars have different\n signers\n\n - PR1186:\n System.getProperty('deployment.user.security.trusted.cac\n erts') is null\n\n - PR909: The Java applet at\n http://de.gosupermodel.com/games/wardrobegame.jsp fails\n\n - PR1299: WebStart doesn't read socket proxy settings from\n firefox correctly.\n\n - Added cs, de, pl localization\n\n - Splash screen for javaws and plugin\n\n - Better error reporting for plugin via\n Error-splash-screen\n\n - All IcedTea-Web dialogues are centered to middle of\n active screen\n\n - Download indicator made compact for more then one jar\n\n - User can select its own JVM via itw-settings and\n deploy.properties\n\n - Added extended applets security settings and dialogue\n\n - Added new option in itw-settings which allows users to\n set JVM arguments when plugin is initialized\n\n - Fixed a build failure with older xulrunner\n\n - Changed strict openjdk6 dependencies to anything\n java-openjdk >= 1.6.0.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=815596\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=818768\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=825880\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-3422.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-3423.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1926.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1927.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 7981.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:icedtea-web\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"icedtea-web-1.4-0.10.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"icedtea-web-1.4-0.10.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:suse_linux:11:icedtea-web", "cpe:/o:novell:suse_linux:11"], "solution": "Apply SAT patch number 7981.", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "5.9"}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2013-07-02T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": [], "_state": {"dependencies": 1647589307, "score": 0}}
{"suse": [{"lastseen": "2016-09-04T11:51:34", "description": "This update to IcedTea-Web 1.4 provides the following fixes\n and enhancements:\n\n *\n\n Security updates\n\n o CVE-2013-1926, RH916774: Class-loader\n incorrectly shared for applets with same relative-path o\n CVE-2013-1927, RH884705: fixed gifar vulnerabilit o\n CVE-2012-3422, RH840592: Potential read from an\n uninitialized memory location o CVE-2012-3423, RH841345:\n Incorrect handling of not 0-terminated strings o\n CVE-2013-1927, RH884705: fixed gifar vulnerability o\n CVE-2013-1926, RH916774: Class-loader incorrectly shared\n for applets with same relative-path.\n *\n\n NetX\n\n o PR1027: DownloadService is not supported by\n IcedTea-Web o PR725: JNLP applications will prompt for\n creating desktop shortcuts every time they are run o\n PR1292: Javaws does not resolve versioned jar names with\n periods correctly o PR580: <a rel=\"nofollow\" href=\"http://www.horaoficial.cl/\">http://www.horaoficial.cl/</a> loads\n improperly.\n *\n\n Plugin\n\n o PR1106: Buffer overflow in plugin table- o\n PR1166: Embedded JNLP File is not supported in applet tag o\n PR1217: Add command line arguments for plugins o PR1189:\n Icedtea-plugin requires code attribute when using jnlp_href\n o PR1198: JSObject is not passed to javascript correctly o\n PR1260: IcedTea-Web should not rely on GTK o PR1157:\n Applets can hang browser after fatal exception o PR580:\n <a rel=\"nofollow\" href=\"http://www.horaoficial.cl/\">http://www.horaoficial.cl/</a> loads improperly o PR1260:\n IcedTea-Web should not rely on GTK o PR1157: Applets can\n hang browser after fatal exception.\n *\n\n Common\n\n o PR1049: Extension jnlp's signed jar with the\n content of only META-INF/* is considered o PR955:\n regression: SweetHome3D fails to run o PR1145: IcedTea-Web\n can cause ClassCircularityError o PR1161:\n X509VariableTrustManager does not work correctly with\n OpenJDK7 o PR822: Applets fail to load if jars have\n different signers o PR1186:\n System.getProperty("deployment.user.security.trusted.cacerts\n ") is null o PR909: The Java applet at\n <a rel=\"nofollow\" href=\"http://de.gosupermodel.com/games/wardrobegame.jsp\">http://de.gosupermodel.com/games/wardrobegame.jsp</a> fails o\n PR1299: WebStart doesn't read socket proxy settings from\n firefox correctly.\n *\n\n Added cs, de, pl localization\n\n * Splash screen for javaws and plugin\n * Better error reporting for plugin via\n Error-splash-screen\n * All IcedTea-Web dialogues are centered to middle of\n active screen\n * Download indicator made compact for more then one jar\n * User can select its own JVM via itw-settings and\n deploy.properties\n * Added extended applets security settings and dialogue\n * Added new option in itw-settings which allows users\n to set JVM arguments when plugin is initialized\n * Fixed a build failure with older xulrunner\n * Changed strict openjdk6 dependencies to anything\n java-openjdk >= 1.6.0.\n", "cvss3": {}, "published": "2013-07-10T19:04:21", "type": "suse", "title": "Security update for icedtea-web (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-3422", "CVE-2013-1926", "CVE-2012-3423", "CVE-2013-1927"], "modified": "2013-07-10T19:04:21", "id": "SUSE-SU-2013:1174-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:29:26", "description": "This update of icedtea-web fixes several bugs and security\n issues.\n", "cvss3": {}, "published": "2013-05-31T19:04:15", "type": "suse", "title": "Security update for icedtea-web (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-3422", "CVE-2013-1926", "CVE-2012-3423", "CVE-2013-1927"], "modified": "2013-05-31T19:04:15", "id": "SUSE-SU-2013:0851-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:29:41", "description": "This update of icedtea-web fixed multiple hewap buffer\n overflows.\n\n", "cvss3": {}, "published": "2012-08-13T09:08:35", "type": "suse", "title": "update for icedtea-web (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-3422", "CVE-2012-3423"], "modified": "2012-08-13T09:08:35", "id": "OPENSUSE-SU-2012:0982-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00005.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:57:02", "description": "- update to 1.2.1 (bnc#773458)\n - Security Updates\n * CVE-2012-3422, RH840592: Potential read from an\n uninitialized memory location\n * CVE-2012-3423, RH841345: Incorrect handling of not\n 0-terminated strings\n - NetX\n * PR898: signed applications with big jnlp-file doesn't\n start (webstart affect like "frozen")\n * PR811: javaws is not handling urls with spaces (and\n other characters needing encoding) correctly\n * 816592: icedtea-web not loading GeoGebra java applets\n in Firefox or Chrome\n - Plugin\n * PR863: Error passing strings to applet methods in\n Chromium\n * PR895: IcedTea-Web searches for missing classes on each\n loadClass or findClass\n * PR518: NPString.utf8characters not guaranteed to be\n nul-terminated\n - Common\n * RH838417: Disambiguate signed applet security prompt\n from certificate warning\n * RH838559: Disambiguate signed applet security prompt\n from certificate warning\n\n", "cvss3": {}, "published": "2012-08-10T21:08:31", "type": "suse", "title": "icedtea-web: Update to 1.2.1 (bnc#) (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-3422", "CVE-2012-3423"], "modified": "2012-08-10T21:08:31", "id": "OPENSUSE-SU-2012:0981-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00004.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:57:23", "description": "The icedtea-web Java browser plugin was updated to 1.2.1 to\n fix security issues and bugs.\n\n * CVE-2012-3422: Potential read from a uninitialized\n memory location has been fixed.\n * CVE-2012-3423: Incorrect handling of not-0 terminated\n strings has been fixed.\n", "cvss3": {}, "published": "2012-08-09T20:08:29", "type": "suse", "title": "Security update for icedtea-web (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-3422", "CVE-2012-3423"], "modified": "2012-08-09T20:08:29", "id": "SUSE-SU-2012:0979-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00003.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-08-19T12:54:46", "description": "This update of icedtea-web fixes several bugs and security issues.", "cvss3": {"score": null, "vector": null}, "published": "2013-06-02T00:00:00", "type": "nessus", "title": "SuSE 11.2 Security Update : icedtea-web (SAT Patch Number 7742)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3422", "CVE-2012-3423", "CVE-2013-1926", "CVE-2013-1927"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:icedtea-web", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_ICEDTEA-WEB-130517.NASL", "href": "https://www.tenable.com/plugins/nessus/66741", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66741);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-3422\", \"CVE-2012-3423\", \"CVE-2013-1926\", \"CVE-2013-1927\");\n\n script_name(english:\"SuSE 11.2 Security Update : icedtea-web (SAT Patch Number 7742)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"This update of icedtea-web fixes several bugs and security issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=818768\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-3422.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-3423.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1926.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1927.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 7742.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:icedtea-web\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, \"SuSE 11.2\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"icedtea-web-1.4-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"icedtea-web-1.4-0.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:49:36", "description": "Changes in icedtea-web with update to 1.4 (bnc#818768) :\n\n - Added cs, de, pl localization\n\n - Splash screen for javaws and plugin\n\n - Better error reporting for plugin via Error-splash-screen\n\n - All IcedTea-Web dialogues are centered to middle of active screen\n\n - Download indicator made compact for more then one jar\n\n - User can select its own JVM via itw-settings and deploy.properties.\n\n - Added extended applets security settings and dialogue\n\n - Security updates\n\n - CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path.\n\n - CVE-2013-1927, RH884705: fixed gifar vulnerabilit\n\n - CVE-2012-3422, RH840592: Potential read from an uninitialized memory location\n\n - CVE-2012-3423, RH841345: Incorrect handling of not 0-terminated strings\n\n - NetX\n\n - PR1027: DownloadService is not supported by IcedTea-Web\n\n - PR725: JNLP applications will prompt for creating desktop shortcuts every time they are run\n\n - PR1292: Javaws does not resolve versioned jar names with periods correctly\n\n - Plugin\n\n - PR1106: Buffer overflow in plugin table-\n\n - PR1166: Embedded JNLP File is not supported in applet tag\n\n - PR1217: Add command line arguments for plugins\n\n - PR1189: Icedtea-plugin requires code attribute when using jnlp_href\n\n - PR1198: JSObject is not passed to JavaScript correctly\n\n - PR1260: IcedTea-Web should not rely on GTK\n\n - PR1157: Applets can hang browser after fatal exception\n\n - PR580: http://www.horaoficial.cl/ loads improperly\n\n - Common\n\n - PR1049: Extension jnlp's signed jar with the content of only META-INF/* is considered\n\n - PR955: regression: SweetHome3D fails to run\n\n - PR1145: IcedTea-Web can cause ClassCircularityError\n\n - PR1161: X509VariableTrustManager does not work correctly with OpenJDK7\n\n - PR822: Applets fail to load if jars have different signers\n\n - PR1186:\n System.getProperty('deployment.user.security.trusted.cac erts') is null\n\n - PR909: The Java applet at http://de.gosupermodel.com/games/wardrobegame.jsp fails\n\n - PR1299: WebStart doesn't read socket proxy settings from firefox correctly", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : icedtea-web (openSUSE-SU-2013:0893-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3422", "CVE-2012-3423", "CVE-2013-1926", "CVE-2013-1927"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:icedtea-web", "p-cpe:/a:novell:opensuse:icedtea-web-debuginfo", "p-cpe:/a:novell:opensuse:icedtea-web-debugsource", "p-cpe:/a:novell:opensuse:icedtea-web-javadoc", "cpe:/o:novell:opensuse:12.2", "cpe:/o:novell:opensuse:12.3"], "id": "OPENSUSE-2013-439.NASL", "href": "https://www.tenable.com/plugins/nessus/75010", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-439.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75010);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-3422\", \"CVE-2012-3423\", \"CVE-2013-1926\", \"CVE-2013-1927\");\n\n script_name(english:\"openSUSE Security Update : icedtea-web (openSUSE-SU-2013:0893-1)\");\n script_summary(english:\"Check for the openSUSE-2013-439 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Changes in icedtea-web with update to 1.4 (bnc#818768) :\n\n - Added cs, de, pl localization\n\n - Splash screen for javaws and plugin\n\n - Better error reporting for plugin via\n Error-splash-screen\n\n - All IcedTea-Web dialogues are centered to middle of\n active screen\n\n - Download indicator made compact for more then one jar\n\n - User can select its own JVM via itw-settings and\n deploy.properties.\n\n - Added extended applets security settings and dialogue\n\n - Security updates\n\n - CVE-2013-1926, RH916774: Class-loader incorrectly shared\n for applets with same relative-path.\n\n - CVE-2013-1927, RH884705: fixed gifar vulnerabilit\n\n - CVE-2012-3422, RH840592: Potential read from an\n uninitialized memory location\n\n - CVE-2012-3423, RH841345: Incorrect handling of not\n 0-terminated strings\n\n - NetX\n\n - PR1027: DownloadService is not supported by IcedTea-Web\n\n - PR725: JNLP applications will prompt for creating\n desktop shortcuts every time they are run\n\n - PR1292: Javaws does not resolve versioned jar names with\n periods correctly\n\n - Plugin\n\n - PR1106: Buffer overflow in plugin table-\n\n - PR1166: Embedded JNLP File is not supported in applet\n tag\n\n - PR1217: Add command line arguments for plugins\n\n - PR1189: Icedtea-plugin requires code attribute when\n using jnlp_href\n\n - PR1198: JSObject is not passed to JavaScript correctly\n\n - PR1260: IcedTea-Web should not rely on GTK\n\n - PR1157: Applets can hang browser after fatal exception\n\n - PR580: http://www.horaoficial.cl/ loads improperly\n\n - Common\n\n - PR1049: Extension jnlp's signed jar with the content of\n only META-INF/* is considered\n\n - PR955: regression: SweetHome3D fails to run\n\n - PR1145: IcedTea-Web can cause ClassCircularityError\n\n - PR1161: X509VariableTrustManager does not work correctly\n with OpenJDK7\n\n - PR822: Applets fail to load if jars have different\n signers\n\n - PR1186:\n System.getProperty('deployment.user.security.trusted.cac\n erts') is null\n\n - PR909: The Java applet at\n http://de.gosupermodel.com/games/wardrobegame.jsp fails\n\n - PR1299: WebStart doesn't read socket proxy settings from\n firefox correctly\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://de.gosupermodel.com/games/wardrobegame.jsp\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.horaoficial.cl/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=818768\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected icedtea-web packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icedtea-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icedtea-web-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icedtea-web-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icedtea-web-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.2|SUSE12\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.2 / 12.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.2\", reference:\"icedtea-web-1.4-1.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"icedtea-web-debuginfo-1.4-1.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"icedtea-web-debugsource-1.4-1.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"icedtea-web-javadoc-1.4-1.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icedtea-web-1.4-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icedtea-web-debuginfo-1.4-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icedtea-web-debugsource-1.4-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icedtea-web-javadoc-1.4-4.14.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-web / icedtea-web-debuginfo / icedtea-web-debugsource / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:57:34", "description": "Updated icedtea-web packages that fix two security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project.\nIt also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations.\n\nAn uninitialized pointer use flaw was found in the IcedTea-Web plug-in. Visiting a malicious web page could possibly cause a web browser using the IcedTea-Web plug-in to crash, disclose a portion of its memory, or execute arbitrary code. (CVE-2012-3422)\n\nIt was discovered that the IcedTea-Web plug-in incorrectly assumed all strings received from the browser were NUL terminated. When using the plug-in with a web browser that does not NUL terminate strings, visiting a web page containing a Java applet could possibly cause the browser to crash, disclose a portion of its memory, or execute arbitrary code. (CVE-2012-3423)\n\nRed Hat would like to thank Chamal De Silva for reporting the CVE-2012-3422 issue.\n\nThis erratum also upgrades IcedTea-Web to version 1.2.1. Refer to the NEWS file, linked to in the References, for further information.\n\nAll IcedTea-Web users should upgrade to these updated packages, which resolve these issues. Web browsers using the IcedTea-Web browser plug-in must be restarted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "RHEL 6 : icedtea-web (RHSA-2012:1132)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3422", "CVE-2012-3423"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:icedtea-web", "p-cpe:/a:redhat:enterprise_linux:icedtea-web-debuginfo", "p-cpe:/a:redhat:enterprise_linux:icedtea-web-javadoc", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.3"], "id": "REDHAT-RHSA-2012-1132.NASL", "href": "https://www.tenable.com/plugins/nessus/61378", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1132. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61378);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-3422\", \"CVE-2012-3423\");\n script_xref(name:\"RHSA\", value:\"2012:1132\");\n\n script_name(english:\"RHEL 6 : icedtea-web (RHSA-2012:1132)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated icedtea-web packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe IcedTea-Web project provides a Java web browser plug-in and an\nimplementation of Java Web Start, which is based on the Netx project.\nIt also contains a configuration tool for managing deployment settings\nfor the plug-in and Web Start implementations.\n\nAn uninitialized pointer use flaw was found in the IcedTea-Web\nplug-in. Visiting a malicious web page could possibly cause a web\nbrowser using the IcedTea-Web plug-in to crash, disclose a portion of\nits memory, or execute arbitrary code. (CVE-2012-3422)\n\nIt was discovered that the IcedTea-Web plug-in incorrectly assumed all\nstrings received from the browser were NUL terminated. When using the\nplug-in with a web browser that does not NUL terminate strings,\nvisiting a web page containing a Java applet could possibly cause the\nbrowser to crash, disclose a portion of its memory, or execute\narbitrary code. (CVE-2012-3423)\n\nRed Hat would like to thank Chamal De Silva for reporting the\nCVE-2012-3422 issue.\n\nThis erratum also upgrades IcedTea-Web to version 1.2.1. Refer to the\nNEWS file, linked to in the References, for further information.\n\nAll IcedTea-Web users should upgrade to these updated packages, which\nresolve these issues. Web browsers using the IcedTea-Web browser\nplug-in must be restarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:1132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3422\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected icedtea-web, icedtea-web-debuginfo and / or\nicedtea-web-javadoc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:icedtea-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:icedtea-web-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:icedtea-web-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:1132\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"icedtea-web-1.2.1-1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"icedtea-web-1.2.1-1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"icedtea-web-debuginfo-1.2.1-1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"icedtea-web-debuginfo-1.2.1-1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"icedtea-web-javadoc-1.2.1-1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"icedtea-web-javadoc-1.2.1-1.el6_3\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-web / icedtea-web-debuginfo / icedtea-web-javadoc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:57:34", "description": "Chamal De Silva discovered that the IcedTea-Web Java web browser plugin could dereference an uninitialized pointer. A remote attacker could use this to craft a malicious web page that could cause a denial of service by crashing the web browser or possibly execute arbitrary code. (CVE-2012-3422)\n\nSteven Bergom and others discovered that the IcedTea-Web Java web browser plugin assumed that all strings provided by browsers are NULL terminated, which is not guaranteed by the NPAPI (Netscape Plugin Application Programming Interface). A remote attacker could use this to craft a malicious Java applet that could cause a denial of service by crashing the web browser, expose sensitive information or possibly execute arbitrary code. (CVE-2012-3423).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : icedtea-web vulnerabilities (USN-1521-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3422", "CVE-2012-3423"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:icedtea-6-plugin", "p-cpe:/a:canonical:ubuntu_linux:icedtea-7-plugin", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-1521-1.NASL", "href": "https://www.tenable.com/plugins/nessus/61380", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1521-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61380);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2012-3422\", \"CVE-2012-3423\");\n script_xref(name:\"USN\", value:\"1521-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : icedtea-web vulnerabilities (USN-1521-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chamal De Silva discovered that the IcedTea-Web Java web browser\nplugin could dereference an uninitialized pointer. A remote attacker\ncould use this to craft a malicious web page that could cause a denial\nof service by crashing the web browser or possibly execute arbitrary\ncode. (CVE-2012-3422)\n\nSteven Bergom and others discovered that the IcedTea-Web Java web\nbrowser plugin assumed that all strings provided by browsers are NULL\nterminated, which is not guaranteed by the NPAPI (Netscape Plugin\nApplication Programming Interface). A remote attacker could use this\nto craft a malicious Java applet that could cause a denial of service\nby crashing the web browser, expose sensitive information or possibly\nexecute arbitrary code. (CVE-2012-3423).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1521-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected icedtea-6-plugin and / or icedtea-7-plugin\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea-6-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea-7-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|11\\.04|11\\.10|12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 11.04 / 11.10 / 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"icedtea-6-plugin\", pkgver:\"1.2-2ubuntu0.10.04.2\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"icedtea-6-plugin\", pkgver:\"1.2-2ubuntu0.11.04.2\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"icedtea-6-plugin\", pkgver:\"1.2-2ubuntu0.11.10.2\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"icedtea-6-plugin\", pkgver:\"1.2-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"icedtea-7-plugin\", pkgver:\"1.2-2ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-6-plugin / icedtea-7-plugin\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:49:59", "description": "- update to 1.2.1 (bnc#773458)\n\n - Security Updates\n\n - CVE-2012-3422, RH840592: Potential read from an uninitialized memory location\n\n - CVE-2012-3423, RH841345: Incorrect handling of not 0-terminated strings\n\n - NetX\n\n - PR898: signed applications with big jnlp-file doesn't start (webstart affect like 'frozen')\n\n - PR811: javaws is not handling urls with spaces (and other characters needing encoding) correctly\n\n - 816592: icedtea-web not loading GeoGebra java applets in Firefox or Chrome\n\n - Plugin\n\n - PR863: Error passing strings to applet methods in Chromium\n\n - PR895: IcedTea-Web searches for missing classes on each loadClass or findClass\n\n - PR518: NPString.utf8characters not guaranteed to be nul-terminated\n\n - Common\n\n - RH838417: Disambiguate signed applet security prompt from certificate warning\n\n - RH838559: Disambiguate signed applet security prompt from certificate warning", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : icedtea-web (openSUSE-SU-2012:0981-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3422", "CVE-2012-3423"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:icedtea-web", "p-cpe:/a:novell:opensuse:icedtea-web-debuginfo", "p-cpe:/a:novell:opensuse:icedtea-web-debugsource", "p-cpe:/a:novell:opensuse:icedtea-web-javadoc", "cpe:/o:novell:opensuse:12.1"], "id": "OPENSUSE-2012-512.NASL", "href": "https://www.tenable.com/plugins/nessus/74711", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-512.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74711);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-3422\", \"CVE-2012-3423\");\n\n script_name(english:\"openSUSE Security Update : icedtea-web (openSUSE-SU-2012:0981-1)\");\n script_summary(english:\"Check for the openSUSE-2012-512 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - update to 1.2.1 (bnc#773458)\n\n - Security Updates\n\n - CVE-2012-3422, RH840592: Potential read from an\n uninitialized memory location\n\n - CVE-2012-3423, RH841345: Incorrect handling of not\n 0-terminated strings\n\n - NetX\n\n - PR898: signed applications with big jnlp-file doesn't\n start (webstart affect like 'frozen')\n\n - PR811: javaws is not handling urls with spaces (and\n other characters needing encoding) correctly\n\n - 816592: icedtea-web not loading GeoGebra java applets in\n Firefox or Chrome\n\n - Plugin\n\n - PR863: Error passing strings to applet methods in\n Chromium\n\n - PR895: IcedTea-Web searches for missing classes on each\n loadClass or findClass\n\n - PR518: NPString.utf8characters not guaranteed to be\n nul-terminated\n\n - Common\n\n - RH838417: Disambiguate signed applet security prompt\n from certificate warning\n\n - RH838559: Disambiguate signed applet security prompt\n from certificate warning\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=773458\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-08/msg00021.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected icedtea-web packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icedtea-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icedtea-web-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icedtea-web-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icedtea-web-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"icedtea-web-1.2.1-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"icedtea-web-debuginfo-1.2.1-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"icedtea-web-debugsource-1.2.1-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"icedtea-web-javadoc-1.2.1-6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-web\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:53:49", "description": "From Red Hat Security Advisory 2012:1132 :\n\nUpdated icedtea-web packages that fix two security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project.\nIt also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations.\n\nAn uninitialized pointer use flaw was found in the IcedTea-Web plug-in. Visiting a malicious web page could possibly cause a web browser using the IcedTea-Web plug-in to crash, disclose a portion of its memory, or execute arbitrary code. (CVE-2012-3422)\n\nIt was discovered that the IcedTea-Web plug-in incorrectly assumed all strings received from the browser were NUL terminated. When using the plug-in with a web browser that does not NUL terminate strings, visiting a web page containing a Java applet could possibly cause the browser to crash, disclose a portion of its memory, or execute arbitrary code. (CVE-2012-3423)\n\nRed Hat would like to thank Chamal De Silva for reporting the CVE-2012-3422 issue.\n\nThis erratum also upgrades IcedTea-Web to version 1.2.1. Refer to the NEWS file, linked to in the References, for further information.\n\nAll IcedTea-Web users should upgrade to these updated packages, which resolve these issues. Web browsers using the IcedTea-Web browser plug-in must be restarted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : icedtea-web (ELSA-2012-1132)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3422", "CVE-2012-3423"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:icedtea-web", "p-cpe:/a:oracle:linux:icedtea-web-javadoc", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2012-1132.NASL", "href": "https://www.tenable.com/plugins/nessus/68590", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:1132 and \n# Oracle Linux Security Advisory ELSA-2012-1132 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68590);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-3422\", \"CVE-2012-3423\");\n script_xref(name:\"RHSA\", value:\"2012:1132\");\n\n script_name(english:\"Oracle Linux 6 : icedtea-web (ELSA-2012-1132)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:1132 :\n\nUpdated icedtea-web packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe IcedTea-Web project provides a Java web browser plug-in and an\nimplementation of Java Web Start, which is based on the Netx project.\nIt also contains a configuration tool for managing deployment settings\nfor the plug-in and Web Start implementations.\n\nAn uninitialized pointer use flaw was found in the IcedTea-Web\nplug-in. Visiting a malicious web page could possibly cause a web\nbrowser using the IcedTea-Web plug-in to crash, disclose a portion of\nits memory, or execute arbitrary code. (CVE-2012-3422)\n\nIt was discovered that the IcedTea-Web plug-in incorrectly assumed all\nstrings received from the browser were NUL terminated. When using the\nplug-in with a web browser that does not NUL terminate strings,\nvisiting a web page containing a Java applet could possibly cause the\nbrowser to crash, disclose a portion of its memory, or execute\narbitrary code. (CVE-2012-3423)\n\nRed Hat would like to thank Chamal De Silva for reporting the\nCVE-2012-3422 issue.\n\nThis erratum also upgrades IcedTea-Web to version 1.2.1. Refer to the\nNEWS file, linked to in the References, for further information.\n\nAll IcedTea-Web users should upgrade to these updated packages, which\nresolve these issues. Web browsers using the IcedTea-Web browser\nplug-in must be restarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-July/002965.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected icedtea-web packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:icedtea-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:icedtea-web-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"icedtea-web-1.2.1-1.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"icedtea-web-javadoc-1.2.1-1.el6_3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-web / icedtea-web-javadoc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:56:21", "description": "The icedtea-web Java browser plugin was updated to 1.2.1 to fix security issues and bugs.\n\n - Potential read from a uninitialized memory location has been fixed. (CVE-2012-3422)\n\n - Incorrect handling of not-0 terminated strings has been fixed. (CVE-2012-3423)", "cvss3": {"score": null, "vector": null}, "published": "2013-01-25T00:00:00", "type": "nessus", "title": "SuSE 11.1 / 11.2 Security Update : icedtea-web (SAT Patch Numbers 6621 / 6626)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3422", "CVE-2012-3423"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:icedtea-web", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_ICEDTEA-WEB-120802.NASL", "href": "https://www.tenable.com/plugins/nessus/64155", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64155);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-3422\", \"CVE-2012-3423\");\n\n script_name(english:\"SuSE 11.1 / 11.2 Security Update : icedtea-web (SAT Patch Numbers 6621 / 6626)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The icedtea-web Java browser plugin was updated to 1.2.1 to fix\nsecurity issues and bugs.\n\n - Potential read from a uninitialized memory location has\n been fixed. (CVE-2012-3422)\n\n - Incorrect handling of not-0 terminated strings has been\n fixed. (CVE-2012-3423)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=773458\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-3422.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-3423.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 6621 / 6626 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:icedtea-web\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"icedtea-web-1.2.1-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"icedtea-web-1.2.1-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"icedtea-web-1.2.1-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"icedtea-web-1.2.1-0.7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:53:44", "description": "Updated icedtea-web packages that fix two security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project.\nIt also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations.\n\nAn uninitialized pointer use flaw was found in the IcedTea-Web plug-in. Visiting a malicious web page could possibly cause a web browser using the IcedTea-Web plug-in to crash, disclose a portion of its memory, or execute arbitrary code. (CVE-2012-3422)\n\nIt was discovered that the IcedTea-Web plug-in incorrectly assumed all strings received from the browser were NUL terminated. When using the plug-in with a web browser that does not NUL terminate strings, visiting a web page containing a Java applet could possibly cause the browser to crash, disclose a portion of its memory, or execute arbitrary code. (CVE-2012-3423)\n\nRed Hat would like to thank Chamal De Silva for reporting the CVE-2012-3422 issue.\n\nThis erratum also upgrades IcedTea-Web to version 1.2.1. Refer to the NEWS file, linked to in the References, for further information.\n\nAll IcedTea-Web users should upgrade to these updated packages, which resolve these issues. Web browsers using the IcedTea-Web browser plug-in must be restarted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2013-06-29T00:00:00", "type": "nessus", "title": "CentOS 6 : icedtea-web (CESA-2012:1132)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3422", "CVE-2012-3423"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:icedtea-web", "p-cpe:/a:centos:centos:icedtea-web-javadoc", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2012-1132.NASL", "href": "https://www.tenable.com/plugins/nessus/67094", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1132 and \n# CentOS Errata and Security Advisory 2012:1132 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67094);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2012-3422\", \"CVE-2012-3423\");\n script_xref(name:\"RHSA\", value:\"2012:1132\");\n\n script_name(english:\"CentOS 6 : icedtea-web (CESA-2012:1132)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated icedtea-web packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe IcedTea-Web project provides a Java web browser plug-in and an\nimplementation of Java Web Start, which is based on the Netx project.\nIt also contains a configuration tool for managing deployment settings\nfor the plug-in and Web Start implementations.\n\nAn uninitialized pointer use flaw was found in the IcedTea-Web\nplug-in. Visiting a malicious web page could possibly cause a web\nbrowser using the IcedTea-Web plug-in to crash, disclose a portion of\nits memory, or execute arbitrary code. (CVE-2012-3422)\n\nIt was discovered that the IcedTea-Web plug-in incorrectly assumed all\nstrings received from the browser were NUL terminated. When using the\nplug-in with a web browser that does not NUL terminate strings,\nvisiting a web page containing a Java applet could possibly cause the\nbrowser to crash, disclose a portion of its memory, or execute\narbitrary code. (CVE-2012-3423)\n\nRed Hat would like to thank Chamal De Silva for reporting the\nCVE-2012-3422 issue.\n\nThis erratum also upgrades IcedTea-Web to version 1.2.1. Refer to the\nNEWS file, linked to in the References, for further information.\n\nAll IcedTea-Web users should upgrade to these updated packages, which\nresolve these issues. Web browsers using the IcedTea-Web browser\nplug-in must be restarted for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-July/018778.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e5105b43\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected icedtea-web packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-3423\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:icedtea-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:icedtea-web-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"icedtea-web-1.2.1-1.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"icedtea-web-javadoc-1.2.1-1.el6_3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-web / icedtea-web-javadoc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:57:16", "description": "Multiple vulnerabilities has been discovered and corrected in icedtea-web :\n\nAn uninitialized pointer use flaw was found in IcedTea-Web web browser plugin. A malicious web page could use this flaw make IcedTea-Web browser plugin pass invalid pointer to a web browser. Depending on the browser used, it may cause the browser to crash or possibly execute arbitrary code (CVE-2012-3422).\n\nIt was discovered that the IcedTea-Web web browser plugin incorrectly assumed that all strings provided by browser are NUL terminated, which is not guaranteed by the NPAPI (Netscape Plugin Application Programming Interface). When used in a browser that does not NUL terminate NPVariant NPStrings, this could lead to buffer over-read or over-write, resulting in possible information leak, crash, or code execution (CVE-2012-3423).\n\nThe updated packages have been upgraded to the 1.1.6 version which is not affected by these issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-09-06T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : icedtea-web (MDVSA-2012:122)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3422", "CVE-2012-3423"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:icedtea-web", "p-cpe:/a:mandriva:linux:icedtea-web-javadoc", "cpe:/o:mandriva:linux:2011"], "id": "MANDRIVA_MDVSA-2012-122.NASL", "href": "https://www.tenable.com/plugins/nessus/61972", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:122. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61972);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-3422\", \"CVE-2012-3423\");\n script_bugtraq_id(54762);\n script_xref(name:\"MDVSA\", value:\"2012:122\");\n\n script_name(english:\"Mandriva Linux Security Advisory : icedtea-web (MDVSA-2012:122)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been discovered and corrected in\nicedtea-web :\n\nAn uninitialized pointer use flaw was found in IcedTea-Web web browser\nplugin. A malicious web page could use this flaw make IcedTea-Web\nbrowser plugin pass invalid pointer to a web browser. Depending on the\nbrowser used, it may cause the browser to crash or possibly execute\narbitrary code (CVE-2012-3422).\n\nIt was discovered that the IcedTea-Web web browser plugin incorrectly\nassumed that all strings provided by browser are NUL terminated, which\nis not guaranteed by the NPAPI (Netscape Plugin Application\nProgramming Interface). When used in a browser that does not NUL\nterminate NPVariant NPStrings, this could lead to buffer over-read or\nover-write, resulting in possible information leak, crash, or code\nexecution (CVE-2012-3423).\n\nThe updated packages have been upgraded to the 1.1.6 version which is\nnot affected by these issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected icedtea-web and / or icedtea-web-javadoc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:icedtea-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:icedtea-web-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2011\", reference:\"icedtea-web-1.1.6-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"icedtea-web-javadoc-1.1.6-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:57:51", "description": "The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project.\nIt also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations.\n\nAn uninitialized pointer use flaw was found in the IcedTea-Web plug-in. Visiting a malicious web page could possibly cause a web browser using the IcedTea-Web plug-in to crash, disclose a portion of its memory, or execute arbitrary code. (CVE-2012-3422)\n\nIt was discovered that the IcedTea-Web plug-in incorrectly assumed all strings received from the browser were NUL terminated. When using the plug-in with a web browser that does not NUL terminate strings, visiting a web page containing a Java applet could possibly cause the browser to crash, disclose a portion of its memory, or execute arbitrary code. (CVE-2012-3423)\n\nThis erratum also upgrades IcedTea-Web to version 1.2.1.\n\nAll IcedTea-Web users should upgrade to these updated packages, which resolve these issues. Web browsers using the IcedTea-Web browser plug-in must be restarted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-03T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : icedtea-web on SL6.x i386/x86_64 (20120731)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3422", "CVE-2012-3423"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:icedtea-web", "p-cpe:/a:fermilab:scientific_linux:icedtea-web-debuginfo", "p-cpe:/a:fermilab:scientific_linux:icedtea-web-javadoc", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20120731_ICEDTEA_WEB_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61406", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61406);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-3422\", \"CVE-2012-3423\");\n\n script_name(english:\"Scientific Linux Security Update : icedtea-web on SL6.x i386/x86_64 (20120731)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The IcedTea-Web project provides a Java web browser plug-in and an\nimplementation of Java Web Start, which is based on the Netx project.\nIt also contains a configuration tool for managing deployment settings\nfor the plug-in and Web Start implementations.\n\nAn uninitialized pointer use flaw was found in the IcedTea-Web\nplug-in. Visiting a malicious web page could possibly cause a web\nbrowser using the IcedTea-Web plug-in to crash, disclose a portion of\nits memory, or execute arbitrary code. (CVE-2012-3422)\n\nIt was discovered that the IcedTea-Web plug-in incorrectly assumed all\nstrings received from the browser were NUL terminated. When using the\nplug-in with a web browser that does not NUL terminate strings,\nvisiting a web page containing a Java applet could possibly cause the\nbrowser to crash, disclose a portion of its memory, or execute\narbitrary code. (CVE-2012-3423)\n\nThis erratum also upgrades IcedTea-Web to version 1.2.1.\n\nAll IcedTea-Web users should upgrade to these updated packages, which\nresolve these issues. Web browsers using the IcedTea-Web browser\nplug-in must be restarted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1208&L=scientific-linux-errata&T=0&P=77\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?791f8840\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected icedtea-web, icedtea-web-debuginfo and / or\nicedtea-web-javadoc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:icedtea-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:icedtea-web-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:icedtea-web-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"icedtea-web-1.2.1-1.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"icedtea-web-debuginfo-1.2.1-1.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"icedtea-web-javadoc-1.2.1-1.el6_3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-web / icedtea-web-debuginfo / icedtea-web-javadoc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:57:02", "description": "This update brings IcedTea-Web 1.3 to Fedora. From Red Hat Bugzilla, it fixes rhbz#720836. Additionally, it provides numerous other bug fixes and enhancements, many of which are listed here :\n\nhttps://dbhole.wordpress.com/2012/09/05/icedtea-web-1-3-released/\n\n - Updated to 1.2.1\n\n - Resolves: RH840592/CVE-2012-3422\n\n - Resolves: RH841345/CVE-2012-3423\n\n - Updated to 1.2.1\n\n - Resolves: RH840592/CVE-2012-3422\n\n - Resolves: RH841345/CVE-2012-3423\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-09-24T00:00:00", "type": "nessus", "title": "Fedora 17 : icedtea-web-1.3-1.fc17 (2012-14316)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3422", "CVE-2012-3423"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:icedtea-web", "cpe:/o:fedoraproject:fedora:17"], "id": "FEDORA_2012-14316.NASL", "href": "https://www.tenable.com/plugins/nessus/62232", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-14316.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62232);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-3422\", \"CVE-2012-3423\");\n script_bugtraq_id(54762);\n script_xref(name:\"FEDORA\", value:\"2012-14316\");\n\n script_name(english:\"Fedora 17 : icedtea-web-1.3-1.fc17 (2012-14316)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings IcedTea-Web 1.3 to Fedora. From Red Hat Bugzilla,\nit fixes rhbz#720836. Additionally, it provides numerous other bug\nfixes and enhancements, many of which are listed here :\n\nhttps://dbhole.wordpress.com/2012/09/05/icedtea-web-1-3-released/\n\n - Updated to 1.2.1\n\n - Resolves: RH840592/CVE-2012-3422\n\n - Resolves: RH841345/CVE-2012-3423\n\n - Updated to 1.2.1\n\n - Resolves: RH840592/CVE-2012-3422\n\n - Resolves: RH841345/CVE-2012-3423\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=840592\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=841345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dbhole.wordpress.com/2012/09/05/icedtea-web-1-3-released/\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-September/087631.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6dcabfb4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected icedtea-web package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:icedtea-web\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"icedtea-web-1.3-1.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-web\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:56:53", "description": "This update brings IcedTea-Web 1.3 to Fedora. From Red Hat Bugzilla, it fixes rhbz#720836. Additionally, it provides numerous other bug fixes and enhancements, many of which are listed here :\n\nhttps://dbhole.wordpress.com/2012/09/05/icedtea-web-1-3-released/\n\n - Updated to 1.2.1\n\n - Resolves: RH840592/CVE-2012-3422\n\n - Resolves: RH841345/CVE-2012-3423\n\n - Updated to 1.2.1\n\n - Resolves: RH840592/CVE-2012-3422\n\n - Resolves: RH841345/CVE-2012-3423\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-09-26T00:00:00", "type": "nessus", "title": "Fedora 18 : icedtea-web-1.3-1.fc18 (2012-14370)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3422", "CVE-2012-3423"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:icedtea-web", "cpe:/o:fedoraproject:fedora:18"], "id": "FEDORA_2012-14370.NASL", "href": "https://www.tenable.com/plugins/nessus/62296", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-14370.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62296);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-3422\", \"CVE-2012-3423\");\n script_bugtraq_id(54762);\n script_xref(name:\"FEDORA\", value:\"2012-14370\");\n\n script_name(english:\"Fedora 18 : icedtea-web-1.3-1.fc18 (2012-14370)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings IcedTea-Web 1.3 to Fedora. From Red Hat Bugzilla,\nit fixes rhbz#720836. Additionally, it provides numerous other bug\nfixes and enhancements, many of which are listed here :\n\nhttps://dbhole.wordpress.com/2012/09/05/icedtea-web-1-3-released/\n\n - Updated to 1.2.1\n\n - Resolves: RH840592/CVE-2012-3422\n\n - Resolves: RH841345/CVE-2012-3423\n\n - Updated to 1.2.1\n\n - Resolves: RH840592/CVE-2012-3422\n\n - Resolves: RH841345/CVE-2012-3423\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=840592\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=841345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dbhole.wordpress.com/2012/09/05/icedtea-web-1-3-released/\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-September/088090.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f111f589\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected icedtea-web package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:icedtea-web\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"icedtea-web-1.3-1.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-web\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:57:29", "description": "The IcedTea project team reports :\n\nCVE-2012-3422: Use of uninitialized instance pointers\n\nAn uninitialized pointer use flaw was found in IcedTea-Web web browser plugin. A malicious web page could use this flaw make IcedTea-Web browser plugin pass invalid pointer to a web browser. Depending on the browser used, it may cause the browser to crash or possibly execute arbitrary code.\n\nThe get_cookie_info() and get_proxy_info() call getFirstInTableInstance() with the instance_to_id_map hash as a parameter. If instance_to_id_map is empty (which can happen when plugin was recently removed), getFirstInTableInstance() returns an uninitialized pointer.\n\nCVE-2012-3423: Incorrect handling of non 0-terminated strings\n\nIt was discovered that the IcedTea-Web web browser plugin incorrectly assumed that all strings provided by browser are NUL terminated, which is not guaranteed by the NPAPI (Netscape Plugin Application Programming Interface). When used in a browser that does not NUL terminate NPVariant NPStrings, this could lead to buffer over-read or over-write, resulting in possible information leak, crash, or code execution.\n\nMozilla browsers currently NUL terminate strings, however recent Chrome versions are known not to provide NUL terminated data.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-14T00:00:00", "type": "nessus", "title": "FreeBSD : Several vulnerabilities found in IcedTea-Web (55b498e2-e56c-11e1-bbd5-001c25e46b1d)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3422", "CVE-2012-3423"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:icedtea-web", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_55B498E2E56C11E1BBD5001C25E46B1D.NASL", "href": "https://www.tenable.com/plugins/nessus/61522", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61522);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-3422\", \"CVE-2012-3423\");\n\n script_name(english:\"FreeBSD : Several vulnerabilities found in IcedTea-Web (55b498e2-e56c-11e1-bbd5-001c25e46b1d)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The IcedTea project team reports :\n\nCVE-2012-3422: Use of uninitialized instance pointers\n\nAn uninitialized pointer use flaw was found in IcedTea-Web web browser\nplugin. A malicious web page could use this flaw make IcedTea-Web\nbrowser plugin pass invalid pointer to a web browser. Depending on the\nbrowser used, it may cause the browser to crash or possibly execute\narbitrary code.\n\nThe get_cookie_info() and get_proxy_info() call\ngetFirstInTableInstance() with the instance_to_id_map hash as a\nparameter. If instance_to_id_map is empty (which can happen when\nplugin was recently removed), getFirstInTableInstance() returns an\nuninitialized pointer.\n\nCVE-2012-3423: Incorrect handling of non 0-terminated strings\n\nIt was discovered that the IcedTea-Web web browser plugin incorrectly\nassumed that all strings provided by browser are NUL terminated, which\nis not guaranteed by the NPAPI (Netscape Plugin Application\nProgramming Interface). When used in a browser that does not NUL\nterminate NPVariant NPStrings, this could lead to buffer over-read or\nover-write, resulting in possible information leak, crash, or code\nexecution.\n\nMozilla browsers currently NUL terminate strings, however recent\nChrome versions are known not to provide NUL terminated data.\"\n );\n # http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-July/019580.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8f9c1f1b\"\n );\n # https://vuxml.freebsd.org/freebsd/55b498e2-e56c-11e1-bbd5-001c25e46b1d.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?890ac3b4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:icedtea-web\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/07/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"icedtea-web<1.2.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:49:46", "description": "This update of icedtea-web fixed multiple hewap buffer overflows.", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : icedtea-web (openSUSE-SU-2012:0982-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3422", "CVE-2012-3423"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:icedtea-web", "p-cpe:/a:novell:opensuse:icedtea-web-debuginfo", "p-cpe:/a:novell:opensuse:icedtea-web-debugsource", "p-cpe:/a:novell:opensuse:icedtea-web-javadoc", "cpe:/o:novell:opensuse:12.1"], "id": "OPENSUSE-2012-513.NASL", "href": "https://www.tenable.com/plugins/nessus/74712", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-513.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74712);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-3422\", \"CVE-2012-3423\");\n\n script_name(english:\"openSUSE Security Update : icedtea-web (openSUSE-SU-2012:0982-1)\");\n script_summary(english:\"Check for the openSUSE-2012-513 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"This update of icedtea-web fixed multiple hewap buffer overflows.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=773458\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-08/msg00022.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected icedtea-web packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icedtea-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icedtea-web-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icedtea-web-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icedtea-web-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"icedtea-web-1.2.1-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"icedtea-web-debuginfo-1.2.1-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"icedtea-web-debugsource-1.2.1-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"icedtea-web-javadoc-1.2.1-10.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-web / icedtea-web-debuginfo / icedtea-web-debugsource / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:53:55", "description": "From Red Hat Security Advisory 2013:0753 :\n\nUpdated icedtea-web packages that fix two security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project.\nIt also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations.\n\nIt was discovered that the IcedTea-Web plug-in incorrectly used the same class loader instance for applets with the same value of the codebase attribute, even when they originated from different domains.\nA malicious applet could use this flaw to gain information about and possibly manipulate applets from different domains currently running in the browser. (CVE-2013-1926)\n\nThe IcedTea-Web plug-in did not properly check the format of the downloaded Java Archive (JAR) files. This could cause the plug-in to execute code hidden in a file in a different format, possibly allowing attackers to execute code in the context of websites that allow uploads of specific file types, known as a GIFAR attack.\n(CVE-2013-1927)\n\nThe CVE-2013-1926 issue was discovered by Jiri Vanek of the Red Hat OpenJDK Team, and CVE-2013-1927 was discovered by the Red Hat Security Response Team.\n\nThis erratum also upgrades IcedTea-Web to version 1.2.3. Refer to the NEWS file, linked to in the References, for further information.\n\nAll IcedTea-Web users should upgrade to these updated packages, which resolve these issues. Web browsers using the IcedTea-Web browser plug-in must be restarted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : icedtea-web (ELSA-2013-0753)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1926", "CVE-2013-1927"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:icedtea-web", "p-cpe:/a:oracle:linux:icedtea-web-javadoc", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2013-0753.NASL", "href": "https://www.tenable.com/plugins/nessus/68813", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:0753 and \n# Oracle Linux Security Advisory ELSA-2013-0753 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68813);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-1926\", \"CVE-2013-1927\");\n script_bugtraq_id(59281, 59286);\n script_xref(name:\"RHSA\", value:\"2013:0753\");\n\n script_name(english:\"Oracle Linux 6 : icedtea-web (ELSA-2013-0753)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:0753 :\n\nUpdated icedtea-web packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe IcedTea-Web project provides a Java web browser plug-in and an\nimplementation of Java Web Start, which is based on the Netx project.\nIt also contains a configuration tool for managing deployment settings\nfor the plug-in and Web Start implementations.\n\nIt was discovered that the IcedTea-Web plug-in incorrectly used the\nsame class loader instance for applets with the same value of the\ncodebase attribute, even when they originated from different domains.\nA malicious applet could use this flaw to gain information about and\npossibly manipulate applets from different domains currently running\nin the browser. (CVE-2013-1926)\n\nThe IcedTea-Web plug-in did not properly check the format of the\ndownloaded Java Archive (JAR) files. This could cause the plug-in to\nexecute code hidden in a file in a different format, possibly allowing\nattackers to execute code in the context of websites that allow\nuploads of specific file types, known as a GIFAR attack.\n(CVE-2013-1927)\n\nThe CVE-2013-1926 issue was discovered by Jiri Vanek of the Red Hat\nOpenJDK Team, and CVE-2013-1927 was discovered by the Red Hat Security\nResponse Team.\n\nThis erratum also upgrades IcedTea-Web to version 1.2.3. Refer to the\nNEWS file, linked to in the References, for further information.\n\nAll IcedTea-Web users should upgrade to these updated packages, which\nresolve these issues. Web browsers using the IcedTea-Web browser\nplug-in must be restarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-April/003415.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected icedtea-web packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:icedtea-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:icedtea-web-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"icedtea-web-1.2.3-2.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"icedtea-web-javadoc-1.2.3-2.el6_4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-web / icedtea-web-javadoc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:55:20", "description": "Jiri Vanek discovered that IcedTea-Web would use the same classloader for applets from different domains. A remote attacker could exploit this to expose sensitive information or potentially manipulate applets from other domains. (CVE-2013-1926)\n\nIt was discovered that IcedTea-Web did not properly verify JAR files and was susceptible to the GIFAR attack. If a user were tricked into opening a malicious website, a remote attacker could potentially exploit this to execute code under certain circumstances.\n(CVE-2013-1927).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2013-04-19T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : icedtea-web vulnerabilities (USN-1804-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1926", "CVE-2013-1927"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:icedtea-netx", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:12.10"], "id": "UBUNTU_USN-1804-1.NASL", "href": "https://www.tenable.com/plugins/nessus/66032", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1804-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(66032);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/09/19 12:54:29\");\n\n script_cve_id(\"CVE-2013-1926\", \"CVE-2013-1927\");\n script_xref(name:\"USN\", value:\"1804-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : icedtea-web vulnerabilities (USN-1804-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jiri Vanek discovered that IcedTea-Web would use the same classloader\nfor applets from different domains. A remote attacker could exploit\nthis to expose sensitive information or potentially manipulate applets\nfrom other domains. (CVE-2013-1926)\n\nIt was discovered that IcedTea-Web did not properly verify JAR files\nand was susceptible to the GIFAR attack. If a user were tricked into\nopening a malicious website, a remote attacker could potentially\nexploit this to execute code under certain circumstances.\n(CVE-2013-1927).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1804-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected icedtea-netx package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea-netx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|11\\.10|12\\.04|12\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 11.10 / 12.04 / 12.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"icedtea-netx\", pkgver:\"1.2.3-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"icedtea-netx\", pkgver:\"1.2.3-0ubuntu0.11.10.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"icedtea-netx\", pkgver:\"1.2.3-0ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"icedtea-netx\", pkgver:\"1.3.2-1ubuntu0.12.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-netx\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:49:40", "description": "- update to 1.3.2 (bnc#815596) \n\n - Security Updates\n\n - CVE-2013-1927, RH884705: fixed gifar vulnerability\n\n - CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path.\n\n - Common\n\n - Added new option in itw-settings which allows users to set JVM arguments when plugin is initialized.\n\n - NetX\n\n - PR580: http://www.horaoficial.cl/ loads improperly\n\n - Plugin\n\n - PR1260: IcedTea-Web should not rely on GTK obsoletes icedtea-web-remove-gtk-dep.patch\n\n - PR1157: Applets can hang browser after fatal exception\n\n - Add icedtea-web-remove-gtk-dep.patch, build icedtea-web without GTK. Plugin now works in both gtk2 and gtk3 based browsers.\n\n - limit the provides/obsoletes to architectures, where\n -plugin package existed and don't pollute shiny new arm with an old garbage\n\n - handle the package renaming on arm properly", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : icedtea-web (openSUSE-SU-2013:0715-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1926", "CVE-2013-1927"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:icedtea-web", "p-cpe:/a:novell:opensuse:icedtea-web-debuginfo", "p-cpe:/a:novell:opensuse:icedtea-web-debugsource", "p-cpe:/a:novell:opensuse:icedtea-web-javadoc", "cpe:/o:novell:opensuse:12.2"], "id": "OPENSUSE-2013-371.NASL", "href": "https://www.tenable.com/plugins/nessus/74979", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-371.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74979);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-1926\", \"CVE-2013-1927\");\n\n script_name(english:\"openSUSE Security Update : icedtea-web (openSUSE-SU-2013:0715-1)\");\n script_summary(english:\"Check for the openSUSE-2013-371 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - update to 1.3.2 (bnc#815596) \n\n - Security Updates\n\n - CVE-2013-1927, RH884705: fixed gifar vulnerability\n\n - CVE-2013-1926, RH916774: Class-loader incorrectly shared\n for applets with same relative-path.\n\n - Common\n\n - Added new option in itw-settings which allows users to\n set JVM arguments when plugin is initialized.\n\n - NetX\n\n - PR580: http://www.horaoficial.cl/ loads improperly\n\n - Plugin\n\n - PR1260: IcedTea-Web should not rely on GTK obsoletes\n icedtea-web-remove-gtk-dep.patch\n\n - PR1157: Applets can hang browser after fatal exception\n\n - Add icedtea-web-remove-gtk-dep.patch, build icedtea-web\n without GTK. Plugin now works in both gtk2 and gtk3\n based browsers.\n\n - limit the provides/obsoletes to architectures, where\n -plugin package existed and don't pollute shiny new arm\n with an old garbage\n\n - handle the package renaming on arm properly\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.horaoficial.cl/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=815596\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected icedtea-web packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icedtea-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icedtea-web-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icedtea-web-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icedtea-web-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.2\", reference:\"icedtea-web-1.3.2-1.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"icedtea-web-debuginfo-1.3.2-1.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"icedtea-web-debugsource-1.3.2-1.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"icedtea-web-javadoc-1.3.2-1.13.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-web / icedtea-web-debuginfo / icedtea-web-debugsource / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:55:25", "description": "USN-1804-1 fixed vulnerabilities in IcedTea-Web. This update introduced a regression with the Java Network Launching Protocol (JNLP) when fetching content over SSL under certain configurations, such as when using the community-supported IcedTead 7 browser plugin.\nThis update fixes the problem.\n\nWe apologize for the inconvenience.\n\nJiri Vanek discovered that IcedTea-Web would use the same classloader for applets from different domains. A remote attacker could exploit this to expose sensitive information or potentially manipulate applets from other domains. (CVE-2013-1926)\n\nIt was discovered that IcedTea-Web did not properly verify JAR files and was susceptible to the GIFAR attack. If a user were tricked into opening a malicious website, a remote attacker could potentially exploit this to execute code under certain circumstances. (CVE-2013-1927).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2013-04-24T00:00:00", "type": "nessus", "title": "Ubuntu 11.10 / 12.04 LTS : icedtea-web regression (USN-1804-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1926", "CVE-2013-1927"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:icedtea-7-plugin", "p-cpe:/a:canonical:ubuntu_linux:icedtea-netx", "cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-1804-2.NASL", "href": "https://www.tenable.com/plugins/nessus/66199", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1804-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(66199);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/09/19 12:54:29\");\n\n script_cve_id(\"CVE-2013-1926\", \"CVE-2013-1927\");\n script_bugtraq_id(59281, 59286);\n script_xref(name:\"USN\", value:\"1804-2\");\n\n script_name(english:\"Ubuntu 11.10 / 12.04 LTS : icedtea-web regression (USN-1804-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-1804-1 fixed vulnerabilities in IcedTea-Web. This update\nintroduced a regression with the Java Network Launching Protocol\n(JNLP) when fetching content over SSL under certain configurations,\nsuch as when using the community-supported IcedTead 7 browser plugin.\nThis update fixes the problem.\n\nWe apologize for the inconvenience.\n\nJiri Vanek discovered that IcedTea-Web would use the same classloader\nfor applets from different domains. A remote attacker could exploit\nthis to expose sensitive information or potentially manipulate applets\nfrom other domains. (CVE-2013-1926)\n\nIt was discovered that IcedTea-Web did not properly verify\nJAR files and was susceptible to the GIFAR attack. If a user\nwere tricked into opening a malicious website, a remote\nattacker could potentially exploit this to execute code\nunder certain circumstances. (CVE-2013-1927).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1804-2/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected icedtea-7-plugin and / or icedtea-netx packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea-7-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea-netx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(11\\.10|12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 11.10 / 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"11.10\", pkgname:\"icedtea-netx\", pkgver:\"1.2.3-0ubuntu0.11.10.2\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"icedtea-7-plugin\", pkgver:\"1.2.3-0ubuntu0.12.04.2\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"icedtea-netx\", pkgver:\"1.2.3-0ubuntu0.12.04.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-7-plugin / icedtea-netx\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T18:19:18", "description": "- Security Updates\n\n - CVE-2013-1927, RH884705: fixed gifar vulnerability\n\n - CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path.\n\n - Common\n\n - Added new option in itw-settings which allows users to set JVM arguments when plugin is initialized.\n\n - NetX\n\n - PR580: http://www.horaoficial.cl/ loads improperly\n\n - Plugin PR1260: IcedTea-Web should not rely on GTK PR1157: Applets can hang browser after fatal exceptio\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2013-04-20T00:00:00", "type": "nessus", "title": "Fedora 17 : icedtea-web-1.3.2-0.fc17 (2013-5925)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1926", "CVE-2013-1927"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:icedtea-web", "cpe:/o:fedoraproject:fedora:17"], "id": "FEDORA_2013-5925.NASL", "href": "https://www.tenable.com/plugins/nessus/66039", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-5925.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66039);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2013-5925\");\n\n script_name(english:\"Fedora 17 : icedtea-web-1.3.2-0.fc17 (2013-5925)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Security Updates\n\n - CVE-2013-1927, RH884705: fixed gifar vulnerability\n\n - CVE-2013-1926, RH916774: Class-loader incorrectly\n shared for applets with same relative-path.\n\n - Common\n\n - Added new option in itw-settings which allows users to\n set JVM arguments when plugin is initialized.\n\n - NetX\n\n - PR580: http://www.horaoficial.cl/ loads improperly\n\n - Plugin PR1260: IcedTea-Web should not rely on GTK\n PR1157: Applets can hang browser after fatal exceptio\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.horaoficial.cl/\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-April/102100.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c80443f7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected icedtea-web package.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:icedtea-web\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"icedtea-web-1.3.2-0.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-web\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-03-27T18:20:36", "description": "New in release 1.3.2 (2013-04-17) :\n\n - Security Updates\n\n - CVE-2013-1927, RH884705: fixed gifar vulnerability\n\n - CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path.\n\n - Common\n\n - Added new option in itw-settings which allows users to set JVM arguments when plugin is initialized.\n\n - NetX\n\n - PR580: http://www.horaoficial.cl/ loads improperly\n\n - Plugin PR1260: IcedTea-Web should not rely on GTK PR1157: Applets can hang browser after fatal exception\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2013-04-26T00:00:00", "type": "nessus", "title": "Fedora 19 : icedtea-web-1.3.2-0.fc19 (2013-5877)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1926", "CVE-2013-1927"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:icedtea-web", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2013-5877.NASL", "href": "https://www.tenable.com/plugins/nessus/66220", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-5877.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66220);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_bugtraq_id(59281, 59286);\n script_xref(name:\"FEDORA\", value:\"2013-5877\");\n\n script_name(english:\"Fedora 19 : icedtea-web-1.3.2-0.fc19 (2013-5877)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New in release 1.3.2 (2013-04-17) :\n\n - Security Updates\n\n - CVE-2013-1927, RH884705: fixed gifar vulnerability\n\n - CVE-2013-1926, RH916774: Class-loader incorrectly\n shared for applets with same relative-path.\n\n - Common\n\n - Added new option in itw-settings which allows users to\n set JVM arguments when plugin is initialized.\n\n - NetX\n\n - PR580: http://www.horaoficial.cl/ loads improperly\n\n - Plugin PR1260: IcedTea-Web should not rely on GTK\n PR1157: Applets can hang browser after fatal exception\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.horaoficial.cl/\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-April/103617.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?924a8ca6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected icedtea-web package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:icedtea-web\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"icedtea-web-1.3.2-0.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-web\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-03-27T18:20:07", "description": "New in release 1.3.2 (2013-04-17) :\n\n - Security Updates\n\n - CVE-2013-1927, RH884705: fixed gifar vulnerability\n\n - CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path.\n\n - Common\n\n - Added new option in itw-settings which allows users to set JVM arguments when plugin is initialized.\n\n - NetX\n\n - PR580: http://www.horaoficial.cl/ loads improperly\n\n - Plugin PR1260: IcedTea-Web should not rely on GTK PR1157: Applets can hang browser after fatal exception\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2013-04-18T00:00:00", "type": "nessus", "title": "Fedora 18 : icedtea-web-1.3.2-0.fc18 (2013-5962)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1926", "CVE-2013-1927"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:icedtea-web", "cpe:/o:fedoraproject:fedora:18"], "id": "FEDORA_2013-5962.NASL", "href": "https://www.tenable.com/plugins/nessus/66011", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-5962.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66011);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2013-5962\");\n\n script_name(english:\"Fedora 18 : icedtea-web-1.3.2-0.fc18 (2013-5962)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New in release 1.3.2 (2013-04-17) :\n\n - Security Updates\n\n - CVE-2013-1927, RH884705: fixed gifar vulnerability\n\n - CVE-2013-1926, RH916774: Class-loader incorrectly\n shared for applets with same relative-path.\n\n - Common\n\n - Added new option in itw-settings which allows users to\n set JVM arguments when plugin is initialized.\n\n - NetX\n\n - PR580: http://www.horaoficial.cl/ loads improperly\n\n - Plugin PR1260: IcedTea-Web should not rely on GTK\n PR1157: Applets can hang browser after fatal exception\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.horaoficial.cl/\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-April/102069.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?aff0e944\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected icedtea-web package.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:icedtea-web\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"icedtea-web-1.3.2-0.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-web\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-08-19T12:55:14", "description": "It was discovered that the IcedTea-Web plug-in incorrectly used the same class loader instance for applets with the same value of the codebase attribute, even when they originated from different domains.\nA malicious applet could use this flaw to gain information about and possibly manipulate applets from different domains currently running in the browser. (CVE-2013-1926)\n\nThe IcedTea-Web plug-in did not properly check the format of the downloaded Java Archive (JAR) files. This could cause the plug-in to execute code hidden in a file in a different format, possibly allowing attackers to execute code in the context of websites that allow uploads of specific file types, known as a GIFAR attack.\n(CVE-2013-1927)\n\nThis erratum also upgrades IcedTea-Web to version 1.2.3.\n\nWeb browsers using the IcedTea-Web browser plug-in must be restarted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2013-04-18T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : icedtea-web on SL6.x i386/x86_64 (20130417)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1926", "CVE-2013-1927"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:icedtea-web", "p-cpe:/a:fermilab:scientific_linux:icedtea-web-debuginfo", "p-cpe:/a:fermilab:scientific_linux:icedtea-web-javadoc", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20130417_ICEDTEA_WEB_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/66017", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66017);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-1926\", \"CVE-2013-1927\");\n\n script_name(english:\"Scientific Linux Security Update : icedtea-web on SL6.x i386/x86_64 (20130417)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the IcedTea-Web plug-in incorrectly used the\nsame class loader instance for applets with the same value of the\ncodebase attribute, even when they originated from different domains.\nA malicious applet could use this flaw to gain information about and\npossibly manipulate applets from different domains currently running\nin the browser. (CVE-2013-1926)\n\nThe IcedTea-Web plug-in did not properly check the format of the\ndownloaded Java Archive (JAR) files. This could cause the plug-in to\nexecute code hidden in a file in a different format, possibly allowing\nattackers to execute code in the context of websites that allow\nuploads of specific file types, known as a GIFAR attack.\n(CVE-2013-1927)\n\nThis erratum also upgrades IcedTea-Web to version 1.2.3.\n\nWeb browsers using the IcedTea-Web browser plug-in must be restarted\nfor this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1304&L=scientific-linux-errata&T=0&P=1839\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d5dcd806\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected icedtea-web, icedtea-web-debuginfo and / or\nicedtea-web-javadoc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:icedtea-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:icedtea-web-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:icedtea-web-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"icedtea-web-1.2.3-2.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"icedtea-web-debuginfo-1.2.3-2.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"icedtea-web-javadoc-1.2.3-2.el6_4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-web / icedtea-web-debuginfo / icedtea-web-javadoc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:49:40", "description": "- update to 1.3.2 (bnc#815596) \n\n - Security Updates\n\n - CVE-2013-1927, RH884705: fixed gifar vulnerability\n\n - CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path.\n\n - Common\n\n - Added new option in itw-settings which allows users to set JVM arguments when plugin is initialized.\n\n - NetX\n\n - PR580: http://www.horaoficial.cl/ loads improperly\n\n - Plugin\n\n - PR1260: IcedTea-Web should not rely on GTK obsoletes icedtea-web-remove-gtk-dep.patch\n\n - PR1157: Applets can hang browser after fatal exception", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : icedtea-web (openSUSE-SU-2013:0735-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1926", "CVE-2013-1927"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:icedtea-web", "p-cpe:/a:novell:opensuse:icedtea-web-debuginfo", "p-cpe:/a:novell:opensuse:icedtea-web-debugsource", "p-cpe:/a:novell:opensuse:icedtea-web-javadoc", "cpe:/o:novell:opensuse:12.1"], "id": "OPENSUSE-2013-372.NASL", "href": "https://www.tenable.com/plugins/nessus/74980", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-372.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74980);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-1926\", \"CVE-2013-1927\");\n\n script_name(english:\"openSUSE Security Update : icedtea-web (openSUSE-SU-2013:0735-1)\");\n script_summary(english:\"Check for the openSUSE-2013-372 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - update to 1.3.2 (bnc#815596) \n\n - Security Updates\n\n - CVE-2013-1927, RH884705: fixed gifar vulnerability\n\n - CVE-2013-1926, RH916774: Class-loader incorrectly shared\n for applets with same relative-path.\n\n - Common\n\n - Added new option in itw-settings which allows users to\n set JVM arguments when plugin is initialized.\n\n - NetX\n\n - PR580: http://www.horaoficial.cl/ loads improperly\n\n - Plugin\n\n - PR1260: IcedTea-Web should not rely on GTK obsoletes\n icedtea-web-remove-gtk-dep.patch\n\n - PR1157: Applets can hang browser after fatal exception\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.horaoficial.cl/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=815596\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-05/msg00003.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected icedtea-web packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icedtea-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icedtea-web-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icedtea-web-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icedtea-web-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"icedtea-web-1.3.2-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"icedtea-web-debuginfo-1.3.2-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"icedtea-web-debugsource-1.3.2-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"icedtea-web-javadoc-1.3.2-22.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-web / icedtea-web-debuginfo / icedtea-web-debugsource / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:55:13", "description": "Updated icedtea-web packages that fix two security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project.\nIt also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations.\n\nIt was discovered that the IcedTea-Web plug-in incorrectly used the same class loader instance for applets with the same value of the codebase attribute, even when they originated from different domains.\nA malicious applet could use this flaw to gain information about and possibly manipulate applets from different domains currently running in the browser. (CVE-2013-1926)\n\nThe IcedTea-Web plug-in did not properly check the format of the downloaded Java Archive (JAR) files. This could cause the plug-in to execute code hidden in a file in a different format, possibly allowing attackers to execute code in the context of websites that allow uploads of specific file types, known as a GIFAR attack.\n(CVE-2013-1927)\n\nThe CVE-2013-1926 issue was discovered by Jiri Vanek of the Red Hat OpenJDK Team, and CVE-2013-1927 was discovered by the Red Hat Security Response Team.\n\nThis erratum also upgrades IcedTea-Web to version 1.2.3. Refer to the NEWS file, linked to in the References, for further information.\n\nAll IcedTea-Web users should upgrade to these updated packages, which resolve these issues. Web browsers using the IcedTea-Web browser plug-in must be restarted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2013-04-18T00:00:00", "type": "nessus", "title": "CentOS 6 : icedtea-web (CESA-2013:0753)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1926", "CVE-2013-1927"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:icedtea-web", "p-cpe:/a:centos:centos:icedtea-web-javadoc", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2013-0753.NASL", "href": "https://www.tenable.com/plugins/nessus/66003", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0753 and \n# CentOS Errata and Security Advisory 2013:0753 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66003);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2013-1926\", \"CVE-2013-1927\");\n script_bugtraq_id(59281, 59286);\n script_xref(name:\"RHSA\", value:\"2013:0753\");\n\n script_name(english:\"CentOS 6 : icedtea-web (CESA-2013:0753)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated icedtea-web packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe IcedTea-Web project provides a Java web browser plug-in and an\nimplementation of Java Web Start, which is based on the Netx project.\nIt also contains a configuration tool for managing deployment settings\nfor the plug-in and Web Start implementations.\n\nIt was discovered that the IcedTea-Web plug-in incorrectly used the\nsame class loader instance for applets with the same value of the\ncodebase attribute, even when they originated from different domains.\nA malicious applet could use this flaw to gain information about and\npossibly manipulate applets from different domains currently running\nin the browser. (CVE-2013-1926)\n\nThe IcedTea-Web plug-in did not properly check the format of the\ndownloaded Java Archive (JAR) files. This could cause the plug-in to\nexecute code hidden in a file in a different format, possibly allowing\nattackers to execute code in the context of websites that allow\nuploads of specific file types, known as a GIFAR attack.\n(CVE-2013-1927)\n\nThe CVE-2013-1926 issue was discovered by Jiri Vanek of the Red Hat\nOpenJDK Team, and CVE-2013-1927 was discovered by the Red Hat Security\nResponse Team.\n\nThis erratum also upgrades IcedTea-Web to version 1.2.3. Refer to the\nNEWS file, linked to in the References, for further information.\n\nAll IcedTea-Web users should upgrade to these updated packages, which\nresolve these issues. Web browsers using the IcedTea-Web browser\nplug-in must be restarted for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-April/019694.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?45ef4519\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected icedtea-web packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-1927\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:icedtea-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:icedtea-web-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"icedtea-web-1.2.3-2.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"icedtea-web-javadoc-1.2.3-2.el6_4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-web / icedtea-web-javadoc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:55:23", "description": "Updated icedtea-web packages that fix two security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project.\nIt also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations.\n\nIt was discovered that the IcedTea-Web plug-in incorrectly used the same class loader instance for applets with the same value of the codebase attribute, even when they originated from different domains.\nA malicious applet could use this flaw to gain information about and possibly manipulate applets from different domains currently running in the browser. (CVE-2013-1926)\n\nThe IcedTea-Web plug-in did not properly check the format of the downloaded Java Archive (JAR) files. This could cause the plug-in to execute code hidden in a file in a different format, possibly allowing attackers to execute code in the context of websites that allow uploads of specific file types, known as a GIFAR attack.\n(CVE-2013-1927)\n\nThe CVE-2013-1926 issue was discovered by Jiri Vanek of the Red Hat OpenJDK Team, and CVE-2013-1927 was discovered by the Red Hat Security Response Team.\n\nThis erratum also upgrades IcedTea-Web to version 1.2.3. Refer to the NEWS file, linked to in the References, for further information.\n\nAll IcedTea-Web users should upgrade to these updated packages, which resolve these issues. Web browsers using the IcedTea-Web browser plug-in must be restarted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2013-04-18T00:00:00", "type": "nessus", "title": "RHEL 6 : icedtea-web (RHSA-2013:0753)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1926", "CVE-2013-1927"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:icedtea-web", "p-cpe:/a:redhat:enterprise_linux:icedtea-web-debuginfo", "p-cpe:/a:redhat:enterprise_linux:icedtea-web-javadoc", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.4"], "id": "REDHAT-RHSA-2013-0753.NASL", "href": "https://www.tenable.com/plugins/nessus/66015", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0753. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66015);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-1926\", \"CVE-2013-1927\");\n script_bugtraq_id(59281, 59286);\n script_xref(name:\"RHSA\", value:\"2013:0753\");\n\n script_name(english:\"RHEL 6 : icedtea-web (RHSA-2013:0753)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated icedtea-web packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe IcedTea-Web project provides a Java web browser plug-in and an\nimplementation of Java Web Start, which is based on the Netx project.\nIt also contains a configuration tool for managing deployment settings\nfor the plug-in and Web Start implementations.\n\nIt was discovered that the IcedTea-Web plug-in incorrectly used the\nsame class loader instance for applets with the same value of the\ncodebase attribute, even when they originated from different domains.\nA malicious applet could use this flaw to gain information about and\npossibly manipulate applets from different domains currently running\nin the browser. (CVE-2013-1926)\n\nThe IcedTea-Web plug-in did not properly check the format of the\ndownloaded Java Archive (JAR) files. This could cause the plug-in to\nexecute code hidden in a file in a different format, possibly allowing\nattackers to execute code in the context of websites that allow\nuploads of specific file types, known as a GIFAR attack.\n(CVE-2013-1927)\n\nThe CVE-2013-1926 issue was discovered by Jiri Vanek of the Red Hat\nOpenJDK Team, and CVE-2013-1927 was discovered by the Red Hat Security\nResponse Team.\n\nThis erratum also upgrades IcedTea-Web to version 1.2.3. Refer to the\nNEWS file, linked to in the References, for further information.\n\nAll IcedTea-Web users should upgrade to these updated packages, which\nresolve these issues. Web browsers using the IcedTea-Web browser\nplug-in must be restarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1927\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1926\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected icedtea-web, icedtea-web-debuginfo and / or\nicedtea-web-javadoc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:icedtea-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:icedtea-web-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:icedtea-web-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0753\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"icedtea-web-1.2.3-2.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"icedtea-web-1.2.3-2.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"icedtea-web-debuginfo-1.2.3-2.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"icedtea-web-debuginfo-1.2.3-2.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"icedtea-web-javadoc-1.2.3-2.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"icedtea-web-javadoc-1.2.3-2.el6_4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-web / icedtea-web-debuginfo / icedtea-web-javadoc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:54:58", "description": "This update to version 1.3.2 fixes several security updates and common fixes. (bnc#815596)\n\nSecurity Updates\n\n - fixed gifar vulnerability. (CVE-2013-1927)\n\n - Class-loader incorrectly shared for applets with same relative-path. Common. (CVE-2013-1926)\n\n - Added new option in itw-settings which allows users to set JVM arguments when plugin is initialized. NetX\n\n - PR580: http://www.horaoficial.cl/ loads improperly Plugin\n\n - PR1260: IcedTea-Web should not rely on GTK obsoletes icedtea-web-remove-gtk-dep.patch\n\n - PR1157: Applets can hang browser after fatal exception", "cvss3": {"score": null, "vector": null}, "published": "2013-04-29T00:00:00", "type": "nessus", "title": "SuSE 11.2 Security Update : icedtea-web (SAT Patch Number 7642)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1926", "CVE-2013-1927"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:icedtea-web", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_ICEDTEA-WEB-130419.NASL", "href": "https://www.tenable.com/plugins/nessus/66253", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66253);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-1926\", \"CVE-2013-1927\");\n\n script_name(english:\"SuSE 11.2 Security Update : icedtea-web (SAT Patch Number 7642)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update to version 1.3.2 fixes several security updates and common\nfixes. (bnc#815596)\n\nSecurity Updates\n\n - fixed gifar vulnerability. (CVE-2013-1927)\n\n - Class-loader incorrectly shared for applets with same\n relative-path. Common. (CVE-2013-1926)\n\n - Added new option in itw-settings which allows users to\n set JVM arguments when plugin is initialized. NetX\n\n - PR580: http://www.horaoficial.cl/ loads improperly\n Plugin\n\n - PR1260: IcedTea-Web should not rely on GTK obsoletes\n icedtea-web-remove-gtk-dep.patch\n\n - PR1157: Applets can hang browser after fatal exception\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=815596\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1926.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1927.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 7642.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:icedtea-web\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, \"SuSE 11.2\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"icedtea-web-1.3.2-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"icedtea-web-1.3.2-0.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:49:59", "description": "- update to 1.3.2 (bnc#815596) \n\n - Security Updates\n\n - CVE-2013-1927, RH884705: fixed gifar vulnerability\n\n - CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path.\n\n - Common\n\n - Added new option in itw-settings which allows users to set JVM arguments when plugin is initialized.\n\n - NetX\n\n - PR580: http://www.horaoficial.cl/ loads improperly\n\n - Plugin\n\n - PR1260: IcedTea-Web should not rely on GTK obsoletes icedtea-web-remove-gtk-dep.patch\n\n - PR1157: Applets can hang browser after fatal exception", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : icedtea-web (openSUSE-SU-2013:0897-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1926", "CVE-2013-1927"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:icedtea-web", "p-cpe:/a:novell:opensuse:icedtea-web-debuginfo", "p-cpe:/a:novell:opensuse:icedtea-web-debugsource", "p-cpe:/a:novell:opensuse:icedtea-web-javadoc", "cpe:/o:novell:opensuse:12.3"], "id": "OPENSUSE-2013-373.NASL", "href": "https://www.tenable.com/plugins/nessus/74981", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-373.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74981);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-1926\", \"CVE-2013-1927\");\n\n script_name(english:\"openSUSE Security Update : icedtea-web (openSUSE-SU-2013:0897-1)\");\n script_summary(english:\"Check for the openSUSE-2013-373 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - update to 1.3.2 (bnc#815596) \n\n - Security Updates\n\n - CVE-2013-1927, RH884705: fixed gifar vulnerability\n\n - CVE-2013-1926, RH916774: Class-loader incorrectly shared\n for applets with same relative-path.\n\n - Common\n\n - Added new option in itw-settings which allows users to\n set JVM arguments when plugin is initialized.\n\n - NetX\n\n - PR580: http://www.horaoficial.cl/ loads improperly\n\n - Plugin\n\n - PR1260: IcedTea-Web should not rely on GTK obsoletes\n icedtea-web-remove-gtk-dep.patch\n\n - PR1157: Applets can hang browser after fatal exception\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.horaoficial.cl/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=815596\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-06/msg00034.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected icedtea-web packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icedtea-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icedtea-web-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icedtea-web-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icedtea-web-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icedtea-web-1.3.2-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icedtea-web-debuginfo-1.3.2-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icedtea-web-debugsource-1.3.2-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icedtea-web-javadoc-1.3.2-4.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-web / icedtea-web-debuginfo / icedtea-web-debugsource / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-16T14:06:20", "description": "The remote host is affected by the vulnerability described in GLSA-201406-32 (IcedTea JDK: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in the IcedTea JDK. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, bypass intended security policies, or have other unspecified impact.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2014-06-30T00:00:00", "type": "nessus", "title": "GLSA-201406-32 : IcedTea JDK: Multiple vulnerabilities (BEAST) (ROBOT)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3555", "CVE-2010-2548", "CVE-2010-2783", "CVE-2010-3541", "CVE-2010-3548", "CVE-2010-3549", "CVE-2010-3551", "CVE-2010-3553", "CVE-2010-3554", "CVE-2010-3557", "CVE-2010-3561", "CVE-2010-3562", "CVE-2010-3564", "CVE-2010-3565", "CVE-2010-3566", "CVE-2010-3567", "CVE-2010-3568", "CVE-2010-3569", "CVE-2010-3573", "CVE-2010-3574", "CVE-2010-3860", "CVE-2010-4351", "CVE-2010-4448", "CVE-2010-4450", "CVE-2010-4465", "CVE-2010-4467", "CVE-2010-4469", "CVE-2010-4470", "CVE-2010-4471", "CVE-2010-4472", "CVE-2010-4476", "CVE-2011-0025", "CVE-2011-0706", "CVE-2011-0815", "CVE-2011-0822", "CVE-2011-0862", "CVE-2011-0864", "CVE-2011-0865", "CVE-2011-0868", "CVE-2011-0869", "CVE-2011-0870", "CVE-2011-0871", "CVE-2011-0872", "CVE-2011-3389", "CVE-2011-3521", "CVE-2011-3544", "CVE-2011-3547", "CVE-2011-3548", "CVE-2011-3551", "CVE-2011-3552", "CVE-2011-3553", "CVE-2011-3554", "CVE-2011-3556", "CVE-2011-3557", "CVE-2011-3558", "CVE-2011-3560", "CVE-2011-3563", "CVE-2011-3571", "CVE-2011-5035", "CVE-2012-0424", "CVE-2012-0497", "CVE-2012-0501", "CVE-2012-0502", "CVE-2012-0503", "CVE-2012-0505", "CVE-2012-0506", "CVE-2012-0547", "CVE-2012-1711", "CVE-2012-1713", "CVE-2012-1716", "CVE-2012-1717", "CVE-2012-1718", "CVE-2012-1719", "CVE-2012-1723", "CVE-2012-1724", "CVE-2012-1725", "CVE-2012-1726", "CVE-2012-3216", "CVE-2012-3422", "CVE-2012-3423", "CVE-2012-4416", "CVE-2012-4540", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5070", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5074", "CVE-2012-5075", "CVE-2012-5076", "CVE-2012-5077", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5084", "CVE-2012-5085", "CVE-2012-5086", "CVE-2012-5087", "CVE-2012-5089", "CVE-2013-0169", "CVE-2013-0401", "CVE-2013-0425", "CVE-2013-0426", "CVE-2013-0427", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-0431", "CVE-2013-0432", "CVE-2013-0433", "CVE-2013-0434", "CVE-2013-0435", "CVE-2013-0440", "CVE-2013-0441", "CVE-2013-0442", "CVE-2013-0443", "CVE-2013-0444", "CVE-2013-0450", "CVE-2013-0809", "CVE-2013-1475", "CVE-2013-1476", "CVE-2013-1478", "CVE-2013-1480", "CVE-2013-1484", "CVE-2013-1485", "CVE-2013-1486", "CVE-2013-1488", "CVE-2013-1493", "CVE-2013-1500", "CVE-2013-1518", "CVE-2013-1537", "CVE-2013-1557", "CVE-2013-1569", "CVE-2013-1571", "CVE-2013-2383", "CVE-2013-2384", "CVE-2013-2407", "CVE-2013-2412", "CVE-2013-2415", "CVE-2013-2417", "CVE-2013-2419", "CVE-2013-2420", "CVE-2013-2421", "CVE-2013-2422", "CVE-2013-2423", "CVE-2013-2424", "CVE-2013-2426", "CVE-2013-2429", "CVE-2013-2430", "CVE-2013-2431", "CVE-2013-2436", "CVE-2013-2443", "CVE-2013-2444", "CVE-2013-2445", "CVE-2013-2446", "CVE-2013-2447", "CVE-2013-2448", "CVE-2013-2449", "CVE-2013-2450", "CVE-2013-2451", "CVE-2013-2452", "CVE-2013-2453", "CVE-2013-2454", "CVE-2013-2455", "CVE-2013-2456", "CVE-2013-2457", "CVE-2013-2458", "CVE-2013-2459", "CVE-2013-2460", "CVE-2013-2461", "CVE-2013-2463", "CVE-2013-2465", "CVE-2013-2469", "CVE-2013-2470", "CVE-2013-2471", "CVE-2013-2472", "CVE-2013-2473", "CVE-2013-3829", "CVE-2013-4002", "CVE-2013-5772", "CVE-2013-5774", "CVE-2013-5778", "CVE-2013-5780", "CVE-2013-5782", "CVE-2013-5783", "CVE-2013-5784", "CVE-2013-5790", "CVE-2013-5797", "CVE-2013-5800", "CVE-2013-5802", "CVE-2013-5803", "CVE-2013-5804", "CVE-2013-5805", "CVE-2013-5806", "CVE-2013-5809", "CVE-2013-5814", "CVE-2013-5817", "CVE-2013-5820", "CVE-2013-5823", "CVE-2013-5825", "CVE-2013-5829", "CVE-2013-5830", "CVE-2013-5840", "CVE-2013-5842", "CVE-2013-5849", "CVE-2013-5850", "CVE-2013-5851", "CVE-2013-6629", "CVE-2013-6954", "CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-0453", "CVE-2014-0456", "CVE-2014-0457", "CVE-2014-0458", "CVE-2014-0459", "CVE-2014-0460", "CVE-2014-0461", "CVE-2014-1876", "CVE-2014-2397", "CVE-2014-2398", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2414", "CVE-2014-2421", "CVE-2014-2423", "CVE-2014-2427"], "modified": "2022-03-29T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:icedtea-bin", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201406-32.NASL", "href": "https://www.tenable.com/plugins/nessus/76303", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201406-32.\n#\n# The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76303);\n script_version(\"1.32\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/29\");\n\n script_cve_id(\n \"CVE-2009-3555\",\n \"CVE-2010-2548\",\n \"CVE-2010-2783\",\n \"CVE-2010-3541\",\n \"CVE-2010-3548\",\n \"CVE-2010-3549\",\n \"CVE-2010-3551\",\n \"CVE-2010-3553\",\n \"CVE-2010-3554\",\n \"CVE-2010-3557\",\n \"CVE-2010-3561\",\n \"CVE-2010-3562\",\n \"CVE-2010-3564\",\n \"CVE-2010-3565\",\n \"CVE-2010-3566\",\n \"CVE-2010-3567\",\n \"CVE-2010-3568\",\n \"CVE-2010-3569\",\n \"CVE-2010-3573\",\n \"CVE-2010-3574\",\n \"CVE-2010-3860\",\n \"CVE-2010-4351\",\n \"CVE-2010-4448\",\n \"CVE-2010-4450\",\n \"CVE-2010-4465\",\n \"CVE-2010-4467\",\n \"CVE-2010-4469\",\n \"CVE-2010-4470\",\n \"CVE-2010-4471\",\n \"CVE-2010-4472\",\n \"CVE-2010-4476\",\n \"CVE-2011-0025\",\n \"CVE-2011-0706\",\n \"CVE-2011-0815\",\n \"CVE-2011-0822\",\n \"CVE-2011-0862\",\n \"CVE-2011-0864\",\n \"CVE-2011-0865\",\n \"CVE-2011-0868\",\n \"CVE-2011-0869\",\n \"CVE-2011-0870\",\n \"CVE-2011-0871\",\n \"CVE-2011-0872\",\n \"CVE-2011-3389\",\n \"CVE-2011-3521\",\n \"CVE-2011-3544\",\n \"CVE-2011-3547\",\n \"CVE-2011-3548\",\n \"CVE-2011-3551\",\n \"CVE-2011-3552\",\n \"CVE-2011-3553\",\n \"CVE-2011-3554\",\n \"CVE-2011-3556\",\n \"CVE-2011-3557\",\n \"CVE-2011-3558\",\n \"CVE-2011-3560\",\n \"CVE-2011-3563\",\n \"CVE-2011-3571\",\n \"CVE-2011-5035\",\n \"CVE-2012-0424\",\n \"CVE-2012-0497\",\n \"CVE-2012-0501\",\n \"CVE-2012-0502\",\n \"CVE-2012-0503\",\n \"CVE-2012-0505\",\n \"CVE-2012-0506\",\n \"CVE-2012-0547\",\n \"CVE-2012-1711\",\n \"CVE-2012-1713\",\n \"CVE-2012-1716\",\n \"CVE-2012-1717\",\n \"CVE-2012-1718\",\n \"CVE-2012-1719\",\n \"CVE-2012-1723\",\n \"CVE-2012-1724\",\n \"CVE-2012-1725\",\n \"CVE-2012-1726\",\n \"CVE-2012-3216\",\n \"CVE-2012-3422\",\n \"CVE-2012-3423\",\n \"CVE-2012-4416\",\n \"CVE-2012-4540\",\n \"CVE-2012-5068\",\n \"CVE-2012-5069\",\n \"CVE-2012-5070\",\n \"CVE-2012-5071\",\n \"CVE-2012-5072\",\n \"CVE-2012-5073\",\n \"CVE-2012-5074\",\n \"CVE-2012-5075\",\n \"CVE-2012-5076\",\n \"CVE-2012-5077\",\n \"CVE-2012-5079\",\n \"CVE-2012-5081\",\n \"CVE-2012-5084\",\n \"CVE-2012-5085\",\n \"CVE-2012-5086\",\n \"CVE-2012-5087\",\n \"CVE-2012-5089\",\n \"CVE-2013-0169\",\n \"CVE-2013-0401\",\n \"CVE-2013-0425\",\n \"CVE-2013-0426\",\n \"CVE-2013-0427\",\n \"CVE-2013-0428\",\n \"CVE-2013-0429\",\n \"CVE-2013-0431\",\n \"CVE-2013-0432\",\n \"CVE-2013-0433\",\n \"CVE-2013-0434\",\n \"CVE-2013-0435\",\n \"CVE-2013-0440\",\n \"CVE-2013-0441\",\n \"CVE-2013-0442\",\n \"CVE-2013-0443\",\n \"CVE-2013-0444\",\n \"CVE-2013-0450\",\n \"CVE-2013-0809\",\n \"CVE-2013-1475\",\n \"CVE-2013-1476\",\n \"CVE-2013-1478\",\n \"CVE-2013-1480\",\n \"CVE-2013-1484\",\n \"CVE-2013-1485\",\n \"CVE-2013-1486\",\n \"CVE-2013-1488\",\n \"CVE-2013-1493\",\n \"CVE-2013-1500\",\n \"CVE-2013-1518\",\n \"CVE-2013-1537\",\n \"CVE-2013-1557\",\n \"CVE-2013-1569\",\n \"CVE-2013-1571\",\n \"CVE-2013-2383\",\n \"CVE-2013-2384\",\n \"CVE-2013-2407\",\n \"CVE-2013-2412\",\n \"CVE-2013-2415\",\n \"CVE-2013-2417\",\n \"CVE-2013-2419\",\n \"CVE-2013-2420\",\n \"CVE-2013-2421\",\n \"CVE-2013-2422\",\n \"CVE-2013-2423\",\n \"CVE-2013-2424\",\n \"CVE-2013-2426\",\n \"CVE-2013-2429\",\n \"CVE-2013-2430\",\n \"CVE-2013-2431\",\n \"CVE-2013-2436\",\n \"CVE-2013-2443\",\n \"CVE-2013-2444\",\n \"CVE-2013-2445\",\n \"CVE-2013-2446\",\n \"CVE-2013-2447\",\n \"CVE-2013-2448\",\n \"CVE-2013-2449\",\n \"CVE-2013-2450\",\n \"CVE-2013-2451\",\n \"CVE-2013-2452\",\n \"CVE-2013-2453\",\n \"CVE-2013-2454\",\n \"CVE-2013-2455\",\n \"CVE-2013-2456\",\n \"CVE-2013-2457\",\n \"CVE-2013-2458\",\n \"CVE-2013-2459\",\n \"CVE-2013-2460\",\n \"CVE-2013-2461\",\n \"CVE-2013-2463\",\n \"CVE-2013-2465\",\n \"CVE-2013-2469\",\n \"CVE-2013-2470\",\n \"CVE-2013-2471\",\n \"CVE-2013-2472\",\n \"CVE-2013-2473\",\n \"CVE-2013-3829\",\n \"CVE-2013-4002\",\n \"CVE-2013-5772\",\n \"CVE-2013-5774\",\n \"CVE-2013-5778\",\n \"CVE-2013-5780\",\n \"CVE-2013-5782\",\n \"CVE-2013-5783\",\n \"CVE-2013-5784\",\n \"CVE-2013-5790\",\n \"CVE-2013-5797\",\n \"CVE-2013-5800\",\n \"CVE-2013-5802\",\n \"CVE-2013-5803\",\n \"CVE-2013-5804\",\n \"CVE-2013-5805\",\n \"CVE-2013-5806\",\n \"CVE-2013-5809\",\n \"CVE-2013-5814\",\n \"CVE-2013-5817\",\n \"CVE-2013-5820\",\n \"CVE-2013-5823\",\n \"CVE-2013-5825\",\n \"CVE-2013-5829\",\n \"CVE-2013-5830\",\n \"CVE-2013-5840\",\n \"CVE-2013-5842\",\n \"CVE-2013-5849\",\n \"CVE-2013-5850\",\n \"CVE-2013-5851\",\n \"CVE-2013-6629\",\n \"CVE-2013-6954\",\n \"CVE-2014-0429\",\n \"CVE-2014-0446\",\n \"CVE-2014-0451\",\n \"CVE-2014-0452\",\n \"CVE-2014-0453\",\n \"CVE-2014-0456\",\n \"CVE-2014-0457\",\n \"CVE-2014-0458\",\n \"CVE-2014-0459\",\n \"CVE-2014-0460\",\n \"CVE-2014-0461\",\n \"CVE-2014-1876\",\n \"CVE-2014-2397\",\n \"CVE-2014-2398\",\n \"CVE-2014-2403\",\n \"CVE-2014-2412\",\n \"CVE-2014-2414\",\n \"CVE-2014-2421\",\n \"CVE-2014-2423\",\n \"CVE-2014-2427\"\n );\n script_bugtraq_id(\n 36935,\n 42476,\n 43963,\n 43979,\n 43985,\n 43988,\n 43992,\n 43994,\n 44009,\n 44011,\n 44012,\n 44013,\n 44014,\n 44016,\n 44017,\n 44027,\n 44028,\n 44032,\n 44035,\n 45114,\n 45894,\n 46091,\n 46110,\n 46387,\n 46395,\n 46397,\n 46398,\n 46399,\n 46400,\n 46404,\n 46406,\n 46439,\n 48137,\n 48139,\n 48140,\n 48141,\n 48142,\n 48143,\n 48146,\n 48147,\n 49388,\n 49778,\n 50211,\n 50215,\n 50216,\n 50218,\n 50224,\n 50231,\n 50234,\n 50236,\n 50242,\n 50243,\n 50246,\n 50248,\n 51194,\n 51467,\n 52009,\n 52011,\n 52012,\n 52013,\n 52014,\n 52017,\n 52018,\n 53946,\n 53947,\n 53948,\n 53949,\n 53950,\n 53951,\n 53952,\n 53954,\n 53958,\n 53960,\n 54762,\n 55339,\n 55501,\n 56039,\n 56043,\n 56054,\n 56056,\n 56058,\n 56059,\n 56061,\n 56063,\n 56065,\n 56067,\n 56071,\n 56075,\n 56076,\n 56079,\n 56080,\n 56081,\n 56083,\n 56434,\n 57686,\n 57687,\n 57691,\n 57692,\n 57694,\n 57696,\n 57701,\n 57702,\n 57703,\n 57709,\n 57710,\n 57711,\n 57712,\n 57713,\n 57719,\n 57724,\n 57726,\n 57727,\n 57729,\n 57730,\n 57778,\n 58027,\n 58028,\n 58029,\n 58238,\n 58296,\n 58504,\n 58507,\n 59131,\n 59141,\n 59153,\n 59159,\n 59162,\n 59165,\n 59166,\n 59167,\n 59170,\n 59179,\n 59184,\n 59187,\n 59190,\n 59194,\n 59206,\n 59212,\n 59213,\n 59228,\n 59243,\n 60617,\n 60618,\n 60619,\n 60620,\n 60622,\n 60623,\n 60625,\n 60627,\n 60629,\n 60632,\n 60633,\n 60634,\n 60635,\n 60638,\n 60639,\n 60640,\n 60641,\n 60644,\n 60645,\n 60646,\n 60647,\n 60650,\n 60651,\n 60652,\n 60653,\n 60655,\n 60656,\n 60657,\n 60658,\n 60659,\n 61310,\n 63082,\n 63089,\n 63095,\n 63098,\n 63101,\n 63102,\n 63103,\n 63106,\n 63110,\n 63111,\n 63112,\n 63115,\n 63118,\n 63120,\n 63121,\n 63122,\n 63128,\n 63133,\n 63134,\n 63135,\n 63137,\n 63142,\n 63143,\n 63146,\n 63148,\n 63149,\n 63150,\n 63153,\n 63154,\n 63676,\n 64493,\n 65568,\n 66856,\n 66866,\n 66873,\n 66877,\n 66879,\n 66881,\n 66883,\n 66887,\n 66891,\n 66893,\n 66894,\n 66902,\n 66903,\n 66909,\n 66910,\n 66914,\n 66916,\n 66918,\n 66920\n );\n script_xref(name:\"GLSA\", value:\"201406-32\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/03/24\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n\n script_name(english:\"GLSA-201406-32 : IcedTea JDK: Multiple vulnerabilities (BEAST) (ROBOT)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-201406-32\n(IcedTea JDK: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in the IcedTea JDK. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, cause a Denial of Service condition, obtain\n sensitive information, bypass intended security policies, or have other\n unspecified impact.\n \nWorkaround :\n\n There is no known workaround at this time.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/201406-32\");\n script_set_attribute(attribute:\"solution\", value:\n\"All IcedTea JDK users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-java/icedtea-bin-6.1.13.3'\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java storeImageArray() Invalid Array Indexing Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:icedtea-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-java/icedtea-bin\", unaffected:make_list(\"ge 6.1.13.3\", \"lt 6\"), vulnerable:make_list(\"lt 6.1.13.3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"IcedTea JDK\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:38:19", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-04-22T00:00:00", "type": "openvas", "title": "Fedora Update for icedtea-web FEDORA-2013-5925", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-4540", "CVE-2012-3422", "CVE-2013-1926", "CVE-2012-3423", "CVE-2013-1927"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310865574", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865574", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for icedtea-web FEDORA-2013-5925\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.865574\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-22 10:28:40 +0530 (Mon, 22 Apr 2013)\");\n script_cve_id(\"CVE-2013-1927\", \"CVE-2013-1926\", \"CVE-2012-4540\", \"CVE-2012-3422\", \"CVE-2012-3423\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for icedtea-web FEDORA-2013-5925\");\n script_xref(name:\"FEDORA\", value:\"2013-5925\");\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102100.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'icedtea-web'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"icedtea-web on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.3.2~0.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-22T13:10:42", "description": "Check for the Version of icedtea-web", "cvss3": {}, "published": "2013-04-22T00:00:00", "type": "openvas", "title": "Fedora Update for icedtea-web FEDORA-2013-5925", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-4540", "CVE-2012-3422", "CVE-2013-1926", "CVE-2012-3423", "CVE-2013-1927"], "modified": "2018-01-22T00:00:00", "id": "OPENVAS:865574", "href": "http://plugins.openvas.org/nasl.php?oid=865574", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for icedtea-web FEDORA-2013-5925\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"icedtea-web on Fedora 17\";\ntag_insight = \"The IcedTea-Web project provides a Java web browser plugin, an implementation\n of Java Web Start (originally based on the Netx project) and a settings tool to\n manage deployment settings for the aforementioned plugin and Web Start\n implementations.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(865574);\n script_version(\"$Revision: 8483 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 07:58:04 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-22 10:28:40 +0530 (Mon, 22 Apr 2013)\");\n script_cve_id(\"CVE-2013-1927\", \"CVE-2013-1926\", \"CVE-2012-4540\", \"CVE-2012-3422\", \"CVE-2012-3423\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for icedtea-web FEDORA-2013-5925\");\n\n script_xref(name: \"FEDORA\", value: \"2013-5925\");\n script_xref(name: \"URL\" , value: \"http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102100.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of icedtea-web\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.3.2~0.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:08", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-03T00:00:00", "type": "openvas", "title": "Mandriva Update for icedtea-web MDVSA-2012:122 (icedtea-web)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3422", "CVE-2012-3423"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310831710", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831710", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for icedtea-web MDVSA-2012:122 (icedtea-web)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:122\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831710\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 11:19:16 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-3422\", \"CVE-2012-3423\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"MDVSA\", value:\"2012:122\");\n script_name(\"Mandriva Update for icedtea-web MDVSA-2012:122 (icedtea-web)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'icedtea-web'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(2011\\.0|mes5\\.2)\");\n script_tag(name:\"affected\", value:\"icedtea-web on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities has been discovered and corrected in\n icedtea-web:\n\n An uninitialized pointer use flaw was found in IcedTea-Web web\n browser plugin. A malicious web page could use this flaw make\n IcedTea-Web browser plugin pass invalid pointer to a web browser.\n Depending on the browser used, it may cause the browser to crash or\n possibly execute arbitrary code (CVE-2012-3422).\n\n It was discovered that the IcedTea-Web web browser plugin incorrectly\n assumed that all strings provided by browser are NUL terminated,\n which is not guaranteed by the NPAPI (Netscape Plugin Application\n Programming Interface). When used in a browser that does not NUL\n terminate NPVariant NPStrings, this could lead to buffer over-read\n or over-write, resulting in possible information leak, crash, or code\n execution (CVE-2012-3423).\n\n The updated packages have been upgraded to the 1.1.6 version which\n is not affected by these issues.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.1.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"icedtea-web-javadoc\", rpm:\"icedtea-web-javadoc~1.1.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.1.6~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"icedtea-web-javadoc\", rpm:\"icedtea-web-javadoc~1.1.6~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:11", "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "FreeBSD Ports: icedtea-web", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3422", "CVE-2012-3423"], "modified": "2018-10-05T00:00:00", "id": "OPENVAS:136141256231071848", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071848", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_icedtea-web.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from VID 55b498e2-e56c-11e1-bbd5-001c25e46b1d\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71848\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2012-3422\", \"CVE-2012-3423\");\n script_version(\"$Revision: 11762 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 11:34:18 -0400 (Thu, 30 Aug 2012)\");\n script_name(\"FreeBSD Ports: icedtea-web\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following package is affected: icedtea-web\n\nCVE-2012-3422\nThe getFirstInTableInstance function in the IcedTea-Web plugin before\n1.2.1 returns an uninitialized pointer when the instance_to_id_map\nhash is empty, which allows remote attackers to cause a denial of\nservice (crash) and possibly execute arbitrary code via a crafted web\npage, which causes an uninitialized memory location to be read.\nCVE-2012-3423\nThe IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant\nNPStrings without NUL terminators, which allows remote attackers to\ncause a denial of service (crash), obtain sensitive information from\nmemory, or execute arbitrary code via a crafted Java applet.\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_xref(name:\"URL\", value:\"http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-July/019580.html\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/55b498e2-e56c-11e1-bbd5-001c25e46b1d.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"icedtea-web\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.2.1\")<0) {\n txt += \"Package icedtea-web version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:42:10", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-12-13T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for update (openSUSE-SU-2012:0982-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3422", "CVE-2012-3423"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850309", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850309", "sourceData": "# Copyright (C) 2012 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850309\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-12-13 17:01:46 +0530 (Thu, 13 Dec 2012)\");\n script_cve_id(\"CVE-2012-3422\", \"CVE-2012-3423\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"openSUSE-SU\", value:\"2012:0982-1\");\n script_name(\"openSUSE: Security Advisory for update (openSUSE-SU-2012:0982-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'update'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSE11\\.4|openSUSE12\\.1)\");\n\n script_tag(name:\"affected\", value:\"update on openSUSE 12.1, openSUSE 11.4\");\n\n script_tag(name:\"insight\", value:\"This update of icedtea-web fixed multiple hewap buffer\n overflows.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE11.4\") {\n if(!isnull(res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.2.1~0.17.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"icedtea-web-debuginfo\", rpm:\"icedtea-web-debuginfo~1.2.1~0.17.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"icedtea-web-debugsource\", rpm:\"icedtea-web-debugsource~1.2.1~0.17.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"icedtea-web-javadoc\", rpm:\"icedtea-web-javadoc~1.2.1~0.17.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSE12.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.2.1~10.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"icedtea-web-debuginfo\", rpm:\"icedtea-web-debuginfo~1.2.1~10.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"icedtea-web-debugsource\", rpm:\"icedtea-web-debugsource~1.2.1~10.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"icedtea-web-javadoc\", rpm:\"icedtea-web-javadoc~1.2.1~10.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-02T10:58:13", "description": "Check for the Version of icedtea-web", "cvss3": {}, "published": "2012-09-22T00:00:00", "type": "openvas", "title": "Fedora Update for icedtea-web FEDORA-2012-14316", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3422", "CVE-2012-3423"], "modified": "2017-12-28T00:00:00", "id": "OPENVAS:864713", "href": "http://plugins.openvas.org/nasl.php?oid=864713", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for icedtea-web FEDORA-2012-14316\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"icedtea-web on Fedora 17\";\ntag_insight = \"The IcedTea-Web project provides a Java web browser plugin, an implementation\n of Java Web Start (originally based on the Netx project) and a settings tool to\n manage deployment settings for the aforementioned plugin and Web Start\n implementations.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087631.html\");\n script_id(864713);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-22 11:56:12 +0530 (Sat, 22 Sep 2012)\");\n script_cve_id(\"CVE-2012-3422\", \"CVE-2012-3423\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-14316\");\n script_name(\"Fedora Update for icedtea-web FEDORA-2012-14316\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of icedtea-web\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.3~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:13", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-09-22T00:00:00", "type": "openvas", "title": "Fedora Update for icedtea-web FEDORA-2012-14316", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3422", "CVE-2012-3423"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864713", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864713", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for icedtea-web FEDORA-2012-14316\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087631.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864713\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-22 11:56:12 +0530 (Sat, 22 Sep 2012)\");\n script_cve_id(\"CVE-2012-3422\", \"CVE-2012-3423\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-14316\");\n script_name(\"Fedora Update for icedtea-web FEDORA-2012-14316\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'icedtea-web'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"icedtea-web on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.3~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-08T12:58:18", "description": "Check for the Version of icedtea-web", "cvss3": {}, "published": "2012-12-13T00:00:00", "type": "openvas", "title": "SuSE Update for icedtea-web openSUSE-SU-2012:0981-1 (icedtea-web)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3422", "CVE-2012-3423"], "modified": "2018-01-08T00:00:00", "id": "OPENVAS:850308", "href": "http://plugins.openvas.org/nasl.php?oid=850308", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2012_0981_1.nasl 8313 2018-01-08 07:02:11Z teissa $\n#\n# SuSE Update for icedtea-web openSUSE-SU-2012:0981-1 (icedtea-web)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"icedtea-web on openSUSE 12.1, openSUSE 11.4\";\ntag_insight = \"- update to 1.2.1 (bnc#773458)\n - Security Updates\n * CVE-2012-3422, RH840592: Potential read from an\n uninitialized memory location\n * CVE-2012-3423, RH841345: Incorrect handling of not\n 0-terminated strings\n - NetX\n * PR898: signed applications with big jnlp-file doesn't\n start (webstart affect like "frozen")\n * PR811: javaws is not handling urls with spaces (and\n other characters needing encoding) correctly\n * 816592: icedtea-web not loading GeoGebra java applets\n in Firefox or Chrome\n - Plugin\n * PR863: Error passing strings to applet methods in\n Chromium\n * PR895: IcedTea-Web searches for missing classes on each\n loadClass or findClass\n * PR518: NPString.utf8characters not guaranteed to be\n nul-terminated\n - Common\n * RH838417: Disambiguate signed applet security prompt\n from certificate warning\n * RH838559: Disambiguate signed applet security prompt\n from certificate warning\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850308);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-13 17:01:37 +0530 (Thu, 13 Dec 2012)\");\n script_cve_id(\"CVE-2012-3422\", \"CVE-2012-3423\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"openSUSE-SU\", value: \"2012:0981_1\");\n script_name(\"SuSE Update for icedtea-web openSUSE-SU-2012:0981-1 (icedtea-web)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of icedtea-web\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.4\")\n{\n\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.2.1~0.13.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"icedtea-web-debuginfo\", rpm:\"icedtea-web-debuginfo~1.2.1~0.13.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"icedtea-web-debugsource\", rpm:\"icedtea-web-debugsource~1.2.1~0.13.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"icedtea-web-javadoc\", rpm:\"icedtea-web-javadoc~1.2.1~0.13.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE12.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.2.1~6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"icedtea-web-debuginfo\", rpm:\"icedtea-web-debuginfo~1.2.1~6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"icedtea-web-debugsource\", rpm:\"icedtea-web-debugsource~1.2.1~6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"icedtea-web-javadoc\", rpm:\"icedtea-web-javadoc~1.2.1~6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:49", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "FreeBSD Ports: icedtea-web", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3422", "CVE-2012-3423"], "modified": "2017-04-12T00:00:00", "id": "OPENVAS:71848", "href": "http://plugins.openvas.org/nasl.php?oid=71848", "sourceData": "#\n#VID 55b498e2-e56c-11e1-bbd5-001c25e46b1d\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 55b498e2-e56c-11e1-bbd5-001c25e46b1d\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: icedtea-web\n\nCVE-2012-3422\nThe getFirstInTableInstance function in the IcedTea-Web plugin before\n1.2.1 returns an uninitialized pointer when the instance_to_id_map\nhash is empty, which allows remote attackers to cause a denial of\nservice (crash) and possibly execute arbitrary code via a crafted web\npage, which causes an uninitialized memory location to be read.\nCVE-2012-3423\nThe IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant\nNPStrings without NUL terminators, which allows remote attackers to\ncause a denial of service (crash), obtain sensitive information from\nmemory, or execute arbitrary code via a crafted Java applet.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-July/019580.html\nhttp://www.vuxml.org/freebsd/55b498e2-e56c-11e1-bbd5-001c25e46b1d.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(71848);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2012-3422\", \"CVE-2012-3423\");\n script_version(\"$Revision: 5940 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-12 11:02:05 +0200 (Wed, 12 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 11:34:18 -0400 (Thu, 30 Aug 2012)\");\n script_name(\"FreeBSD Ports: icedtea-web\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\nvuln = 0;\ntxt = \"\";\nbver = portver(pkg:\"icedtea-web\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.2.1\")<0) {\n txt += \"Package icedtea-web version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt ));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-01-31T18:41:21", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-12-13T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for icedtea-web (openSUSE-SU-2012:0981-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3422", "CVE-2012-3423"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850308", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850308", "sourceData": "# Copyright (C) 2012 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850308\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-12-13 17:01:37 +0530 (Thu, 13 Dec 2012)\");\n script_cve_id(\"CVE-2012-3422\", \"CVE-2012-3423\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"openSUSE-SU\", value:\"2012:0981-1\");\n script_name(\"openSUSE: Security Advisory for icedtea-web (openSUSE-SU-2012:0981-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'icedtea-web'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSE11\\.4|openSUSE12\\.1)\");\n\n script_tag(name:\"affected\", value:\"icedtea-web on openSUSE 12.1, openSUSE 11.4\");\n\n script_tag(name:\"insight\", value:\"- update to 1.2.1 (bnc#773458)\n\n - Security Updates\n\n * CVE-2012-3422, RH840592: Potential read from an\n uninitialized memory location\n\n * CVE-2012-3423, RH841345: Incorrect handling of not\n 0-terminated strings\n\n - NetX\n\n * PR898: signed applications with big jnlp-file doesn't\n start (webstart affect like 'frozen')\n\n * PR811: javaws is not handling urls with spaces (and\n other characters needing encoding) correctly\n\n * 816592: icedtea-web not loading GeoGebra java applets\n in Firefox or Chrome\n\n - Plugin\n\n * PR863: Error passing strings to applet methods in\n Chromium\n\n * PR895: IcedTea-Web searches for missing classes on each\n loadClass or findClass\n\n * PR518: NPString.utf8characters not guaranteed to be\n nul-terminated\n\n - Common\n\n * RH838417: Disambiguate signed applet security prompt\n from certificate warning\n\n * RH838559: Disambiguate signed applet security prompt\n from certificate warning\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE11.4\") {\n if(!isnull(res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.2.1~0.13.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"icedtea-web-debuginfo\", rpm:\"icedtea-web-debuginfo~1.2.1~0.13.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"icedtea-web-debugsource\", rpm:\"icedtea-web-debugsource~1.2.1~0.13.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"icedtea-web-javadoc\", rpm:\"icedtea-web-javadoc~1.2.1~0.13.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSE12.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.2.1~6.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"icedtea-web-debuginfo\", rpm:\"icedtea-web-debuginfo~1.2.1~6.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"icedtea-web-debugsource\", rpm:\"icedtea-web-debugsource~1.2.1~6.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"icedtea-web-javadoc\", rpm:\"icedtea-web-javadoc~1.2.1~6.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-06T13:07:31", "description": "Check for the Version of icedtea-web", "cvss3": {}, "published": "2012-08-03T00:00:00", "type": "openvas", "title": "RedHat Update for icedtea-web RHSA-2012:1132-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3422", "CVE-2012-3423"], "modified": "2018-01-04T00:00:00", "id": "OPENVAS:870802", "href": "http://plugins.openvas.org/nasl.php?oid=870802", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for icedtea-web RHSA-2012:1132-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The IcedTea-Web project provides a Java web browser plug-in and an\n implementation of Java Web Start, which is based on the Netx project. It\n also contains a configuration tool for managing deployment settings for the\n plug-in and Web Start implementations.\n\n An uninitialized pointer use flaw was found in the IcedTea-Web plug-in.\n Visiting a malicious web page could possibly cause a web browser using the\n IcedTea-Web plug-in to crash, disclose a portion of its memory, or execute\n arbitrary code. (CVE-2012-3422)\n\n It was discovered that the IcedTea-Web plug-in incorrectly assumed all\n strings received from the browser were NUL terminated. When using the\n plug-in with a web browser that does not NUL terminate strings, visiting a\n web page containing a Java applet could possibly cause the browser to\n crash, disclose a portion of its memory, or execute arbitrary code.\n (CVE-2012-3423)\n\n This erratum also upgrades IcedTea-Web to version 1.2.1. Refer to the NEWS\n file, linked to in the References, for further information.\n\n All IcedTea-Web users should upgrade to these updated packages, which\n resolve these issues. Web browsers using the IcedTea-Web browser plug-in\n must be restarted for this update to take effect.\";\n\ntag_affected = \"icedtea-web on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-July/msg00033.html\");\n script_id(870802);\n script_version(\"$Revision: 8285 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 07:29:16 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 11:15:59 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-3422\", \"CVE-2012-3423\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2012:1132-01\");\n script_name(\"RedHat Update for icedtea-web RHSA-2012:1132-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of icedtea-web\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.2.1~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"icedtea-web-debuginfo\", rpm:\"icedtea-web-debuginfo~1.2.1~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:58:08", "description": "Check for the Version of update", "cvss3": {}, "published": "2012-12-13T00:00:00", "type": "openvas", "title": "SuSE Update for update openSUSE-SU-2012:0982-1 (update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3422", "CVE-2012-3423"], "modified": "2017-12-27T00:00:00", "id": "OPENVAS:850309", "href": "http://plugins.openvas.org/nasl.php?oid=850309", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2012_0982_1.nasl 8249 2017-12-27 06:29:56Z teissa $\n#\n# SuSE Update for update openSUSE-SU-2012:0982-1 (update)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"update on openSUSE 12.1, openSUSE 11.4\";\ntag_insight = \"This update of icedtea-web fixed multiple hewap buffer\n overflows.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850309);\n script_version(\"$Revision: 8249 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 07:29:56 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-13 17:01:46 +0530 (Thu, 13 Dec 2012)\");\n script_cve_id(\"CVE-2012-3422\", \"CVE-2012-3423\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"openSUSE-SU\", value: \"2012:0982_1\");\n script_name(\"SuSE Update for update openSUSE-SU-2012:0982-1 (update)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of update\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.4\")\n{\n\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.2.1~0.17.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"icedtea-web-debuginfo\", rpm:\"icedtea-web-debuginfo~1.2.1~0.17.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"icedtea-web-debugsource\", rpm:\"icedtea-web-debugsource~1.2.1~0.17.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"icedtea-web-javadoc\", rpm:\"icedtea-web-javadoc~1.2.1~0.17.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE12.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.2.1~10.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"icedtea-web-debuginfo\", rpm:\"icedtea-web-debuginfo~1.2.1~10.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"icedtea-web-debugsource\", rpm:\"icedtea-web-debugsource~1.2.1~10.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"icedtea-web-javadoc\", rpm:\"icedtea-web-javadoc~1.2.1~10.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:57:05", "description": "Check for the Version of icedtea-web", "cvss3": {}, "published": "2012-09-22T00:00:00", "type": "openvas", "title": "Fedora Update for icedtea-web FEDORA-2012-14340", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3422", "CVE-2012-3423"], "modified": "2018-01-01T00:00:00", "id": "OPENVAS:864706", "href": "http://plugins.openvas.org/nasl.php?oid=864706", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for icedtea-web FEDORA-2012-14340\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"icedtea-web on Fedora 16\";\ntag_insight = \"The IcedTea-Web project provides a Java web browser plugin, an implementation\n of Java Web Start (originally based on the Netx project) and a settings tool to\n manage deployment settings for the aforementioned plugin and Web Start\n implementations.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087635.html\");\n script_id(864706);\n script_version(\"$Revision: 8265 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 07:29:23 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-22 11:54:40 +0530 (Sat, 22 Sep 2012)\");\n script_cve_id(\"CVE-2012-3422\", \"CVE-2012-3423\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-14340\");\n script_name(\"Fedora Update for icedtea-web FEDORA-2012-14340\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of icedtea-web\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.3~2.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:19:53", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1521-1", "cvss3": {}, "published": "2012-08-03T00:00:00", "type": "openvas", "title": "Ubuntu Update for icedtea-web USN-1521-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3422", "CVE-2012-3423"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:841098", "href": "http://plugins.openvas.org/nasl.php?oid=841098", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1521_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for icedtea-web USN-1521-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Chamal De Silva discovered that the IcedTea-Web Java web browser\n plugin could dereference an uninitialized pointer. A remote attacker\n could use this to craft a malicious web page that could cause a\n denial of service by crashing the web browser or possibly execute\n arbitrary code. (CVE-2012-3422)\n\n Steven Bergom and others discovered that the IcedTea-Web Java web\n browser plugin assumed that all strings provided by browsers are NULL\n terminated, which is not guaranteed by the NPAPI (Netscape Plugin\n Application Programming Interface). A remote attacker could use this\n to craft a malicious Java applet that could cause a denial of service\n by crashing the web browser, expose sensitive information or possibly\n execute arbitrary code. (CVE-2012-3423)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1521-1\";\ntag_affected = \"icedtea-web on Ubuntu 12.04 LTS ,\n Ubuntu 11.10 ,\n Ubuntu 11.04 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1521-1/\");\n script_id(841098);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 11:17:43 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-3422\", \"CVE-2012-3423\");\n script_xref(name: \"USN\", value: \"1521-1\");\n script_name(\"Ubuntu Update for icedtea-web USN-1521-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-plugin\", ver:\"1.2-2ubuntu0.10.04.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-plugin\", ver:\"1.2-2ubuntu1.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-7-plugin\", ver:\"1.2-2ubuntu1.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-plugin\", ver:\"1.2-2ubuntu0.11.10.2\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-plugin\", ver:\"1.2-2ubuntu0.11.04.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:54", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-03T00:00:00", "type": "openvas", "title": "RedHat Update for icedtea-web RHSA-2012:1132-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3422", "CVE-2012-3423"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870802", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870802", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for icedtea-web RHSA-2012:1132-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-July/msg00033.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870802\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 11:15:59 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-3422\", \"CVE-2012-3423\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"RHSA\", value:\"2012:1132-01\");\n script_name(\"RedHat Update for icedtea-web RHSA-2012:1132-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'icedtea-web'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"icedtea-web on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The IcedTea-Web project provides a Java web browser plug-in and an\n implementation of Java Web Start, which is based on the Netx project. It\n also contains a configuration tool for managing deployment settings for the\n plug-in and Web Start implementations.\n\n An uninitialized pointer use flaw was found in the IcedTea-Web plug-in.\n Visiting a malicious web page could possibly cause a web browser using the\n IcedTea-Web plug-in to crash, disclose a portion of its memory, or execute\n arbitrary code. (CVE-2012-3422)\n\n It was discovered that the IcedTea-Web plug-in incorrectly assumed all\n strings received from the browser were NUL terminated. When using the\n plug-in with a web browser that does not NUL terminate strings, visiting a\n web page containing a Java applet could possibly cause the browser to\n crash, disclose a portion of its memory, or execute arbitrary code.\n (CVE-2012-3423)\n\n This erratum also upgrades IcedTea-Web to version 1.2.1. Refer to the NEWS\n file, linked to in the References, for further information.\n\n All IcedTea-Web users should upgrade to these updated packages, which\n resolve these issues. Web browsers using the IcedTea-Web browser plug-in\n must be restarted for this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.2.1~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"icedtea-web-debuginfo\", rpm:\"icedtea-web-debuginfo~1.2.1~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-09-22T00:00:00", "type": "openvas", "title": "Fedora Update for icedtea-web FEDORA-2012-14340", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3422", "CVE-2012-3423"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864706", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864706", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for icedtea-web FEDORA-2012-14340\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087635.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864706\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-22 11:54:40 +0530 (Sat, 22 Sep 2012)\");\n script_cve_id(\"CVE-2012-3422\", \"CVE-2012-3423\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-14340\");\n script_name(\"Fedora Update for icedtea-web FEDORA-2012-14340\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'icedtea-web'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"icedtea-web on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.3~2.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-06T13:07:59", "description": "Check for the Version of icedtea-web", "cvss3": {}, "published": "2012-08-03T00:00:00", "type": "openvas", "title": "CentOS Update for icedtea-web CESA-2012:1132 centos6 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3422", "CVE-2012-3423"], "modified": "2018-01-05T00:00:00", "id": "OPENVAS:881466", "href": "http://plugins.openvas.org/nasl.php?oid=881466", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for icedtea-web CESA-2012:1132 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The IcedTea-Web project provides a Java web browser plug-in and an\n implementation of Java Web Start, which is based on the Netx project. It\n also contains a configuration tool for managing deployment settings for the\n plug-in and Web Start implementations.\n\n An uninitialized pointer use flaw was found in the IcedTea-Web plug-in.\n Visiting a malicious web page could possibly cause a web browser using the\n IcedTea-Web plug-in to crash, disclose a portion of its memory, or execute\n arbitrary code. (CVE-2012-3422)\n \n It was discovered that the IcedTea-Web plug-in incorrectly assumed all\n strings received from the browser were NUL terminated. When using the\n plug-in with a web browser that does not NUL terminate strings, visiting a\n web page containing a Java applet could possibly cause the browser to\n crash, disclose a portion of its memory, or execute arbitrary code.\n (CVE-2012-3423)\n \n Red Hat would like to thank Chamal De Silva for reporting the CVE-2012-3422\n issue.\n \n This erratum also upgrades IcedTea-Web to version 1.2.1. Refer to the NEWS\n file, linked to in the References, for further information.\n \n All IcedTea-Web users should upgrade to these updated packages, which\n resolve these issues. Web browsers using the IcedTea-Web browser plug-in\n must be restarted for this update to take effect.\";\n\ntag_affected = \"icedtea-web on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-July/018778.html\");\n script_id(881466);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 11:17:19 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-3422\", \"CVE-2012-3423\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2012:1132\");\n script_name(\"CentOS Update for icedtea-web CESA-2012:1132 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of icedtea-web\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.2.1~1.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"icedtea-web-javadoc\", rpm:\"icedtea-web-javadoc~1.2.1~1.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:37", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1521-1", "cvss3": {}, "published": "2012-08-03T00:00:00", "type": "openvas", "title": "Ubuntu Update for icedtea-web USN-1521-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3422", "CVE-2012-3423"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310841098", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841098", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1521_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for icedtea-web USN-1521-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1521-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841098\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 11:17:43 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-3422\", \"CVE-2012-3423\");\n script_xref(name:\"USN\", value:\"1521-1\");\n script_name(\"Ubuntu Update for icedtea-web USN-1521-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.04 LTS|12\\.04 LTS|11\\.10|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1521-1\");\n script_tag(name:\"affected\", value:\"icedtea-web on Ubuntu 12.04 LTS,\n Ubuntu 11.10,\n Ubuntu 11.04,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Chamal De Silva discovered that the IcedTea-Web Java web browser\n plugin could dereference an uninitialized pointer. A remote attacker\n could use this to craft a malicious web page that could cause a\n denial of service by crashing the web browser or possibly execute\n arbitrary code. (CVE-2012-3422)\n\n Steven Bergom and others discovered that the IcedTea-Web Java web\n browser plugin assumed that all strings provided by browsers are NULL\n terminated, which is not guaranteed by the NPAPI (Netscape Plugin\n Application Programming Interface). A remote attacker could use this\n to craft a malicious Java applet that could cause a denial of service\n by crashing the web browser, expose sensitive information or possibly\n execute arbitrary code. (CVE-2012-3423)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-plugin\", ver:\"1.2-2ubuntu0.10.04.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-plugin\", ver:\"1.2-2ubuntu1.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-7-plugin\", ver:\"1.2-2ubuntu1.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-plugin\", ver:\"1.2-2ubuntu0.11.10.2\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-plugin\", ver:\"1.2-2ubuntu0.11.04.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:01", "description": "Oracle Linux Local Security Checks ELSA-2012-1132", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-1132", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3422", "CVE-2012-3423"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123853", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123853", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-1132.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123853\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:09:26 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-1132\");\n script_tag(name:\"insight\", value:\"ELSA-2012-1132 - icedtea-web security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-1132\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-1132.html\");\n script_cve_id(\"CVE-2012-3422\", \"CVE-2012-3423\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.2.1~1.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"icedtea-web-javadoc\", rpm:\"icedtea-web-javadoc~1.2.1~1.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-02T10:58:30", "description": "Check for the Version of icedtea-web", "cvss3": {}, "published": "2012-08-03T00:00:00", "type": "openvas", "title": "Mandriva Update for icedtea-web MDVSA-2012:122 (icedtea-web)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3422", "CVE-2012-3423"], "modified": "2017-12-29T00:00:00", "id": "OPENVAS:831710", "href": "http://plugins.openvas.org/nasl.php?oid=831710", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for icedtea-web MDVSA-2012:122 (icedtea-web)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been discovered and corrected in\n icedtea-web:\n\n An uninitialized pointer use flaw was found in IcedTea-Web web\n browser plugin. A malicious web page could use this flaw make\n IcedTea-Web browser plugin pass invalid pointer to a web browser.\n Depending on the browser used, it may cause the browser to crash or\n possibly execute arbitrary code (CVE-2012-3422).\n \n It was discovered that the IcedTea-Web web browser plugin incorrectly\n assumed that all strings provided by browser are NUL terminated,\n which is not guaranteed by the NPAPI (Netscape Plugin Application\n Programming Interface). When used in a browser that does not NUL\n terminate NPVariant NPStrings, this could lead to buffer over-read\n or over-write, resulting in possible information leak, crash, or code\n execution (CVE-2012-3423).\n \n The updated packages have been upgraded to the 1.1.6 version which\n is not affected by these issues.\";\n\ntag_affected = \"icedtea-web on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:122\");\n script_id(831710);\n script_version(\"$Revision: 8257 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 11:19:16 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-3422\", \"CVE-2012-3423\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2012:122\");\n script_name(\"Mandriva Update for icedtea-web MDVSA-2012:122 (icedtea-web)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of icedtea-web\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.1.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"icedtea-web-javadoc\", rpm:\"icedtea-web-javadoc~1.1.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.1.6~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"icedtea-web-javadoc\", rpm:\"icedtea-web-javadoc~1.1.6~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:48", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-03T00:00:00", "type": "openvas", "title": "CentOS Update for icedtea-web CESA-2012:1132 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3422", "CVE-2012-3423"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881466", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881466", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for icedtea-web CESA-2012:1132 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-July/018778.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881466\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 11:17:19 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-3422\", \"CVE-2012-3423\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2012:1132\");\n script_name(\"CentOS Update for icedtea-web CESA-2012:1132 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'icedtea-web'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"icedtea-web on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The IcedTea-Web project provides a Java web browser plug-in and an\n implementation of Java Web Start, which is based on the Netx project. It\n also contains a configuration tool for managing deployment settings for the\n plug-in and Web Start implementations.\n\n An uninitialized pointer use flaw was found in the IcedTea-Web plug-in.\n Visiting a malicious web page could possibly cause a web browser using the\n IcedTea-Web plug-in to crash, disclose a portion of its memory, or execute\n arbitrary code. (CVE-2012-3422)\n\n It was discovered that the IcedTea-Web plug-in incorrectly assumed all\n strings received from the browser were NUL terminated. When using the\n plug-in with a web browser that does not NUL terminate strings, visiting a\n web page containing a Java applet could possibly cause the browser to\n crash, disclose a portion of its memory, or execute arbitrary code.\n (CVE-2012-3423)\n\n Red Hat would like to thank Chamal De Silva for reporting the CVE-2012-3422\n issue.\n\n This erratum also upgrades IcedTea-Web to version 1.2.1. Refer to the NEWS\n file, linked to in the References, for further information.\n\n All IcedTea-Web users should upgrade to these updated packages, which\n resolve these issues. Web browsers using the IcedTea-Web browser plug-in\n must be restarted for this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.2.1~1.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"icedtea-web-javadoc\", rpm:\"icedtea-web-javadoc~1.2.1~1.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-18T11:08:39", "description": "Check for the Version of icedtea-web", "cvss3": {}, "published": "2013-04-19T00:00:00", "type": "openvas", "title": "Ubuntu Update for icedtea-web USN-1804-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1926", "CVE-2013-1927"], "modified": "2018-01-17T00:00:00", "id": "OPENVAS:841401", "href": "http://plugins.openvas.org/nasl.php?oid=841401", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1804_1.nasl 8448 2018-01-17 16:18:06Z teissa $\n#\n# Ubuntu Update for icedtea-web USN-1804-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Jiri Vanek discovered that IcedTea-Web would use the same classloader for\n applets from different domains. A remote attacker could exploit this to\n expose sensitive information or potentially manipulate applets from other\n domains. (CVE-2013-1926)\n\n It was discovered that IcedTea-Web did not properly verify JAR files and\n was susceptible to the GIFAR attack. If a user were tricked into opening a\n malicious website, a remote attacker could potentially exploit this to\n execute code under certain circumstances. (CVE-2013-1927)\";\n\n\ntag_affected = \"icedtea-web on Ubuntu 12.10 ,\n Ubuntu 12.04 LTS ,\n Ubuntu 11.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(841401);\n script_version(\"$Revision: 8448 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:18:06 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-19 10:09:01 +0530 (Fri, 19 Apr 2013)\");\n script_cve_id(\"CVE-2013-1926\", \"CVE-2013-1927\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Ubuntu Update for icedtea-web USN-1804-1\");\n\n script_xref(name: \"USN\", value: \"1804-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1804-1/\");\n script_tag(name: \"summary\" , value: \"Check for the Version of icedtea-web\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-netx\", ver:\"1.2.3-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-netx\", ver:\"1.2.3-0ubuntu0.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-netx\", ver:\"1.2.3-0ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-netx\", ver:\"1.3.2-1ubuntu0.12.10.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-04-19T00:00:00", "type": "openvas", "title": "RedHat Update for icedtea-web RHSA-2013:0753-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1926", "CVE-2013-1927"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870984", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870984", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for icedtea-web RHSA-2013:0753-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.870984\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-19 09:57:28 +0530 (Fri, 19 Apr 2013)\");\n script_cve_id(\"CVE-2013-1926\", \"CVE-2013-1927\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Update for icedtea-web RHSA-2013:0753-01\");\n\n script_xref(name:\"RHSA\", value:\"2013:0753-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2013-April/msg00027.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'icedtea-web'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"icedtea-web on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The IcedTea-Web project provides a Java web browser plug-in and an\n implementation of Java Web Start, which is based on the Netx project. It\n also contains a configuration tool for managing deployment settings for the\n plug-in and Web Start implementations.\n\n It was discovered that the IcedTea-Web plug-in incorrectly used the same\n class loader instance for applets with the same value of the codebase\n attribute, even when they originated from different domains. A malicious\n applet could use this flaw to gain information about and possibly\n manipulate applets from different domains currently running in the browser.\n (CVE-2013-1926)\n\n The IcedTea-Web plug-in did not properly check the format of the downloaded\n Java Archive (JAR) files. This could cause the plug-in to execute code\n hidden in a file in a different format, possibly allowing attackers to\n execute code in the context of web sites that allow uploads of specific\n file types, known as a GIFAR attack. (CVE-2013-1927)\n\n The CVE-2013-1926 issue was discovered by Jiri Vanek of the Red Hat OpenJDK\n Team, and CVE-2013-1927 was discovered by the Red Hat Security Response\n Team.\n\n This erratum also upgrades IcedTea-Web to version 1.2.3. Refer to the NEWS\n file, linked to in the References, for further information.\n\n All IcedTea-Web users should upgrade to these updated packages, which\n resolve these issues. Web browsers using the IcedTea-Web browser plug-in\n must be restarted for this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.2.3~2.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"icedtea-web-debuginfo\", rpm:\"icedtea-web-debuginfo~1.2.3~2.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:28", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-04-19T00:00:00", "type": "openvas", "title": "Ubuntu Update for icedtea-web USN-1804-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1926", "CVE-2013-1927"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310841401", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841401", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1804_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for icedtea-web USN-1804-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841401\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-19 10:09:01 +0530 (Fri, 19 Apr 2013)\");\n script_cve_id(\"CVE-2013-1926\", \"CVE-2013-1927\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Ubuntu Update for icedtea-web USN-1804-1\");\n\n script_xref(name:\"USN\", value:\"1804-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1804-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'icedtea-web'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(12\\.04 LTS|11\\.10|10\\.04 LTS|12\\.10)\");\n script_tag(name:\"affected\", value:\"icedtea-web on Ubuntu 12.10,\n Ubuntu 12.04 LTS,\n Ubuntu 11.10,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Jiri Vanek discovered that IcedTea-Web would use the same classloader for\n applets from different domains. A remote attacker could exploit this to\n expose sensitive information or potentially manipulate applets from other\n domains. (CVE-2013-1926)\n\n It was discovered that IcedTea-Web did not properly verify JAR files and\n was susceptible to the GIFAR attack. If a user were tricked into opening a\n malicious website, a remote attacker could potentially exploit this to\n execute code under certain circumstances. (CVE-2013-1927)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-netx\", ver:\"1.2.3-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-netx\", ver:\"1.2.3-0ubuntu0.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-netx\", ver:\"1.2.3-0ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-netx\", ver:\"1.3.2-1ubuntu0.12.10.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:51", "description": "Oracle Linux Local Security Checks ELSA-2013-0753", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2013-0753", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1926", "CVE-2013-1927"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123640", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123640", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2013-0753.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123640\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:06:39 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-0753\");\n script_tag(name:\"insight\", value:\"ELSA-2013-0753 - icedtea-web security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-0753\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-0753.html\");\n script_cve_id(\"CVE-2013-1926\", \"CVE-2013-1927\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.2.3~2.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"icedtea-web-javadoc\", rpm:\"icedtea-web-javadoc~1.2.3~2.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:51:48", "description": "Check for the Version of icedtea-web", "cvss3": {}, "published": "2013-04-19T00:00:00", "type": "openvas", "title": "Fedora Update for icedtea-web FEDORA-2013-5962", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1926", "CVE-2013-1927"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:865567", "href": "http://plugins.openvas.org/nasl.php?oid=865567", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for icedtea-web FEDORA-2013-5962\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"icedtea-web on Fedora 18\";\ntag_insight = \"The IcedTea-Web project provides a Java web browser plugin, an implementation\n of Java Web Start (originally based on the Netx project) and a settings tool to\n manage deployment settings for the aforementioned plugin and Web Start\n implementations.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(865567);\n script_version(\"$Revision: 6628 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:32:47 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-19 09:48:41 +0530 (Fri, 19 Apr 2013)\");\n script_cve_id(\"CVE-2013-1927\", \"CVE-2013-1926\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for icedtea-web FEDORA-2013-5962\");\n\n script_xref(name: \"FEDORA\", value: \"2013-5962\");\n script_xref(name: \"URL\" , value: \"http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102069.html\");\n script_summary(\"Check for the Version of icedtea-web\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.3.2~0.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:03", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-04-25T00:00:00", "type": "openvas", "title": "Ubuntu Update for icedtea-web USN-1804-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1926", "CVE-2013-1927"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310841407", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841407", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1804_2.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for icedtea-web USN-1804-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_tag(name:\"affected\", value:\"icedtea-web on Ubuntu 12.04 LTS,\n Ubuntu 11.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"USN-1804-1 fixed vulnerabilities in IcedTea-Web. This update introduced\n a regression with the Java Network Launching Protocol (JNLP) when fetching\n content over SSL under certain configurations, such as when using the\n community-supported IcedTead 7 browser plugin. This update fixes the\n problem.\n\n We apologize for the inconvenience.\n\n Original advisory details:\n\n Jiri Vanek discovered that IcedTea-Web would use the same classloader for\n applets from different domains. A remote attacker could exploit this to\n expose sensitive information or potentially manipulate applets from other\n domains. (CVE-2013-1926)\n\n It was discovered that IcedTea-Web did not properly verify JAR files and\n was susceptible to the GIFAR attack. If a user were tricked into opening a\n malicious website, a remote attacker could potentially exploit this to\n execute code under certain circumstances. (CVE-2013-1927)\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841407\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-25 10:49:59 +0530 (Thu, 25 Apr 2013)\");\n script_cve_id(\"CVE-2013-1926\", \"CVE-2013-1927\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_name(\"Ubuntu Update for icedtea-web USN-1804-2\");\n\n script_xref(name:\"USN\", value:\"1804-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1804-2/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'icedtea-web'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(12\\.04 LTS|11\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-7-plugin\", ver:\"1.2.3-0ubuntu0.12.04.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-netx\", ver:\"1.2.3-0ubuntu0.12.04.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-netx\", ver:\"1.2.3-0ubuntu0.11.10.2\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-26T11:10:27", "description": "Check for the Version of icedtea-web", "cvss3": {}, "published": "2013-04-19T00:00:00", "type": "openvas", "title": "RedHat Update for icedtea-web RHSA-2013:0753-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1926", "CVE-2013-1927"], "modified": "2018-01-26T00:00:00", "id": "OPENVAS:870984", "href": "http://plugins.openvas.org/nasl.php?oid=870984", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for icedtea-web RHSA-2013:0753-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The IcedTea-Web project provides a Java web browser plug-in and an\n implementation of Java Web Start, which is based on the Netx project. It\n also contains a configuration tool for managing deployment settings for the\n plug-in and Web Start implementations.\n\n It was discovered that the IcedTea-Web plug-in incorrectly used the same\n class loader instance for applets with the same value of the codebase\n attribute, even when they originated from different domains. A malicious\n applet could use this flaw to gain information about and possibly\n manipulate applets from different domains currently running in the browser.\n (CVE-2013-1926)\n\n The IcedTea-Web plug-in did not properly check the format of the downloaded\n Java Archive (JAR) files. This could cause the plug-in to execute code\n hidden in a file in a different format, possibly allowing attackers to\n execute code in the context of web sites that allow uploads of specific\n file types, known as a GIFAR attack. (CVE-2013-1927)\n\n The CVE-2013-1926 issue was discovered by Jiri Vanek of the Red Hat OpenJDK\n Team, and CVE-2013-1927 was discovered by the Red Hat Security Response\n Team.\n\n This erratum also upgrades IcedTea-Web to version 1.2.3. Refer to the NEWS\n file, linked to in the References, for further information.\n\n All IcedTea-Web users should upgrade to these updated packages, which\n resolve these issues. Web browsers using the IcedTea-Web browser plug-in\n must be restarted for this update to take effect.\";\n\n\ntag_affected = \"icedtea-web on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(870984);\n script_version(\"$Revision: 8542 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-26 07:57:28 +0100 (Fri, 26 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-19 09:57:28 +0530 (Fri, 19 Apr 2013)\");\n script_cve_id(\"CVE-2013-1926\", \"CVE-2013-1927\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Update for icedtea-web RHSA-2013:0753-01\");\n\n script_xref(name: \"RHSA\", value: \"2013:0753-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2013-April/msg00027.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of icedtea-web\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.2.3~2.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"icedtea-web-debuginfo\", rpm:\"icedtea-web-debuginfo~1.2.3~2.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-02-06T13:09:49", "description": "Check for the Version of icedtea-web", "cvss3": {}, "published": "2013-04-25T00:00:00", "type": "openvas", "title": "Ubuntu Update for icedtea-web USN-1804-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1926", "CVE-2013-1927"], "modified": "2018-02-05T00:00:00", "id": "OPENVAS:841407", "href": "http://plugins.openvas.org/nasl.php?oid=841407", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1804_2.nasl 8672 2018-02-05 16:39:18Z teissa $\n#\n# Ubuntu Update for icedtea-web USN-1804-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"USN-1804-1 fixed vulnerabilities in IcedTea-Web. This update introduced\n a regression with the Java Network Launching Protocol (JNLP) when fetching\n content over SSL under certain configurations, such as when using the\n community-supported IcedTead 7 browser plugin. This update fixes the\n problem.\n\n We apologize for the inconvenience.\n\n Original advisory details:\n\n Jiri Vanek discovered that IcedTea-Web would use the same classloader for\n applets from different domains. A remote attacker could exploit this to\n expose sensitive information or potentially manipulate applets from other\n domains. (CVE-2013-1926)\n\n It was discovered that IcedTea-Web did not properly verify JAR files and\n was susceptible to the GIFAR attack. If a user were tricked into opening a\n malicious website, a remote attacker could potentially exploit this to\n execute code under certain circumstances. (CVE-2013-1927)\";\n\n\ntag_solution = \"Please Install the Updated Packages.\";\ntag_affected = \"icedtea-web on Ubuntu 12.04 LTS ,\n Ubuntu 11.10\";\n\n\nif(description)\n{\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_id(841407);\n script_version(\"$Revision: 8672 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-05 17:39:18 +0100 (Mon, 05 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-25 10:49:59 +0530 (Thu, 25 Apr 2013)\");\n script_cve_id(\"CVE-2013-1926\", \"CVE-2013-1927\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_name(\"Ubuntu Update for icedtea-web USN-1804-2\");\n\n script_xref(name: \"USN\", value: \"1804-2\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1804-2/\");\n script_tag(name: \"summary\" , value: \"Check for the Version of icedtea-web\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-7-plugin\", ver:\"1.2.3-0ubuntu0.12.04.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-netx\", ver:\"1.2.3-0ubuntu0.12.04.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-netx\", ver:\"1.2.3-0ubuntu0.11.10.2\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-04-19T00:00:00", "type": "openvas", "title": "Fedora Update for icedtea-web FEDORA-2013-5962", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1926", "CVE-2013-1927"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310865567", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865567", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for icedtea-web FEDORA-2013-5962\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.865567\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-19 09:48:41 +0530 (Fri, 19 Apr 2013)\");\n script_cve_id(\"CVE-2013-1927\", \"CVE-2013-1926\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for icedtea-web FEDORA-2013-5962\");\n script_xref(name:\"FEDORA\", value:\"2013-5962\");\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102069.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'icedtea-web'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n script_tag(name:\"affected\", value:\"icedtea-web on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.3.2~0.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:10", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-04-19T00:00:00", "type": "openvas", "title": "CentOS Update for icedtea-web CESA-2013:0753 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1926", "CVE-2013-1927"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881713", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881713", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for icedtea-web CESA-2013:0753 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881713\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-19 10:03:35 +0530 (Fri, 19 Apr 2013)\");\n script_cve_id(\"CVE-2013-1926\", \"CVE-2013-1927\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Update for icedtea-web CESA-2013:0753 centos6\");\n\n script_xref(name:\"CESA\", value:\"2013:0753\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2013-April/019694.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'icedtea-web'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"icedtea-web on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The IcedTea-Web project provides a Java web browser plug-in and an\n implementation of Java Web Start, which is based on the Netx project. It\n also contains a configuration tool for managing deployment settings for the\n plug-in and Web Start implementations.\n\n It was discovered that the IcedTea-Web plug-in incorrectly used the same\n class loader instance for applets with the same value of the codebase\n attribute, even when they originated from different domains. A malicious\n applet could use this flaw to gain information about and possibly\n manipulate applets from different domains currently running in the browser.\n (CVE-2013-1926)\n\n The IcedTea-Web plug-in did not properly check the format of the downloaded\n Java Archive (JAR) files. This could cause the plug-in to execute code\n hidden in a file in a different format, possibly allowing attackers to\n execute code in the context of web sites that allow uploads of specific\n file types, known as a GIFAR attack. (CVE-2013-1927)\n\n The CVE-2013-1926 issue was discovered by Jiri Vanek of the Red Hat OpenJDK\n Team, and CVE-2013-1927 was discovered by the Red Hat Security Response\n Team.\n\n This erratum also upgrades IcedTea-Web to version 1.2.3. Refer to the NEWS\n file, linked to in the References, for further information.\n\n All IcedTea-Web users should upgrade to these updated packages, which\n resolve these issues. Web browsers using the IcedTea-Web browser plug-in\n must be restarted for this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.2.3~2.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"icedtea-web-javadoc\", rpm:\"icedtea-web-javadoc~1.2.3~2.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-26T11:10:23", "description": "Check for the Version of icedtea-web", "cvss3": {}, "published": "2013-04-19T00:00:00", "type": "openvas", "title": "CentOS Update for icedtea-web CESA-2013:0753 centos6 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1926", "CVE-2013-1927"], "modified": "2018-01-25T00:00:00", "id": "OPENVAS:881713", "href": "http://plugins.openvas.org/nasl.php?oid=881713", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for icedtea-web CESA-2013:0753 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The IcedTea-Web project provides a Java web browser plug-in and an\n implementation of Java Web Start, which is based on the Netx project. It\n also contains a configuration tool for managing deployment settings for the\n plug-in and Web Start implementations.\n\n It was discovered that the IcedTea-Web plug-in incorrectly used the same\n class loader instance for applets with the same value of the codebase\n attribute, even when they originated from different domains. A malicious\n applet could use this flaw to gain information about and possibly\n manipulate applets from different domains currently running in the browser.\n (CVE-2013-1926)\n\n The IcedTea-Web plug-in did not properly check the format of the downloaded\n Java Archive (JAR) files. This could cause the plug-in to execute code\n hidden in a file in a different format, possibly allowing attackers to\n execute code in the context of web sites that allow uploads of specific\n file types, known as a GIFAR attack. (CVE-2013-1927)\n\n The CVE-2013-1926 issue was discovered by Jiri Vanek of the Red Hat OpenJDK\n Team, and CVE-2013-1927 was discovered by the Red Hat Security Response\n Team.\n\n This erratum also upgrades IcedTea-Web to version 1.2.3. Refer to the NEWS\n file, linked to in the References, for further information.\n\n All IcedTea-Web users should upgrade to these updated packages, which\n resolve these issues. Web browsers using the IcedTea-Web browser plug-in\n must be restarted for this update to take effect.\";\n\n\ntag_affected = \"icedtea-web on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(881713);\n script_version(\"$Revision: 8526 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-25 07:57:37 +0100 (Thu, 25 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-19 10:03:35 +0530 (Fri, 19 Apr 2013)\");\n script_cve_id(\"CVE-2013-1926\", \"CVE-2013-1927\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Update for icedtea-web CESA-2013:0753 centos6 \");\n\n script_xref(name: \"CESA\", value: \"2013:0753\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2013-April/019694.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of icedtea-web\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.2.3~2.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"icedtea-web-javadoc\", rpm:\"icedtea-web-javadoc~1.2.3~2.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:11", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-11-15T00:00:00", "type": "openvas", "title": "Fedora Update for icedtea-web FEDORA-2012-17745", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-4540", "CVE-2012-3422", "CVE-2012-3423"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864864", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864864", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for icedtea-web FEDORA-2012-17745\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091936.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864864\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-15 11:39:22 +0530 (Thu, 15 Nov 2012)\");\n script_cve_id(\"CVE-2012-4540\", \"CVE-2012-3422\", \"CVE-2012-3423\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-17745\");\n script_name(\"Fedora Update for icedtea-web FEDORA-2012-17745\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'icedtea-web'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"icedtea-web on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.3.1~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-02T10:58:27", "description": "Check for the Version of icedtea-web", "cvss3": {}, "published": "2012-11-15T00:00:00", "type": "openvas", "title": "Fedora Update for icedtea-web FEDORA-2012-17745", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-4540", "CVE-2012-3422", "CVE-2012-3423"], "modified": "2017-12-29T00:00:00", "id": "OPENVAS:864864", "href": "http://plugins.openvas.org/nasl.php?oid=864864", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for icedtea-web FEDORA-2012-17745\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"icedtea-web on Fedora 16\";\ntag_insight = \"The IcedTea-Web project provides a Java web browser plugin, an implementation\n of Java Web Start (originally based on the Netx project) and a settings tool to\n manage deployment settings for the aforementioned plugin and Web Start\n implementations.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091936.html\");\n script_id(864864);\n script_version(\"$Revision: 8257 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-15 11:39:22 +0530 (Thu, 15 Nov 2012)\");\n script_cve_id(\"CVE-2012-4540\", \"CVE-2012-3422\", \"CVE-2012-3423\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-17745\");\n script_name(\"Fedora Update for icedtea-web FEDORA-2012-17745\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of icedtea-web\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.3.1~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:40", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-11-15T00:00:00", "type": "openvas", "title": "Fedora Update for icedtea-web FEDORA-2012-17762", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-4540", "CVE-2012-3422", "CVE-2012-3423"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864857", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864857", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for icedtea-web FEDORA-2012-17762\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091886.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864857\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-15 11:38:26 +0530 (Thu, 15 Nov 2012)\");\n script_cve_id(\"CVE-2012-4540\", \"CVE-2012-3422\", \"CVE-2012-3423\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-17762\");\n script_name(\"Fedora Update for icedtea-web FEDORA-2012-17762\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'icedtea-web'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"icedtea-web on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.3.1~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-08T12:58:44", "description": "Check for the Version of icedtea-web", "cvss3": {}, "published": "2012-11-15T00:00:00", "type": "openvas", "title": "Fedora Update for icedtea-web FEDORA-2012-17762", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-4540", "CVE-2012-3422", "CVE-2012-3423"], "modified": "2018-01-08T00:00:00", "id": "OPENVAS:864857", "href": "http://plugins.openvas.org/nasl.php?oid=864857", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for icedtea-web FEDORA-2012-17762\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"icedtea-web on Fedora 17\";\ntag_insight = \"The IcedTea-Web project provides a Java web browser plugin, an implementation\n of Java Web Start (originally based on the Netx project) and a settings tool to\n manage deployment settings for the aforementioned plugin and Web Start\n implementations.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091886.html\");\n script_id(864857);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-15 11:38:26 +0530 (Thu, 15 Nov 2012)\");\n script_cve_id(\"CVE-2012-4540\", \"CVE-2012-3422\", \"CVE-2012-3423\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-17762\");\n script_name(\"Fedora Update for icedtea-web FEDORA-2012-17762\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of icedtea-web\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.3.1~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:22", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-10-08T00:00:00", "type": "openvas", "title": "Fedora Update for icedtea-web FEDORA-2013-17016", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-4540", "CVE-2013-4349", "CVE-2013-1926", "CVE-2013-1927"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310866958", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866958", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for icedtea-web FEDORA-2013-17016\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866958\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-10-08 11:05:48 +0530 (Tue, 08 Oct 2013)\");\n script_cve_id(\"CVE-2012-4540\", \"CVE-2013-1927\", \"CVE-2013-1926\", \"CVE-2013-4349\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for icedtea-web FEDORA-2013-17016\");\n\n\n script_tag(name:\"affected\", value:\"icedtea-web on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-17016\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-October/117973.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'icedtea-web'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.4.1~0.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-19T15:08:41", "description": "Check for the Version of icedtea-web", "cvss3": {}, "published": "2013-10-08T00:00:00", "type": "openvas", "title": "Fedora Update for icedtea-web FEDORA-2013-17016", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-4540", "CVE-2013-4349", "CVE-2013-1926", "CVE-2013-1927"], "modified": "2018-01-19T00:00:00", "id": "OPENVAS:866958", "href": "http://plugins.openvas.org/nasl.php?oid=866958", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for icedtea-web FEDORA-2013-17016\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(866958);\n script_version(\"$Revision: 8466 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-19 07:58:30 +0100 (Fri, 19 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-10-08 11:05:48 +0530 (Tue, 08 Oct 2013)\");\n script_cve_id(\"CVE-2012-4540\", \"CVE-2013-1927\", \"CVE-2013-1926\", \"CVE-2013-4349\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for icedtea-web FEDORA-2013-17016\");\n\n tag_insight = \"The IcedTea-Web project provides a Java web browser plugin, an implementation\nof Java Web Start (originally based on the Netx project) and a settings tool to\nmanage deployment settings for the aforementioned plugin and Web Start\nimplementations.\n\";\n\n tag_affected = \"icedtea-web on Fedora 18\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-17016\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-October/117973.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of icedtea-web\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"icedtea-web\", rpm:\"icedtea-web~1.4.1~0.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:17", "description": "Gentoo Linux Local Security Checks GLSA 201406-32", "cvss3": {}, "published": "2015-09-29T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201406-32", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5089", "CVE-2013-0426", "CVE-2013-2431", "CVE-2010-3562", "CVE-2013-2420", "CVE-2011-0865", "CVE-2013-2384", "CVE-2013-2415", "CVE-2012-1711", "CVE-2014-2397", "CVE-2013-1571", "CVE-2013-5782", "CVE-2011-3557", "CVE-2013-2417", "CVE-2013-1500", "CVE-2013-2448", "CVE-2010-3557", "CVE-2011-3551", "CVE-2013-4002", "CVE-2013-0401", "CVE-2012-5074", "CVE-2012-5073", "CVE-2013-0427", "CVE-2012-1725", "CVE-2013-2424", "CVE-2014-0457", "CVE-2013-5850", "CVE-2013-2407", "CVE-2013-5778", "CVE-2013-1478", "CVE-2013-2456", "CVE-2010-3551", "CVE-2011-0868", "CVE-2013-0428", "CVE-2014-0446", "CVE-2013-2436", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-1485", "CVE-2013-0169", "CVE-2010-3553", "CVE-2012-1719", "CVE-2014-1876", "CVE-2014-0458", "CVE-2013-0429", "CVE-2014-2427", "CVE-2011-3563", "CVE-2013-1475", "CVE-2013-2421", "CVE-2013-1518", "CVE-2013-0435", "CVE-2012-5087", "CVE-2013-0809", "CVE-2013-0442", "CVE-2010-3566", "CVE-2013-2452", "CVE-2013-2451", "CVE-2013-5842", "CVE-2010-4448", "CVE-2013-0431", "CVE-2010-4465", "CVE-2012-5085", "CVE-2012-4540", "CVE-2011-0869", "CVE-2010-3565", "CVE-2012-5076", "CVE-2013-5830", "CVE-2013-2473", "CVE-2013-6954", "CVE-2012-4416", "CVE-2012-5075", "CVE-2014-0453", "CVE-2013-1488", "CVE-2012-0424", "CVE-2013-0434", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2011-3548", "CVE-2012-5081", "CVE-2011-3547", "CVE-2013-5817", "CVE-2010-4469", "CVE-2012-0503", "CVE-2011-3521", "CVE-2013-0443", "CVE-2011-5035", "CVE-2013-2419", "CVE-2014-0461", "CVE-2012-1723", "CVE-2013-2463", "CVE-2011-3571", "CVE-2010-3860", "CVE-2011-3389", "CVE-2013-2469", "CVE-2014-0459", "CVE-2014-0456", "CVE-2010-4450", "CVE-2012-1726", "CVE-2013-2465", "CVE-2013-1537", "CVE-2014-0429", "CVE-2013-5806", "CVE-2010-3574", "CVE-2011-3544", "CVE-2013-5805", "CVE-2011-3553", "CVE-2013-0444", "CVE-2012-0506", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-5825", "CVE-2012-1717", "CVE-2013-2423", "CVE-2010-3541", "CVE-2013-5823", "CVE-2011-3558", "CVE-2014-2403", "CVE-2012-1713", "CVE-2013-2461", "CVE-2012-1716", "CVE-2009-3555", "CVE-2013-2429", "CVE-2013-5849", "CVE-2014-2412", "CVE-2010-2548", "CVE-2012-5086", "CVE-2013-2471", "CVE-2012-0497", "CVE-2012-5077", "CVE-2013-1486", "CVE-2013-1476", "CVE-2010-4476", "CVE-2010-4472", "CVE-2013-5780", "CVE-2010-4471", "CVE-2014-2421", "CVE-2012-5069", "CVE-2012-3216", "CVE-2014-0460", "CVE-2011-0870", "CVE-2011-0815", "CVE-2013-0432", "CVE-2012-0505", "CVE-2012-5084", "CVE-2012-1718", "CVE-2010-2783", "CVE-2013-2458", "CVE-2011-3554", "CVE-2013-0424", "CVE-2013-2459", "CVE-2013-0450", "CVE-2012-5071", "CVE-2013-5814", "CVE-2010-3561", "CVE-2011-0025", "CVE-2012-0501", "CVE-2010-3564", "CVE-2013-0440", "CVE-2013-2443", "CVE-2010-3549", "CVE-2012-3422", "CVE-2013-2446", "CVE-2011-3556", "CVE-2012-0547", "CVE-2013-5829", "CVE-2010-3554", "CVE-2013-5803", "CVE-2012-5072", "CVE-2013-2450", "CVE-2013-2472", "CVE-2014-2423", "CVE-2010-4470", "CVE-2011-0822", "CVE-2011-3560", "CVE-2013-1493", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2010-4351", "CVE-2011-0864", "CVE-2013-2453", "CVE-2013-1557", "CVE-2013-2426", "CVE-2013-2455", "CVE-2013-2422", "CVE-2013-2383", "CVE-2013-0425", "CVE-2013-1484", "CVE-2011-3552", "CVE-2013-5774", "CVE-2012-1724", "CVE-2010-3567", "CVE-2010-3573", "CVE-2013-6629", "CVE-2012-5068", "CVE-2013-3829", "CVE-2013-0441", "CVE-2010-3548", "CVE-2011-0706", "CVE-2012-5979", "CVE-2012-0502", "CVE-2013-5783", "CVE-2010-4467", "CVE-2012-3423", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5790", "CVE-2014-2398", "CVE-2010-3568", "CVE-2014-0451", "CVE-2013-1569", "CVE-2013-2412", "CVE-2014-0452", "CVE-2011-0862", "CVE-2013-2445", "CVE-2013-2430", "CVE-2013-2460", "CVE-2013-5840", "CVE-2014-2414", "CVE-2010-3569", "CVE-2011-0871", "CVE-2013-2449", "CVE-2011-0872", "CVE-2012-5070", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310121235", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121235", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201406-32.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121235\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:27:30 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201406-32\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in the IcedTea JDK. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201406-32\");\n script_cve_id(\"CVE-2009-3555\", \"CVE-2010-2548\", \"CVE-2010-2783\", \"CVE-2010-3541\", \"CVE-2010-3548\", \"CVE-2010-3549\", \"CVE-2010-3551\", \"CVE-2010-3553\", \"CVE-2010-3554\", \"CVE-2010-3557\", \"CVE-2010-3561\", \"CVE-2010-3562\", \"CVE-2010-3564\", \"CVE-2010-3565\", \"CVE-2010-3566\", \"CVE-2010-3567\", \"CVE-2010-3568\", \"CVE-2010-3569\", \"CVE-2010-3573\", \"CVE-2010-3574\", \"CVE-2010-3860\", \"CVE-2010-4351\", \"CVE-2010-4448\", \"CVE-2010-4450\", \"CVE-2010-4465\", \"CVE-2010-4467\", \"CVE-2010-4469\", \"CVE-2010-4470\", \"CVE-2010-4471\", \"CVE-2010-4472\", \"CVE-2010-4476\", \"CVE-2011-0025\", \"CVE-2011-0706\", \"CVE-2011-0815\", \"CVE-2011-0822\", \"CVE-2011-0862\", \"CVE-2011-0864\", \"CVE-2011-0865\", \"CVE-2011-0868\", \"CVE-2011-0869\", \"CVE-2011-0870\", \"CVE-2011-0871\", \"CVE-2011-0872\", \"CVE-2011-3389\", \"CVE-2011-3521\", \"CVE-2011-3544\", \"CVE-2011-3547\", \"CVE-2011-3548\", \"CVE-2011-3551\", \"CVE-2011-3552\", \"CVE-2011-3553\", \"CVE-2011-3554\", \"CVE-2011-3556\", \"CVE-2011-3557\", \"CVE-2011-3558\", \"CVE-2011-3560\", \"CVE-2011-3563\", \"CVE-2011-3571\", \"CVE-2011-5035\", \"CVE-2012-0497\", \"CVE-2012-0501\", \"CVE-2012-0502\", \"CVE-2012-0503\", \"CVE-2012-0505\", \"CVE-2012-0506\", \"CVE-2012-0547\", \"CVE-2012-1711\", \"CVE-2012-1713\", \"CVE-2012-1716\", \"CVE-2012-1717\", \"CVE-2012-1718\", \"CVE-2012-1719\", \"CVE-2012-1723\", \"CVE-2012-1724\", \"CVE-2012-1725\", \"CVE-2012-1726\", \"CVE-2012-3216\", \"CVE-2012-3422\", \"CVE-2012-3423\", \"CVE-2012-4416\", \"CVE-2012-4540\", \"CVE-2012-5068\", \"CVE-2012-5069\", \"CVE-2012-5070\", \"CVE-2012-5071\", \"CVE-2012-5072\", \"CVE-2012-5073\", \"CVE-2012-5074\", \"CVE-2012-5075\", \"CVE-2012-5076\", \"CVE-2012-5077\", \"CVE-2012-5081\", \"CVE-2012-5084\", \"CVE-2012-5085\", \"CVE-2012-5086\", \"CVE-2012-5087\", \"CVE-2012-5089\", \"CVE-2012-5979\", \"CVE-2013-0169\", \"CVE-2013-0401\", \"CVE-2012-0424\", \"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\", \"CVE-2013-0428\", \"CVE-2013-0429\", \"CVE-2013-0431\", \"CVE-2013-0432\", \"CVE-2013-0433\", \"CVE-2013-0434\", \"CVE-2013-0435\", \"CVE-2013-0440\", \"CVE-2013-0441\", \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0444\", \"CVE-2013-0450\", \"CVE-2013-0809\", \"CVE-2013-1475\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\", \"CVE-2013-1484\", \"CVE-2013-1485\", \"CVE-2013-1486\", \"CVE-2013-1488\", \"CVE-2013-1493\", \"CVE-2013-1500\", \"CVE-2013-1518\", \"CVE-2013-1537\", \"CVE-2013-1557\", \"CVE-2013-1569\", \"CVE-2013-1571\", \"CVE-2013-2383\", \"CVE-2013-2384\", \"CVE-2013-2407\", \"CVE-2013-2412\", \"CVE-2013-2415\", \"CVE-2013-2417\", \"CVE-2013-2419\", \"CVE-2013-2420\", \"CVE-2013-2421\", \"CVE-2013-2422\", \"CVE-2013-2423\", \"CVE-2013-2424\", \"CVE-2013-2426\", \"CVE-2013-2429\", \"CVE-2013-2430\", \"CVE-2013-2431\", \"CVE-2013-2436\", \"CVE-2013-2443\", \"CVE-2013-2444\", \"CVE-2013-2445\", \"CVE-2013-2446\", \"CVE-2013-2447\", \"CVE-2013-2448\", \"CVE-2013-2449\", \"CVE-2013-2450\", \"CVE-2013-2451\", \"CVE-2013-2452\", \"CVE-2013-2453\", \"CVE-2013-2454\", \"CVE-2013-2455\", \"CVE-2013-2456\", \"CVE-2013-2457\", \"CVE-2013-2458\", \"CVE-2013-2459\", \"CVE-2013-2460\", \"CVE-2013-2461\", \"CVE-2013-2463\", \"CVE-2013-2465\", \"CVE-2013-2469\", \"CVE-2013-2470\", \"CVE-2013-2471\", \"CVE-2013-2472\", \"CVE-2013-2473\", \"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5800\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5805\", \"CVE-2013-5806\", \"CVE-2013-5809\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5849\", \"CVE-2013-5850\", \"CVE-2013-5851\", \"CVE-2013-6629\", \"CVE-2013-6954\", \"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0452\", \"CVE-2014-0453\", \"CVE-2014-0456\", \"CVE-2014-0457\", \"CVE-2014-0458\", \"CVE-2014-0459\", \"CVE-2014-0460\", \"CVE-2014-0461\", \"CVE-2014-1876\", \"CVE-2014-2397\", \"CVE-2014-2398\", \"CVE-2014-2403\", \"CVE-2014-2412\", \"CVE-2014-2414\", \"CVE-2014-2421\", \"CVE-2014-2423\", \"CVE-2014-2427\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201406-32\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"dev-java/icedtea-bin\", unaffected: make_list(\"ge 6.1.13.3\"), vulnerable: make_list(\"lt 6.1.13.3\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:51", "description": "The IcedTea-Web project provides a Java web browser plugin, an implementati on of Java Web Start (originally based on the Netx project) and a settings too l to manage deployment settings for the aforementioned plugin and Web Start implementations. ", "edition": 2, "cvss3": {}, "published": "2013-04-19T04:56:59", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: icedtea-web-1.3.2-0.fc17", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3422", "CVE-2012-3423", "CVE-2012-4540", "CVE-2013-1926", "CVE-2013-1927"], "modified": "2013-04-19T04:56:59", "id": "FEDORA:841ED27B00", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "description": "The IcedTea-Web project provides a Java web browser plugin, an implementati on of Java Web Start (originally based on the Netx project) and a settings too l to manage deployment settings for the aforementioned plugin and Web Start implementations. ", "edition": 2, "cvss3": {}, "published": "2012-09-25T06:19:09", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: icedtea-web-1.3-1.fc18", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3422", "CVE-2012-3423"], "modified": "2012-09-25T06:19:09", "id": "FEDORA:4D72321870", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "description": "The IcedTea-Web project provides a Java web browser plugin, an implementati on of Java Web Start (originally based on the Netx project) and a settings too l to manage deployment settings for the aforementioned plugin and Web Start implementations. ", "edition": 2, "cvss3": {}, "published": "2012-09-21T23:53:11", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: icedtea-web-1.3-1.fc17", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3422", "CVE-2012-3423"], "modified": "2012-09-21T23:53:11", "id": "FEDORA:15D842097C", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "description": "The IcedTea-Web project provides a Java web browser plugin, an implementati on of Java Web Start (originally based on the Netx project) and a settings too l to manage deployment settings for the aforementioned plugin and Web Start implementations. ", "edition": 2, "cvss3": {}, "published": "2012-09-21T23:56:26", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: icedtea-web-1.3-2.fc16", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3422", "CVE-2012-3423"], "modified": "2012-09-21T23:56:26", "id": "FEDORA:2BE0C236C7", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "description": "The IcedTea-Web project provides a Java web browser plugin, an implementati on of Java Web Start (originally based on the Netx project) and a settings too l to manage deployment settings for the aforementioned plugin and Web Start implementations. ", "edition": 2, "cvss3": {}, "published": "2013-04-18T02:48:19", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: icedtea-web-1.3.2-0.fc18", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1926", "CVE-2013-1927"], "modified": "2013-04-18T02:48:19", "id": "FEDORA:2C8212639F", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "description": "The IcedTea-Web project provides a Java web browser plugin, an implementati on of Java Web Start (originally based on the Netx project) and a settings too l to manage deployment settings for the aforementioned plugin and Web Start implementations. ", "edition": 2, "cvss3": {}, "published": "2013-04-25T14:16:11", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: icedtea-web-1.3.2-0.fc19", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1926", "CVE-2013-1927"], "modified": "2013-04-25T14:16:11", "id": "FEDORA:9E7EB210DC", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "description": "The IcedTea-Web project provides a Java web browser plugin, an implementati on of Java Web Start (originally based on the Netx project) and a settings too l to manage deployment settings for the aforementioned plugin and Web Start implementations. ", "edition": 2, "cvss3": {}, "published": "2012-11-11T02:30:23", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: icedtea-web-1.3.1-1.fc16", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3422", "CVE-2012-3423", "CVE-2012-4540"], "modified": "2012-11-11T02:30:23", "id": "FEDORA:5AFD220FF3", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "description": "The IcedTea-Web project provides a Java web browser plugin, an implementati on of Java Web Start (originally based on the Netx project) and a settings too l to manage deployment settings for the aforementioned plugin and Web Start implementations. ", "edition": 2, "cvss3": {}, "published": "2012-11-11T02:23:22", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: icedtea-web-1.3.1-1.fc17", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3422", "CVE-2012-3423", "CVE-2012-4540"], "modified": "2012-11-11T02:23:22", "id": "FEDORA:21E4420AE9", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "The IcedTea-Web project provides a Java web browser plugin, an implementati on of Java Web Start (originally based on the Netx project) and a settings too l to manage deployment settings for the aforementioned plugin and Web Start implementations. ", "edition": 2, "cvss3": {}, "published": "2013-10-04T01:58:51", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: icedtea-web-1.4.1-0.fc18", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4540", "CVE-2013-1926", "CVE-2013-1927", "CVE-2013-4349"], "modified": "2013-10-04T01:58:51", "id": "FEDORA:9DB5F21CA4", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2021-10-19T18:37:24", "description": "The IcedTea-Web project provides a Java web browser plug-in and an\nimplementation of Java Web Start, which is based on the Netx project. It\nalso contains a configuration tool for managing deployment settings for the\nplug-in and Web Start implementations.\n\nAn uninitialized pointer use flaw was found in the IcedTea-Web plug-in.\nVisiting a malicious web page could possibly cause a web browser using the\nIcedTea-Web plug-in to crash, disclose a portion of its memory, or execute\narbitrary code. (CVE-2012-3422)\n\nIt was discovered that the IcedTea-Web plug-in incorrectly assumed all\nstrings received from the browser were NUL terminated. When using the\nplug-in with a web browser that does not NUL terminate strings, visiting a\nweb page containing a Java applet could possibly cause the browser to\ncrash, disclose a portion of its memory, or execute arbitrary code.\n(CVE-2012-3423)\n\nRed Hat would like to thank Chamal De Silva for reporting the CVE-2012-3422\nissue.\n\nThis erratum also upgrades IcedTea-Web to version 1.2.1. Refer to the NEWS\nfile, linked to in the References, for further information.\n\nAll IcedTea-Web users should upgrade to these updated packages, which\nresolve these issues. Web browsers using the IcedTea-Web browser plug-in\nmust be restarted for this update to take effect.\n", "cvss3": {}, "published": "2012-07-31T00:00:00", "type": "redhat", "title": "(RHSA-2012:1132) Important: icedtea-web security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3422", "CVE-2012-3423"], "modified": "2018-06-06T16:24:12", "id": "RHSA-2012:1132", "href": "https://access.redhat.com/errata/RHSA-2012:1132", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T18:38:20", "description": "The IcedTea-Web project provides a Java web browser plug-in and an\nimplementation of Java Web Start, which is based on the Netx project. It\nalso contains a configuration tool for managing deployment settings for the\nplug-in and Web Start implementations.\n\nIt was discovered that the IcedTea-Web plug-in incorrectly used the same\nclass loader instance for applets with the same value of the codebase\nattribute, even when they originated from different domains. A malicious\napplet could use this flaw to gain information about and possibly\nmanipulate applets from different domains currently running in the browser.\n(CVE-2013-1926)\n\nThe IcedTea-Web plug-in did not properly check the format of the downloaded\nJava Archive (JAR) files. This could cause the plug-in to execute code\nhidden in a file in a different format, possibly allowing attackers to\nexecute code in the context of web sites that allow uploads of specific\nfile types, known as a GIFAR attack. (CVE-2013-1927)\n\nThe CVE-2013-1926 issue was discovered by Jiri Vanek of the Red Hat OpenJDK\nTeam, and CVE-2013-1927 was discovered by the Red Hat Security Response\nTeam.\n\nThis erratum also upgrades IcedTea-Web to version 1.2.3. Refer to the NEWS\nfile, linked to in the References, for further information.\n\nAll IcedTea-Web users should upgrade to these updated packages, which\nresolve these issues. Web browsers using the IcedTea-Web browser plug-in\nmust be restarted for this update to take effect.\n", "cvss3": {}, "published": "2013-04-17T00:00:00", "type": "redhat", "title": "(RHSA-2013:0753) Moderate: icedtea-web security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1926", "CVE-2013-1927"], "modified": "2018-06-06T16:24:22", "id": "RHSA-2013:0753", "href": "https://access.redhat.com/errata/RHSA-2013:0753", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:48", "description": "[1.2.1-1]\n- Updated to 1.2.1\n- Resolves: CVE-2012-3422\n- Resolves: CVE-2012-3423", "cvss3": {}, "published": "2012-07-31T00:00:00", "type": "oraclelinux", "title": "icedtea-web security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-3422", "CVE-2012-3423"], "modified": "2012-07-31T00:00:00", "id": "ELSA-2012-1132", "href": "http://linux.oracle.com/errata/ELSA-2012-1132.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:33", "description": "[1.2.3-2]\n- Added (temporally!) posttrans forcing creation of symlinks\n - should be removed next release\n- Resolves: rhbz#949094\n[1.2.3-1]\n- fixed postun - removal of alternatives for plugin restricted to\n (correct) removal process only\n- fixed date in changelog previous entry\n- Resolves: rhbz#949094\n[1.2.3-0]\n- Updated to latest ustream release of 1.2 branch - 1.2.3\n - Security Updates\n - CVE-2013-1927, RH884705 - fixed gifar vulnerability\n - CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path.\n - Common\n - PR1161: X509VariableTrustManager does not work correctly with OpenJDK7\n - Plugin\n - PR1157: Applets can hang browser after fatal exception\n- Removed upstreamed patch 0- icedtea-web-PR1161.patch\n- Resolves: rhbz#949094", "cvss3": {}, "published": "2013-04-17T00:00:00", "type": "oraclelinux", "title": "icedtea-web security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2013-1926", "CVE-2013-1927"], "modified": "2013-04-17T00:00:00", "id": "ELSA-2013-0753", "href": "http://linux.oracle.com/errata/ELSA-2013-0753.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2022-01-19T16:03:49", "description": "\n\nThe IcedTea project team reports:\n\nCVE-2012-3422: Use of uninitialized instance pointers\nAn uninitialized pointer use flaw was found in IcedTea-Web web\n\t browser plugin. A malicious web page could use this flaw make\n\t IcedTea-Web browser plugin pass invalid pointer to a web browser.\n\t Depending on the browser used, it may cause the browser to crash\n\t or possibly execute arbitrary code.\nThe get_cookie_info() and get_proxy_info() call\n\t getFirstInTableInstance() with the instance_to_id_map hash as\n\t a parameter. If instance_to_id_map is empty (which can happen\n\t when plugin was recently removed), getFirstInTableInstance()\n\t returns an uninitialized pointer.\n\n\nCVE-2012-3423: Incorrect handling of non 0-terminated strings\nIt was discovered that the IcedTea-Web web browser plugin\n\t incorrectly assumed that all strings provided by browser are NUL\n\t terminated, which is not guaranteed by the NPAPI (Netscape Plugin\n\t Application Programming Interface). When used in a browser that\n\t does not NUL terminate NPVariant NPStrings, this could lead to\n\t buffer over-read or over-write, resulting in possible information\n\t leak, crash, or code execution.\nMozilla browsers currently NUL terminate strings, however recent\n\t Chrome versions are known not to provide NUL terminated data.\n\n\n", "cvss3": {}, "published": "2012-07-31T00:00:00", "type": "freebsd", "title": "Several vulnerabilities found in IcedTea-Web", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3422", "CVE-2012-3423"], "modified": "2012-07-31T00:00:00", "id": "55B498E2-E56C-11E1-BBD5-001C25E46B1D", "href": "https://vuxml.freebsd.org/freebsd/55b498e2-e56c-11e1-bbd5-001c25e46b1d.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2022-01-04T13:03:59", "description": "Chamal De Silva discovered that the IcedTea-Web Java web browser \nplugin could dereference an uninitialized pointer. A remote attacker \ncould use this to craft a malicious web page that could cause a \ndenial of service by crashing the web browser or possibly execute \narbitrary code. (CVE-2012-3422)\n\nSteven Bergom and others discovered that the IcedTea-Web Java web \nbrowser plugin assumed that all strings provided by browsers are NULL \nterminated, which is not guaranteed by the NPAPI (Netscape Plugin \nApplication Programming Interface). A remote attacker could use this \nto craft a malicious Java applet that could cause a denial of service \nby crashing the web browser, expose sensitive information or possibly \nexecute arbitrary code. (CVE-2012-3423)\n", "cvss3": {}, "published": "2012-07-31T00:00:00", "type": "ubuntu", "title": "IcedTea-Web vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3423", "CVE-2012-3422"], "modified": "2012-07-31T00:00:00", "id": "USN-1521-1", "href": "https://ubuntu.com/security/notices/USN-1521-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-04T12:58:25", "description": "Jiri Vanek discovered that IcedTea-Web would use the same classloader for \napplets from different domains. A remote attacker could exploit this to \nexpose sensitive information or potentially manipulate applets from other \ndomains. (CVE-2013-1926)\n\nIt was discovered that IcedTea-Web did not properly verify JAR files and \nwas susceptible to the GIFAR attack. If a user were tricked into opening a \nmalicious website, a remote attacker could potentially exploit this to \nexecute code under certain circumstances. (CVE-2013-1927)\n", "cvss3": {}, "published": "2013-04-18T00:00:00", "type": "ubuntu", "title": "IcedTea-Web vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1926", "CVE-2013-1927"], "modified": "2013-04-18T00:00:00", "id": "USN-1804-1", "href": "https://ubuntu.com/security/notices/USN-1804-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-04T12:58:21", "description": "USN-1804-1 fixed vulnerabilities in IcedTea-Web. This update introduced \na regression with the Java Network Launching Protocol (JNLP) when fetching \ncontent over SSL under certain configurations, such as when using the \ncommunity-supported IcedTead 7 browser plugin. This update fixes the \nproblem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nJiri Vanek discovered that IcedTea-Web would use the same classloader for \napplets from different domains. A remote attacker could exploit this to \nexpose sensitive information or potentially manipulate applets from other \ndomains. (CVE-2013-1926)\n\nIt was discovered that IcedTea-Web did not properly verify JAR files and \nwas susceptible to the GIFAR attack. If a user were tricked into opening a \nmalicious website, a remote attacker could potentially exploit this to \nexecute code under certain circumstances. (CVE-2013-1927)\n", "cvss3": {}, "published": "2013-04-23T00:00:00", "type": "ubuntu", "title": "IcedTea-Web regression", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1926", "CVE-2013-1927"], "modified": "2013-04-23T00:00:00", "id": "USN-1804-2", "href": "https://ubuntu.com/security/notices/USN-1804-2", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2022-02-27T11:55:35", "description": "**CentOS Errata and Security Advisory** CESA-2012:1132\n\n\nThe IcedTea-Web project provides a Java web browser plug-in and an\nimplementation of Java Web Start, which is based on the Netx project. It\nalso contains a configuration tool for managing deployment settings for the\nplug-in and Web Start implementations.\n\nAn uninitialized pointer use flaw was found in the IcedTea-Web plug-in.\nVisiting a malicious web page could possibly cause a web browser using the\nIcedTea-Web plug-in to crash, disclose a portion of its memory, or execute\narbitrary code. (CVE-2012-3422)\n\nIt was discovered that the IcedTea-Web plug-in incorrectly assumed all\nstrings received from the browser were NUL terminated. When using the\nplug-in with a web browser that does not NUL terminate strings, visiting a\nweb page containing a Java applet could possibly cause the browser to\ncrash, disclose a portion of its memory, or execute arbitrary code.\n(CVE-2012-3423)\n\nRed Hat would like to thank Chamal De Silva for reporting the CVE-2012-3422\nissue.\n\nThis erratum also upgrades IcedTea-Web to version 1.2.1. Refer to the NEWS\nfile, linked to in the References, for further information.\n\nAll IcedTea-Web users should upgrade to these updated packages, which\nresolve these issues. Web browsers using the IcedTea-Web browser plug-in\nmust be restarted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2012-July/055697.html\n\n**Affected packages:**\nicedtea-web\nicedtea-web-javadoc\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2012:1132", "cvss3": {}, "published": "2012-07-31T23:18:48", "type": "centos", "title": "icedtea security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3422", "CVE-2012-3423"], "modified": "2012-07-31T23:18:48", "id": "CESA-2012:1132", "href": "https://lists.centos.org/pipermail/centos-announce/2012-July/055697.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-27T11:54:36", "description": "**CentOS Errata and Security Advisory** CESA-2013:0753\n\n\nThe IcedTea-Web project provides a Java web browser plug-in and an\nimplementation of Java Web Start, which is based on the Netx project. It\nalso contains a configuration tool for managing deployment settings for the\nplug-in and Web Start implementations.\n\nIt was discovered that the IcedTea-Web plug-in incorrectly used the same\nclass loader instance for applets with the same value of the codebase\nattribute, even when they originated from different domains. A malicious\napplet could use this flaw to gain information about and possibly\nmanipulate applets from different domains currently running in the browser.\n(CVE-2013-1926)\n\nThe IcedTea-Web plug-in did not properly check the format of the downloaded\nJava Archive (JAR) files. This could cause the plug-in to execute code\nhidden in a file in a different format, possibly allowing attackers to\nexecute code in the context of web sites that allow uploads of specific\nfile types, known as a GIFAR attack. (CVE-2013-1927)\n\nThe CVE-2013-1926 issue was discovered by Jiri Vanek of the Red Hat OpenJDK\nTeam, and CVE-2013-1927 was discovered by the Red Hat Security Response\nTeam.\n\nThis erratum also upgrades IcedTea-Web to version 1.2.3. Refer to the NEWS\nfile, linked to in the References, for further information.\n\nAll IcedTea-Web users should upgrade to these updated packages, which\nresolve these issues. Web browsers using the IcedTea-Web browser plug-in\nmust be restarted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2013-April/056613.html\n\n**Affected packages:**\nicedtea-web\nicedtea-web-javadoc\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2013:0753", "cvss3": {}, "published": "2013-04-17T22:33:18", "type": "centos", "title": "icedtea security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1926", "CVE-2013-1927"], "modified": "2013-04-17T22:33:18", "id": "CESA-2013:0753", "href": "https://lists.centos.org/pipermail/centos-announce/2013-April/056613.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:47", "description": "\r\n\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-1804-1\r\nApril 18, 2013\r\n\r\nicedtea-web vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 12.10\r\n- Ubuntu 12.04 LTS\r\n- Ubuntu 11.10\r\n- Ubuntu 10.04 LTS\r\n\r\nSummary:\r\n\r\nTwo security issues were fixed in IcedTea-Web.\r\n\r\nSoftware Description:\r\n- icedtea-web: A web browser plugin to execute Java applets\r\n\r\nDetails:\r\n\r\nJiri Vanek discovered that IcedTea-Web would use the same classloader for\r\napplets from different domains. A remote attacker could exploit this to\r\nexpose sensitive information or potentially manipulate applets from other\r\ndomains. (CVE-2013-1926)\r\n\r\nIt was discovered that IcedTea-Web did not properly verify JAR files and\r\nwas susceptible to the GIFAR attack. If a user were tricked into opening a\r\nmalicious website, a remote attacker could potentially exploit this to\r\nexecute code under certain circumstances. (CVE-2013-1927)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 12.10:\r\n icedtea-netx 1.3.2-1ubuntu0.12.10.1\r\n\r\nUbuntu 12.04 LTS:\r\n icedtea-netx 1.2.3-0ubuntu0.12.04.1\r\n\r\nUbuntu 11.10:\r\n icedtea-netx 1.2.3-0ubuntu0.11.10.1\r\n\r\nUbuntu 10.04 LTS:\r\n icedtea-netx 1.2.3-0ubuntu0.10.04.1\r\n\r\nAfter a standard system update you need to restart your browser to make\r\nall the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1804-1\r\n CVE-2013-1926, CVE-2013-1927\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/icedtea-web/1.3.2-1ubuntu0.12.10.1\r\n https://launchpad.net/ubuntu/+source/icedtea-web/1.2.3-0ubuntu0.12.04.1\r\n https://launchpad.net/ubuntu/+source/icedtea-web/1.2.3-0ubuntu0.11.10.1\r\n https://launchpad.net/ubuntu/+source/icedtea-web/1.2.3-0ubuntu0.10.04.1\r\n\r\n\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n", "edition": 1, "cvss3": {}, "published": "2013-04-22T00:00:00", "title": "[USN-1804-1] IcedTea-Web vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2013-1926", "CVE-2013-1927"], "modified": "2013-04-22T00:00:00", "id": "SECURITYVULNS:DOC:29259", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29259", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:51", "description": "Crossdomain access, code execution.", "edition": 1, "cvss3": {}, "published": "2013-04-22T00:00:00", "title": "IcedTea-Web security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2013-1926", "CVE-2013-1927"], "modified": "2013-04-22T00:00:00", "id": "SECURITYVULNS:VULN:13018", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13018", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:55:07", "description": "The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant\nNPStrings without NUL terminators, which allows remote attackers to cause a\ndenial of service (crash), obtain sensitive information from memory, or\nexecute arbitrary code via a crafted Java applet.\n\n#### Bugs\n\n * <http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=518>\n * <http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=863>\n", "cvss3": {}, "published": "2012-07-31T00:00:00", "type": "ubuntucve", "title": "CVE-2012-3423", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3423"], "modified": "2012-07-31T00:00:00", "id": "UB:CVE-2012-3423", "href": "https://ubuntu.com/security/CVE-2012-3423", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-22T21:55:07", "description": "The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1\nreturns an uninitialized pointer when the instance_to_id_map hash is empty,\nwhich allows remote attackers to cause a denial of service (crash) and\npossibly execute arbitrary code via a crafted web page, which causes an\nuninitialized memory location to be read.", "cvss3": {}, "published": "2012-07-31T00:00:00", "type": "ubuntucve", "title": "CVE-2012-3422", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3422"], "modified": "2012-07-31T00:00:00", "id": "UB:CVE-2012-3422", "href": "https://ubuntu.com/security/CVE-2012-3422", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-22T21:53:41", "description": "The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same\nclass loader for applets with the same codebase path but from different\ndomains, which allows remote attackers to obtain sensitive information or\npossibly alter other applets via a crafted applet.\n\n#### Bugs\n\n * <https://bugzilla.redhat.com/show_bug.cgi?id=916774>\n", "cvss3": {}, "published": "2013-04-17T00:00:00", "type": "ubuntucve", "title": "CVE-2013-1926", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1926"], "modified": "2013-04-17T00:00:00", "id": "UB:CVE-2013-1926", "href": "https://ubuntu.com/security/CVE-2013-1926", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-11-22T21:53:41", "description": "The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote\nattackers to execute arbitrary code via a crafted file that validates as\nboth a GIF and a Java JAR file, aka \"GIFAR.\"\n\n#### Bugs\n\n * <https://bugzilla.redhat.com/show_bug.cgi?id=884705>\n", "cvss3": {}, "published": "2013-04-17T00:00:00", "type": "ubuntucve", "title": "CVE-2013-1927", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1927"], "modified": "2013-04-17T00:00:00", "id": "UB:CVE-2013-1927", "href": "https://ubuntu.com/security/CVE-2013-1927", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T12:36:43", "description": "The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet.", "cvss3": {}, "published": "2012-08-07T21:55:00", "type": "cve", "title": "CVE-2012-3423", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3423"], "modified": "2014-10-04T04:53:00", "cpe": ["cpe:/a:redhat:icedtea-web:1.2", "cpe:/a:redhat:icedtea-web:1.1", "cpe:/a:redhat:icedtea-web:1.0"], "id": "CVE-2012-3423", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3423", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:redhat:icedtea-web:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea-web:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea-web:1.2:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:36:43", "description": "The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted web page, which causes an uninitialized memory location to be read.", "cvss3": {}, "published": "2012-08-07T21:55:00", "type": "cve", "title": "CVE-2012-3422", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3422"], "modified": "2014-10-04T04:53:00", "cpe": ["cpe:/a:redhat:icedtea-web:1.2", "cpe:/a:redhat:icedtea-web:1.1", "cpe:/a:redhat:icedtea-web:1.0"], "id": "CVE-2012-3422", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3422", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:redhat:icedtea-web:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea-web:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea-web:1.2:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:23:00", "description": "The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet.", "cvss3": {}, "published": "2013-04-29T22:55:00", "type": "cve", "title": "CVE-2013-1926", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1926"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/a:redhat:icedtea-web:1.0.5", "cpe:/a:redhat:icedtea-web:1.0.1", "cpe:/a:redhat:icedtea-web:1.0.4", "cpe:/a:redhat:icedtea-web:1.3.1", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/a:redhat:icedtea-web:1.0.2", "cpe:/a:redhat:icedtea-web:1.1.1", "cpe:/a:redhat:icedtea-web:1.0.3", "cpe:/a:redhat:icedtea-web:1.2.2", "cpe:/a:redhat:icedtea-web:1.1.4", "cpe:/o:opensuse:opensuse:12.2", "cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:10.04", "cpe:/a:redhat:icedtea-web:1.3", "cpe:/a:redhat:icedtea-web:1.2.1", "cpe:/a:redhat:icedtea-web:1.1.5", "cpe:/a:redhat:icedtea-web:1.1.2", "cpe:/a:redhat:icedtea-web:1.1.7", "cpe:/a:redhat:icedtea-web:1.0", "cpe:/a:redhat:icedtea-web:1.0.6", "cpe:/a:redhat:icedtea-web:1.1", "cpe:/a:redhat:icedtea-web:1.1.6", "cpe:/a:redhat:icedtea-web:1.1.3", "cpe:/a:redhat:icedtea-web:1.2"], "id": "CVE-2013-1926", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1926", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:redhat:icedtea-web:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea-web:1.2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea-web:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea-web:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea-web:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea-web:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea-web:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea-web:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea-web:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea-web:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea-web:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea-web:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea-web:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea-web:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea-web:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea-web:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea-web:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea-web:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea-web:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea-web:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:23:01", "description": "The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka \"GIFAR.\"", "cvss3": {}, "published": "2013-04-29T22:55:00", "type": "cve", "title": "CVE-2013-1927", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1927"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/a:redhat:icedtea-web:1.3.1", "cpe:/a:redhat:icedtea-web:1.0.4", "cpe:/a:redhat:icedtea-web:1.0.5", "cpe:/a:redhat:icedtea-web:1.0.1", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/a:redhat:icedtea-web:1.0.2", "cpe:/a:redhat:icedtea-web:1.1.1", "cpe:/a:redhat:icedtea-web:1.0.3", "cpe:/a:redhat:icedtea-web:1.2.2", "cpe:/a:redhat:icedtea-web:1.1.4", "cpe:/o:opensuse:opensuse:12.2", "cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:10.04", "cpe:/a:redhat:icedtea-web:1.3", "cpe:/a:redhat:icedtea-web:1.2.1", "cpe:/a:redhat:icedtea-web:1.1.5", "cpe:/a:redhat:icedtea-web:1.1.2", "cpe:/a:redhat:icedtea-web:1.1.7", "cpe:/a:redhat:icedtea-web:1.0", "cpe:/a:redhat:icedtea-web:1.0.6", "cpe:/a:redhat:icedtea-web:1.1", "cpe:/a:redhat:icedtea-web:1.1.3", "cpe:/a:redhat:icedtea-web:1.1.6", "cpe:/a:redhat:icedtea-web:1.2"], "id": "CVE-2013-1927", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1927", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:redhat:icedtea-web:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea-web:1.2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea-web:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea-web:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea-web:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea-web:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea-web:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea-web:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea-web:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea-web:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea-web:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea-web:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea-web:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea-web:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea-web:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea-web:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea-web:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea-web:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea-web:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:icedtea-web:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*"]}], "debiancve": [{"lastseen": "2022-05-10T07:42:06", "description": "The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet.", "cvss3": {}, "published": "2012-08-07T21:55:00", "type": "debiancve", "title": "CVE-2012-3423", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3423"], "modified": "2012-08-07T21:55:00", "id": "DEBIANCVE:CVE-2012-3423", "href": "https://security-tracker.debian.org/tracker/CVE-2012-3423", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-10T07:42:06", "description": "The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted web page, which causes an uninitialized memory location to be read.", "cvss3": {}, "published": "2012-08-07T21:55:00", "type": "debiancve", "title": "CVE-2012-3422", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3422"], "modified": "2012-08-07T21:55:00", "id": "DEBIANCVE:CVE-2012-3422", "href": "https://security-tracker.debian.org/tracker/CVE-2012-3422", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-10T07:42:06", "description": "The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet.", "cvss3": {}, "published": "2013-04-29T22:55:00", "type": "debiancve", "title": "CVE-2013-1926", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1926"], "modified": "2013-04-29T22:55:00", "id": "DEBIANCVE:CVE-2013-1926", "href": "https://security-tracker.debian.org/tracker/CVE-2013-1926", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-05-10T07:42:06", "description": "The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka \"GIFAR.\"", "cvss3": {}, "published": "2013-04-29T22:55:00", "type": "debiancve", "title": "CVE-2013-1927", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1927"], "modified": "2013-04-29T22:55:00", "id": "DEBIANCVE:CVE-2013-1927", "href": "https://security-tracker.debian.org/tracker/CVE-2013-1927", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T19:08:21", "description": "### Background\n\nIcedTea is a distribution of the Java OpenJDK source code built with free build tools. \n\n### Description\n\nMultiple vulnerabilities have been discovered in the IcedTea JDK. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, bypass intended security policies, or have other unspecified impact. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll IcedTea JDK users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-java/icedtea-bin-6.1.13.3\"", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2014-06-29T00:00:00", "type": "gentoo", "title": "IcedTea JDK: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3555", "CVE-2010-2548", "CVE-2010-2783", "CVE-2010-3541", "CVE-2010-3548", "CVE-2010-3549", "CVE-2010-3551", "CVE-2010-3553", "CVE-2010-3554", "CVE-2010-3557", "CVE-2010-3561", "CVE-2010-3562", "CVE-2010-3564", "CVE-2010-3565", "CVE-2010-3566", "CVE-2010-3567", "CVE-2010-3568", "CVE-2010-3569", "CVE-2010-3573", "CVE-2010-3574", "CVE-2010-3860", "CVE-2010-4351", "CVE-2010-4448", "CVE-2010-4450", "CVE-2010-4465", "CVE-2010-4467", "CVE-2010-4469", "CVE-2010-4470", "CVE-2010-4471", "CVE-2010-4472", "CVE-2010-4476", "CVE-2011-0025", "CVE-2011-0706", "CVE-2011-0815", "CVE-2011-0822", "CVE-2011-0862", "CVE-2011-0864", "CVE-2011-0865", "CVE-2011-0868", "CVE-2011-0869", "CVE-2011-0870", "CVE-2011-0871", "CVE-2011-0872", "CVE-2011-3389", "CVE-2011-3521", "CVE-2011-3544", "CVE-2011-3547", "CVE-2011-3548", "CVE-2011-3551", "CVE-2011-3552", "CVE-2011-3553", "CVE-2011-3554", "CVE-2011-3556", "CVE-2011-3557", "CVE-2011-3558", "CVE-2011-3560", "CVE-2011-3563", "CVE-2011-3571", "CVE-2011-5035", "CVE-2012-0424", "CVE-2012-0497", "CVE-2012-0501", "CVE-2012-0502", "CVE-2012-0503", "CVE-2012-0505", "CVE-2012-0506", "CVE-2012-0547", "CVE-2012-1711", "CVE-2012-1713", "CVE-2012-1716", "CVE-2012-1717", "CVE-2012-1718", "CVE-2012-1719", "CVE-2012-1723", "CVE-2012-1724", "CVE-2012-1725", "CVE-2012-1726", "CVE-2012-3216", "CVE-2012-3422", "CVE-2012-3423", "CVE-2012-4416", "CVE-2012-4540", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5070", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5074", "CVE-2012-5075", "CVE-2012-5076", "CVE-2012-5077", "CVE-2012-5081", "CVE-2012-5084", "CVE-2012-5085", "CVE-2012-5086", "CVE-2012-5087", "CVE-2012-5089", "CVE-2012-5979", "CVE-2013-0169", "CVE-2013-0401", "CVE-2013-0424", "CVE-2013-0425", "CVE-2013-0426", "CVE-2013-0427", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-0431", "CVE-2013-0432", "CVE-2013-0433", "CVE-2013-0434", "CVE-2013-0435", "CVE-2013-0440", "CVE-2013-0441", "CVE-2013-0442", "CVE-2013-0443", "CVE-2013-0444", "CVE-2013-0450", "CVE-2013-0809", "CVE-2013-1475", "CVE-2013-1476", "CVE-2013-1478", "CVE-2013-1480", "CVE-2013-1484", "CVE-2013-1485", "CVE-2013-1486", "CVE-2013-1488", "CVE-2013-1493", "CVE-2013-1500", "CVE-2013-1518", "CVE-2013-1537", "CVE-2013-1557", "CVE-2013-1569", "CVE-2013-1571", "CVE-2013-2383", "CVE-2013-2384", "CVE-2013-2407", "CVE-2013-2412", "CVE-2013-2415", "CVE-2013-2417", "CVE-2013-2419", "CVE-2013-2420", "CVE-2013-2421", "CVE-2013-2422", "CVE-2013-2423", "CVE-2013-2424", "CVE-2013-2426", "CVE-2013-2429", "CVE-2013-2430", "CVE-2013-2431", "CVE-2013-2436", "CVE-2013-2443", "CVE-2013-2444", "CVE-2013-2445", "CVE-2013-2446", "CVE-2013-2447", "CVE-2013-2448", "CVE-2013-2449", "CVE-2013-2450", "CVE-2013-2451", "CVE-2013-2452", "CVE-2013-2453", "CVE-2013-2454", "CVE-2013-2455", "CVE-2013-2456", "CVE-2013-2457", "CVE-2013-2458", "CVE-2013-2459", "CVE-2013-2460", "CVE-2013-2461", "CVE-2013-2463", "CVE-2013-2465", "CVE-2013-2469", "CVE-2013-2470", "CVE-2013-2471", "CVE-2013-2472", "CVE-2013-2473", "CVE-2013-3829", "CVE-2013-4002", "CVE-2013-5772", "CVE-2013-5774", "CVE-2013-5778", "CVE-2013-5780", "CVE-2013-5782", "CVE-2013-5783", "CVE-2013-5784", "CVE-2013-5790", "CVE-2013-5797", "CVE-2013-5800", "CVE-2013-5802", "CVE-2013-5803", "CVE-2013-5804", "CVE-2013-5805", "CVE-2013-5806", "CVE-2013-5809", "CVE-2013-5814", "CVE-2013-5817", "CVE-2013-5820", "CVE-2013-5823", "CVE-2013-5825", "CVE-2013-5829", "CVE-2013-5830", "CVE-2013-5840", "CVE-2013-5842", "CVE-2013-5849", "CVE-2013-5850", "CVE-2013-5851", "CVE-2013-6629", "CVE-2013-6954", "CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-0453", "CVE-2014-0456", "CVE-2014-0457", "CVE-2014-0458", "CVE-2014-0459", "CVE-2014-0460", "CVE-2014-0461", "CVE-2014-1876", "CVE-2014-2397", "CVE-2014-2398", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2414", "CVE-2014-2421", "CVE-2014-2423", "CVE-2014-2427"], "modified": "2016-04-19T00:00:00", "id": "GLSA-201406-32", "href": "https://security.gentoo.org/glsa/201406-32", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
